Merge branch 'tenant-improve' into 'tenant-improve'

Add tenant create API

See merge request entgra/carbon-device-mgt!601
revert-70ac1926
Inosh Perara 4 years ago
commit 213fb2c566

@ -182,6 +182,15 @@ public class AuthenticationHandler extends AbstractHandler {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Verify response:" + response.getContent()); log.debug("Verify response:" + response.getContent());
} }
} else if (headers.containsKey(AuthConstants.ONE_TIME_TOKEN_HEADER)) {
String token = headers.get(AuthConstants.ONE_TIME_TOKEN_HEADER);
//TODO: validate token service. Since this is getting validated in the valve,
// this may not even be necessery
// if (log.isDebugEnabled()) {
// log.debug("One time time :" + token + ", status : " + );
// }
return true;
} else { } else {
log.warn("Unauthorized request for api: " + ctxPath); log.warn("Unauthorized request for api: " + ctxPath);
return false; return false;

@ -24,6 +24,7 @@ public class AuthConstants {
public static final String MDM_SIGNATURE = "mdm-signature"; public static final String MDM_SIGNATURE = "mdm-signature";
public static final String PROXY_MUTUAL_AUTH_HEADER = "proxy-mutual-auth-header"; public static final String PROXY_MUTUAL_AUTH_HEADER = "proxy-mutual-auth-header";
public static final String MUTUAL_AUTH_HEADER = "mutual-auth-header"; public static final String MUTUAL_AUTH_HEADER = "mutual-auth-header";
public static final String ONE_TIME_TOKEN_HEADER = "one-time-token";
public static final String ENCODED_PEM = "encoded-pem"; public static final String ENCODED_PEM = "encoded-pem";
public static final String CALLBACK_URL = ""; public static final String CALLBACK_URL = "";
public static final String CLIENT_NAME = "IOT-API-MANAGER"; public static final String CLIENT_NAME = "IOT-API-MANAGER";

@ -273,5 +273,9 @@
</exclusion> </exclusion>
</exclusions> </exclusions>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon.multitenancy</groupId>
<artifactId>org.wso2.carbon.tenant.mgt</artifactId>
</dependency>
</dependencies> </dependencies>
</project> </project>

@ -24,6 +24,7 @@ import com.fasterxml.jackson.databind.ObjectMapper;
import io.entgra.carbon.device.mgt.config.jaxrs.beans.ErrorResponse; import io.entgra.carbon.device.mgt.config.jaxrs.beans.ErrorResponse;
import io.entgra.carbon.device.mgt.config.jaxrs.service.DeviceManagementConfigService; import io.entgra.carbon.device.mgt.config.jaxrs.service.DeviceManagementConfigService;
import io.entgra.carbon.device.mgt.config.jaxrs.util.DeviceMgtAPIUtils; import io.entgra.carbon.device.mgt.config.jaxrs.util.DeviceMgtAPIUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.base.MultitenantConstants;
@ -35,6 +36,7 @@ import org.wso2.carbon.device.mgt.common.configuration.mgt.AmbiguousConfiguratio
import org.wso2.carbon.device.mgt.common.configuration.mgt.DeviceConfiguration; import org.wso2.carbon.device.mgt.common.configuration.mgt.DeviceConfiguration;
import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException; import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException;
import org.wso2.carbon.device.mgt.common.exceptions.DeviceNotFoundException; import org.wso2.carbon.device.mgt.common.exceptions.DeviceNotFoundException;
import org.wso2.carbon.device.mgt.common.general.OneTimeTokenDetails;
import org.wso2.carbon.device.mgt.common.general.TenantDetail; import org.wso2.carbon.device.mgt.common.general.TenantDetail;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
@ -48,22 +50,29 @@ import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.device.mgt.core.util.DeviceManagerUtil; import org.wso2.carbon.device.mgt.core.util.DeviceManagerUtil;
import org.wso2.carbon.identity.jwt.client.extension.dto.AccessTokenInfo; import org.wso2.carbon.identity.jwt.client.extension.dto.AccessTokenInfo;
import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException; import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException;
import org.wso2.carbon.stratos.common.beans.TenantInfoBean;
import org.wso2.carbon.tenant.mgt.services.TenantMgtAdminService;
import org.wso2.carbon.user.api.Tenant; import org.wso2.carbon.user.api.Tenant;
import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
import javax.validation.constraints.Size;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.GET; import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam; import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST; import javax.ws.rs.POST;
import javax.ws.rs.PUT; import javax.ws.rs.PUT;
import javax.ws.rs.Path; import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam; import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -270,6 +279,87 @@ public class DeviceManagementConfigServiceImpl implements DeviceManagementConfig
return tenantDetail; return tenantDetail;
} }
/**
* This API will add a tenant to the system and can be called by the super tenant only.
* @return Returns the
*/
@Path("/tenant")
@POST
@Produces(MediaType.APPLICATION_JSON)
public Response addTenant(@HeaderParam("one-time-token") String token) {
TenantMgtAdminService tenantMgtAdminService = null;
OneTimeTokenDetails tenantWrapper = null;
// Request validation
String errorMsg = null;
Response.Status errorStatus = Response.Status.BAD_REQUEST;
if (StringUtils.isEmpty(token)) {
errorMsg = "Authentication failure when creating tenant";
} else {
tenantWrapper = new OneTimeTokenDetails(); //TODO: Call one time token validation API
if (tenantWrapper == null) {
errorMsg = "One time token is not present in the database";
} else {
try {
tenantMgtAdminService = new TenantMgtAdminService();
if (tenantMgtAdminService == null) {
errorMsg = "Request can only be made by super admin";
errorStatus = Response.Status.INTERNAL_SERVER_ERROR;
} else {
TenantInfoBean[] tenant = tenantMgtAdminService.retrievePartialSearchTenants(tenantWrapper.getDomain());
if (!PrivilegedCarbonContext.getThreadLocalCarbonContext()
.getTenantDomain().equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
errorMsg = "Request can only be made by super admin";
} else if (tenant != null && tenant.length > 0) {
for (TenantInfoBean tenantInfoBean : tenant) {
if (tenantInfoBean.getTenantDomain().equals(tenantWrapper.getDomain())) {
errorMsg = "Tenant domain is already in use";
break;
}
}
}
}
} catch (Exception e) { // Carbon multi-tenancy is throwing generic exceptions.
errorMsg = "Could not create tenant domain " + tenantWrapper.getDomain();
errorStatus = Response.Status.INTERNAL_SERVER_ERROR;
}
}
}
if (errorMsg != null) {
log.error(errorMsg);
return Response.status(errorStatus).entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(errorMsg).build()
).build();
}
try {
TenantInfoBean tenantInfoBean = new TenantInfoBean();
tenantInfoBean.setActive(true);
tenantInfoBean.setAdminPassword(tenantWrapper.getPassword());
tenantInfoBean.setAdmin(tenantWrapper.getAdminName());
tenantInfoBean.setFirstname(tenantWrapper.getAdminFirstName());
tenantInfoBean.setLastname(tenantWrapper.getAdminLastName());
tenantInfoBean.setEmail(tenantWrapper.getEmail());
Calendar calendar = new GregorianCalendar();
calendar.setTime(new Date());
tenantInfoBean.setCreatedDate(calendar);
tenantInfoBean.setTenantDomain(tenantWrapper.getDomain());
String response = tenantMgtAdminService.addTenant(tenantInfoBean);
return Response.status(Response.Status.OK).entity(response).build();
} catch (Exception e) { // The underlying API is throwing a generic exception.
String msg = "Error while adding tenant";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}
@POST @POST
@Path("/permissions") @Path("/permissions")
@Produces({MediaType.APPLICATION_JSON}) @Produces({MediaType.APPLICATION_JSON})

@ -49,7 +49,8 @@
<param-name>nonSecuredEndPoints</param-name> <param-name>nonSecuredEndPoints</param-name>
<param-value> <param-value>
/api/device-mgt-config/v1.0/configurations, /api/device-mgt-config/v1.0/configurations,
/api/device-mgt-config/v1.0/configurations/ui-config /api/device-mgt-config/v1.0/configurations/ui-config,
/api/device-mgt-config/v1.0/tenant
</param-value> </param-value>
</context-param> </context-param>

@ -31,6 +31,7 @@ public final class Constants {
public static final String HEADER_HTTP_ACCEPT = "Accept"; public static final String HEADER_HTTP_ACCEPT = "Accept";
public static final String HEADER_HTTP_AUTHORIZATION = "Authorization"; public static final String HEADER_HTTP_AUTHORIZATION = "Authorization";
public static final String ONE_TIME_TOKEN_HEADER = "one-time-token";
} }
public static final class ContentTypes { public static final class ContentTypes {

@ -0,0 +1,93 @@
/*
* Copyright (c) 2020, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.webapp.authenticator.framework.authenticator;
import org.apache.catalina.connector.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.wso2.carbon.device.mgt.common.general.OneTimeTokenDetails;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
import org.wso2.carbon.webapp.authenticator.framework.Constants;
import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidationResponse;
import java.util.Properties;
import java.util.StringTokenizer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class OneTimeTokenAuthenticator implements WebappAuthenticator {
private static final Log log = LogFactory.getLog(OneTimeTokenAuthenticator.class);
@Override
public void init() {
}
public boolean canHandle(org.apache.catalina.connector.Request request) {
return request.getHeader(Constants.HTTPHeaders.ONE_TIME_TOKEN_HEADER) != null;
}
public AuthenticationInfo authenticate(org.apache.catalina.connector.Request request, Response response) {
String token = request.getHeader(Constants.HTTPHeaders.ONE_TIME_TOKEN_HEADER);
// DeviceMgtAPIUtils.getDeviceManagementService();//TODO: call token validate service in core
OneTimeTokenDetails tokenDetails = new OneTimeTokenDetails();//TODO: use token details
AuthenticationInfo authenticationInfo = new AuthenticationInfo();
try {
authenticationInfo.setTenantDomain(tokenDetails.getDomain());
authenticationInfo.setStatus(Status.CONTINUE);
//authenticationInfo.setUsername(tokenDetails.get); //TODO: set username
//authenticationInfo.setTenantId();//TODO: set tenant Id
} catch (Exception e) { // TODO: remove this if not needed
authenticationInfo.setStatus(Status.FAILURE);
authenticationInfo.setMessage("Could not identify tenant domain.");
}
return null;
}
public String getName() {
return "One-Time-Token";
}
@Override
public void setProperties(Properties properties) {
}
@Override
public Properties getProperties() {
return null;
}
@Override
public String getProperty(String name) {
return null;
}
}

@ -20,6 +20,7 @@ package org.wso2.carbon.webapp.authenticator.framework.internal;
import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager; import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager;
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.registry.core.service.TenantRegistryLoader; import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader; import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader;
@ -35,6 +36,7 @@ public class AuthenticatorFrameworkDataHolder {
private OAuth2TokenValidationService oAuth2TokenValidationService; private OAuth2TokenValidationService oAuth2TokenValidationService;
private TenantIndexingLoader tenantIndexingLoader; private TenantIndexingLoader tenantIndexingLoader;
private TenantRegistryLoader tenantRegistryLoader; private TenantRegistryLoader tenantRegistryLoader;
private DeviceManagementProviderService deviceManagementService;
private static AuthenticatorFrameworkDataHolder private static AuthenticatorFrameworkDataHolder
thisInstance = new AuthenticatorFrameworkDataHolder(); thisInstance = new AuthenticatorFrameworkDataHolder();
@ -114,4 +116,13 @@ public class AuthenticatorFrameworkDataHolder {
public TenantRegistryLoader getTenantRegistryLoader() { public TenantRegistryLoader getTenantRegistryLoader() {
return tenantRegistryLoader; return tenantRegistryLoader;
} }
public DeviceManagementProviderService getDeviceManagementService() {
return deviceManagementService;
}
public void setDeviceManagementService(DeviceManagementProviderService deviceManagementService) {
this.deviceManagementService = deviceManagementService;
}
} }

@ -25,6 +25,7 @@ import org.osgi.framework.BundleContext;
import org.osgi.service.component.ComponentContext; import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager; import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager;
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.registry.core.service.TenantRegistryLoader; import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader; import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader;
@ -80,6 +81,12 @@ import java.util.Properties;
* cardinality="1..1" policy="dynamic" * cardinality="1..1" policy="dynamic"
* bind="setTenantRegistryLoader" * bind="setTenantRegistryLoader"
* unbind="unsetTenantRegistryLoader" * unbind="unsetTenantRegistryLoader"
* @scr.reference name="org.wso2.carbon.device.manager"
* interface="org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService"
* cardinality="1..1"
* policy="dynamic"
* bind="setDeviceManagementService"
* unbind="unsetDeviceManagementService"
*/ */
public class WebappAuthenticatorFrameworkServiceComponent { public class WebappAuthenticatorFrameworkServiceComponent {
private static final Log log = LogFactory.getLog(WebappAuthenticatorFrameworkServiceComponent.class); private static final Log log = LogFactory.getLog(WebappAuthenticatorFrameworkServiceComponent.class);
@ -211,4 +218,20 @@ public class WebappAuthenticatorFrameworkServiceComponent {
protected void unsetTenantRegistryLoader(TenantRegistryLoader tenantRegistryLoader) { protected void unsetTenantRegistryLoader(TenantRegistryLoader tenantRegistryLoader) {
AuthenticatorFrameworkDataHolder.getInstance().setTenantRegistryLoader(null); AuthenticatorFrameworkDataHolder.getInstance().setTenantRegistryLoader(null);
} }
@SuppressWarnings("unused")
protected void setDeviceManagementService(DeviceManagementProviderService deviceManagementProviderService) {
if (log.isDebugEnabled()) {
log.debug("Setting ApplicationDTO Management OSGI Manager");
}
AuthenticatorFrameworkDataHolder.getInstance().setDeviceManagementService(deviceManagementProviderService);
}
@SuppressWarnings("unused")
protected void unsetDeviceManagementService(DeviceManagementProviderService deviceManagementProviderService) {
if (log.isDebugEnabled()) {
log.debug("Removing ApplicationDTO Management OSGI Manager");
}
AuthenticatorFrameworkDataHolder.getInstance().setDeviceManagementService(null);
}
} }

Loading…
Cancel
Save