Fixes in JWT token generation and sync with upstream apim420 branch

revert
commit d567209c11

@ -22,7 +22,7 @@
<parent>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>grafana-mgt</artifactId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@ -295,7 +295,7 @@
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-api-mockito</artifactId>
<artifactId>powermock-api-mockito2</artifactId>
<scope>test</scope>
</dependency>
<dependency>

@ -22,6 +22,7 @@ import com.google.gson.JsonObject;
import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.GrafanaAPIProxyService;
import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.bean.ErrorResponse;
import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.exception.RefererNotValid;
import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.impl.util.GrafanaMgtAPIUtils;
import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.impl.util.GrafanaRequestHandlerUtil;
import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.common.exception.GrafanaManagementException;
import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core.bean.GrafanaPanelIdentifier;
@ -49,8 +50,8 @@ public class GrafanaAPIProxyServiceImpl implements GrafanaAPIProxyService {
public Response queryDatasource(JsonObject body, @Context HttpHeaders headers, @Context UriInfo requestUriInfo) {
try {
GrafanaPanelIdentifier panelIdentifier = GrafanaRequestHandlerUtil.getPanelIdentifier(headers);
GrafanaMgtDataHolder.getInstance().getGrafanaQueryService().
buildSafeQuery(body, panelIdentifier.getDashboardId(), panelIdentifier.getPanelId(), requestUriInfo.getRequestUri());
GrafanaMgtAPIUtils.getGrafanaQueryService().buildSafeQuery(body, panelIdentifier.getDashboardId(),
panelIdentifier.getPanelId(), requestUriInfo.getRequestUri());
return GrafanaRequestHandlerUtil.proxyPassPostRequest(body, requestUriInfo, panelIdentifier.getOrgId());
} catch (MaliciousQueryAttempt e) {
return Response.status(Response.Status.BAD_REQUEST).entity(

@ -0,0 +1,52 @@
/*
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.api.impl.util;
import io.entgra.device.mgt.core.analytics.mgt.grafana.proxy.core.service.GrafanaQueryService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
public class GrafanaMgtAPIUtils {
private static final Log log = LogFactory.getLog(GrafanaMgtAPIUtils.class);
private static volatile GrafanaQueryService grafanaQueryService;
/**
* Accessing GrafanaQueryService from OSGI service context
* @return GrafanaQueryService instance
*/
public static GrafanaQueryService getGrafanaQueryService() {
if (grafanaQueryService == null) {
synchronized (GrafanaMgtAPIUtils.class) {
if (grafanaQueryService == null) {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
grafanaQueryService =
(GrafanaQueryService) ctx.getOSGiService(GrafanaQueryService.class, null);
if (grafanaQueryService == null) {
String msg = "Grafana Query service has not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
}
}
}
return grafanaQueryService;
}
}

@ -22,7 +22,7 @@
<parent>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>grafana-mgt</artifactId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>grafana-mgt</artifactId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@ -211,7 +211,7 @@
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-api-mockito</artifactId>
<artifactId>powermock-api-mockito2</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>

@ -22,7 +22,7 @@
<parent>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>analytics-mgt</artifactId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -21,7 +21,7 @@
<parent>
<artifactId>io.entgra.device.mgt.core.parent</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>

@ -20,7 +20,7 @@
<parent>
<artifactId>apimgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>

@ -22,7 +22,7 @@
<parent>
<artifactId>apimgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -21,7 +21,7 @@
<parent>
<artifactId>apimgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<artifactId>apimgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@ -143,6 +143,14 @@
org.wso2.carbon.apimgt.impl;version="[9.28,10)",
org.wso2.carbon.apimgt.impl.utils;version="[9.28,10)",
org.wso2.carbon.context;version="[4.8,5)",
org.wso2.carbon.apimgt.impl;version="${carbon.api.mgt.version.range}",
org.wso2.carbon.apimgt.impl.utils;version="${carbon.api.mgt.version.range}",
org.wso2.carbon.context;version="${carbon.kernel.version.range}",
io.entgra.device.mgt.core.identity.jwt.client.extension,
io.entgra.device.mgt.core.identity.jwt.client.extension.dto,
io.entgra.device.mgt.core.identity.jwt.client.extension.exception,
io.entgra.device.mgt.core.identity.jwt.client.extension.service,
io.entgra.device.mgt.core.apimgt.extension.rest.api,
org.wso2.carbon.registry.core.exceptions;version="[1.0,2)",
org.wso2.carbon.registry.core.service;version="[1.0,2)",
org.wso2.carbon.registry.indexing.service;version="[4.8,5)",

@ -41,16 +41,19 @@ import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.App
import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Subscription;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.ApiApplicationInfo;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.RegistrationProfile;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIServicesException;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.BadRequestException;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.UnexpectedResponseException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.eclipse.jetty.http.MetaData;
import org.wso2.carbon.apimgt.api.APIAdmin;
import org.wso2.carbon.apimgt.api.APIConsumer;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO;
import org.wso2.carbon.apimgt.api.model.*;
import org.wso2.carbon.apimgt.api.model.API;
import org.wso2.carbon.apimgt.api.model.APIKey;
import org.wso2.carbon.apimgt.api.model.ApiTypeWrapper;
@ -119,6 +122,108 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
return generateAndRetrieveApplicationKeys(applicationName, tags ,keyType, isAllowedAllDomains, validityTime, tokenInfo);
}
@Override
public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String tags[],
String keyType, String username,
boolean isAllowedAllDomains,
String validityTime, String password) throws APIManagerException {
APIApplicationServices apiApplicationServices = APIApplicationManagerExtensionDataHolder.getInstance().getApiApplicationServices();
ConsumerRESTAPIServices consumerRESTAPIServices =
APIApplicationManagerExtensionDataHolder.getInstance().getConsumerRESTAPIServices();
try {
io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application[] applications =
consumerRESTAPIServices.getAllApplications(null, null, applicationName);
List<APIInfo> uniqueApiList = new ArrayList<>();
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true);
for (String tag : tags) {
Map<String, String> queryParams = new HashMap<>();
queryParams.put("tag", tag);
if ("carbon.super".equals(tenantDomain)) {
consumerRESTAPIServices.getAllApis(null, null, queryParams);
} else {
//call All API getting call with carbon super header param
APIInfo[] apiInfos;
if (!"carbon.super".equals(tenantDomain)) {
headerParams.put("X-WSO2-Tenant", "carbon.super");
}
apiInfos = consumerRESTAPIServices.getAllApis(null, null, queryParams, headerParams);
uniqueApiList.addAll(List.of(apiInfos));
Set<APIInfo> taggedAPISet = new HashSet<>(uniqueApiList);
uniqueApiList.clear();
uniqueApiList.addAll(taggedAPISet);
}
if (applications.length == 0) {
io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application application =
new io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application();
application.setName(applicationName);
application = consumerRESTAPIServices.createApplication(null, null, application);
List<Subscription> subscriptions = new ArrayList<>();
for (APIInfo apiInfo : uniqueApiList) {
Subscription subscription = new Subscription();
subscription.setApiId(apiInfo.getId());
subscription.setApplicationId(application.getApplicationId());
subscriptions.add(subscription);
}
consumerRESTAPIServices.createSubscriptions(null, null, subscriptions);
} else {
if (applications.length == 1) {
Optional<io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application> application =
Arrays.stream(applications).findFirst();
Subscription[] subscriptions = consumerRESTAPIServices.getAllSubscriptions(null, null,
application.get().getApplicationId());
for (Subscription subscription : subscriptions) {
if (uniqueApiList.contains(subscription.getApiInfo())) {
uniqueApiList.remove(subscription.getApiInfo());
} else {
uniqueApiList.add(subscription.getApiInfo());
}
}
//duplicate code block
List<Subscription> subscriptionList = new ArrayList<>();
for (APIInfo apiInfo : uniqueApiList) {
Subscription subscription = new Subscription();
subscription.setApiId(apiInfo.getId());
subscription.setApplicationId(application.get().getApplicationId());
subscriptionList.add(subscription);
}
consumerRESTAPIServices.createSubscriptions(null, null, subscriptionList);
} else {
String msg = "Found more than one application for application name: " + applicationName;
log.error(msg);
throw new APIManagerException(msg);
}
}
} catch (APIServicesException e) {
e.printStackTrace();
} catch (BadRequestException e) {
e.printStackTrace();
} catch (UnexpectedResponseException e) {
e.printStackTrace();
}
return null;
}
/**
* {@inheritDoc}
*/
@Override
public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags,
String keyType, String username,
@ -139,9 +244,11 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
boolean isAllowedAllDomains,
String validityTime, TokenInfo tokenInfo) throws APIManagerException {
ConsumerRESTAPIServices consumerRESTAPIServices =
APIApplicationManagerExtensionDataHolder.getInstance().getConsumerRESTAPIServices();
ApiApplicationInfo applicationInfo = getApplicationInfo(username, password);
try {
List<APIInfo> uniqueApiList = new ArrayList<>();
@ -208,6 +315,50 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
throw new APIManagerException(msg);
}
}
MetadataManagementService metadataManagementService = APIApplicationManagerExtensionDataHolder.getInstance().getMetadataManagementService();
if (isNewApplication) {
ApplicationKey applicationKey = consumerRESTAPIServices.generateApplicationKeys(applicationInfo, application);
ApiApplicationKey apiApplicationKey = new ApiApplicationKey();
apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey());
apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret());
Metadata metaData = new Metadata();
metaData.setMetaKey(applicationName);
String metaValue = application.getApplicationId() + ":" + applicationKey.getKeyMappingId();
metaData.setMetaValue(metaValue);
try {
metadataManagementService.createMetadata(metaData);
return apiApplicationKey;
} catch (MetadataManagementException e) {
String msg = "Error occurred while creating the meta data entry for mata key: " + applicationName;
log.error(msg, e);
throw new APIManagerException(msg, e);
} catch (MetadataKeyAlreadyExistsException e) {
String msg = "Found duplicate meta value entry for meta key: " + applicationName;
log.error(msg, e);
throw new APIManagerException(msg, e);
}
} else {
try {
Metadata metaData = metadataManagementService.retrieveMetadata(applicationName);
if (metaData == null) {
String msg =
"Couldn't find application key data from meta data mgt service. Meta key: " + applicationName;
log.error(msg);
throw new APIManagerException(msg);
}
String[] metaValues = metaData.getMetaValue().split(":");
String applicationId = metaValues[0];
String keyMappingId = metaValues[1];
//todo call the API key retrieving call, return apiApplicationKey;
} catch (MetadataManagementException e) {
String msg = "Error occurred while getting meta data for meta key: " + applicationName;
log.error(msg, e);
throw new APIManagerException(msg, e);
}
return null;
}
} catch (APIServicesException e) {
String msg = "Error occurred while processing the response of APIM REST endpoints.";
log.error(msg, e);
@ -649,9 +800,14 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.AccessTokenInfo accessTokenInfo;
try {
if (username == null || password == null) {
apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials();
apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(
"ClientForConsumerRestCalls",
"client_credentials password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer");
} else {
apiApplicationKey = apiApplicationServices.generateAndRetrieveApplicationKeys(username, password);
apiApplicationKey = apiApplicationServices.generateAndRetrieveApplicationKeys(
"ClientForConsumerRestCalls",
username, password,
"client_credentials password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer");
}
accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication(
apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret());

@ -41,7 +41,6 @@ public class APIApplicationManagerExtensionDataHolder {
private ConsumerRESTAPIServices consumerRESTAPIServices;
private APIApplicationServices apiApplicationServices;
private MetadataManagementService metadataManagementService;
private APIApplicationManagerExtensionDataHolder() {
}
@ -68,17 +67,18 @@ public class APIApplicationManagerExtensionDataHolder {
public void setRealmService(RealmService realmService) {
this.realmService = realmService;
this.setTenantManager(realmService);
setTenantManager(realmService != null ?
realmService.getTenantManager() : null);
}
private void setTenantManager(RealmService realmService) {
if (realmService == null) {
throw new IllegalStateException("Realm service is not initialized properly");
}
this.tenantManager = realmService.getTenantManager();
private void setTenantManager(TenantManager tenantManager) {
this.tenantManager = tenantManager;
}
public TenantManager getTenantManager() {
if (tenantManager == null) {
throw new IllegalStateException("Tenant manager is not initialized properly");
}
return tenantManager;
}

@ -34,6 +34,40 @@ import org.wso2.carbon.user.core.service.RealmService;
@Component(
name = "io.entgra.device.mgt.core.apimgt.application.extension.internal.APIApplicationManagerExtensionServiceComponent",
immediate = true)
/**
* @scr.component name="io.entgra.device.mgt.core.apimgt.application.extension.internal.APIApplicationManagerExtensionServiceComponent"
* @scr.reference name="tenant.registryloader"
* interface="org.wso2.carbon.registry.core.service.TenantRegistryLoader"
* cardinality="1..1"
* policy="dynamic"
* bind="setTenantRegistryLoader"
* unbind="unsetTenantRegistryLoader"
* @scr.reference name="tenant.indexloader"
* interface="org.wso2.carbon.registry.indexing.service.TenantIndexingLoader"
* cardinality="1..1"
* policy="dynamic"
* bind="setIndexLoader"
* unbind="unsetIndexLoader"
* @scr.reference name="realm.service"
* immediate="true"
* interface="org.wso2.carbon.user.core.service.RealmService"
* cardinality="1..1"
* policy="dynamic"
* bind="setRealmService"
* unbind="unsetRealmService"
* @scr.reference name="apimgt.extension.ConsumerRESTAPIServices"
* interface="io.entgra.device.mgt.core.apimgt.extension.rest.api.ConsumerRESTAPIServices"
* cardinality="0..1"
* policy="dynamic"
* bind="setConsumerRESTAPIServices"
* unbind="unsetConsumerRESTAPIServices"
* @scr.reference name="apimgt.extension.APIApplicationService"
* interface="io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices"
* cardinality="0..1"
* policy="dynamic"
* bind="setAPIApplicationServices"
* unbind="unsetAPIApplicationServices"
*/
public class APIApplicationManagerExtensionServiceComponent {
private static final Log log = LogFactory.getLog(APIApplicationManagerExtensionServiceComponent.class);

@ -22,7 +22,7 @@
<parent>
<artifactId>apimgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -24,9 +24,10 @@ import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIService
public interface APIApplicationServices {
APIApplicationKey createAndRetrieveApplicationCredentials() throws APIServicesException;
APIApplicationKey createAndRetrieveApplicationCredentials(String clientName, String grantType)
throws APIServicesException;
APIApplicationKey generateAndRetrieveApplicationKeys(String username, String password)
APIApplicationKey generateAndRetrieveApplicationKeys(String clientName, String username, String password, String grantType)
throws APIServicesException;
AccessTokenInfo generateAccessTokenFromRegisteredApplication(String clientId, String clientSecret) throws APIServicesException;

@ -44,7 +44,7 @@ public class APIApplicationServicesImpl implements APIApplicationServices {
getAPIManagerConfigurationService().getAPIManagerConfiguration();
@Override
public APIApplicationKey createAndRetrieveApplicationCredentials()
public APIApplicationKey createAndRetrieveApplicationCredentials(String clientName, String grantType)
throws APIServicesException {
String applicationEndpoint = config.getFirstProperty(Constants.DCR_END_POINT);
@ -53,8 +53,8 @@ public class APIApplicationServicesImpl implements APIApplicationServices {
JSONObject jsonObject = new JSONObject();
jsonObject.put("callbackUrl", Constants.EMPTY_STRING);
jsonObject.put("clientName", Constants.CLIENT_NAME);
jsonObject.put("grantType", Constants.GRANT_TYPE);
jsonObject.put("clientName", clientName);
jsonObject.put("grantType", grantType);
jsonObject.put("owner", serverUser);
jsonObject.put("saasApp", true);
@ -75,15 +75,15 @@ public class APIApplicationServicesImpl implements APIApplicationServices {
}
@Override
public APIApplicationKey generateAndRetrieveApplicationKeys(String username, String password)
public APIApplicationKey generateAndRetrieveApplicationKeys(String clientName, String username, String password, String grantType)
throws APIServicesException {
String applicationEndpoint = config.getFirstProperty(Constants.DCR_END_POINT);
JSONObject jsonObject = new JSONObject();
jsonObject.put("callbackUrl", Constants.EMPTY_STRING);
jsonObject.put("clientName", username);
jsonObject.put("grantType", Constants.GRANT_TYPE);
jsonObject.put("clientName", clientName);
jsonObject.put("grantType", grantType);
jsonObject.put("owner", username);
jsonObject.put("saasApp", true);

@ -23,6 +23,8 @@ import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.TokenInfo;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIServicesException;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.BadRequestException;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.UnexpectedResponseException;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Subscription;
import java.util.List;
import java.util.Map;

@ -24,6 +24,10 @@ import io.entgra.device.mgt.core.apimgt.extension.rest.api.constants.Constants;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.AccessTokenInfo;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.ApiApplicationInfo;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.TokenInfo;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.APIKey;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Subscription;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIServicesException;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.BadRequestException;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.UnexpectedResponseException;

@ -18,8 +18,6 @@
package io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer;
import org.json.JSONObject;
public class Subscription {
private String subscriptionId;

@ -27,10 +27,8 @@ public final class Constants {
public static final String AMPERSAND = "&";
public static final String SLASH = "/";
public static final String EQUAL = "=";
public static final String CLIENT_NAME = "rest_api_publisher_code";
public static final String SERVER_USER = "WorkflowConfigurations.ServerUser";
public static final String SERVER_PASSWORD = "WorkflowConfigurations.ServerPassword";
public static final String GRANT_TYPE = "client_credentials password refresh_token";
public static final String REFRESH_TOKEN_GRANT_TYPE_PARAM_NAME = "refresh_token";
public static final String OAUTH_EXPIRES_IN = "expires_in";
public static final String OAUTH_TOKEN_SCOPE = "scope";

@ -21,7 +21,7 @@
<parent>
<artifactId>apimgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>

@ -21,7 +21,7 @@
<parent>
<artifactId>apimgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -344,7 +344,7 @@ public class KeyMgtServiceImpl implements KeyMgtService {
Response response = client.newCall(request).execute();
return gson.fromJson(response.body().string(), OAuthApplication.class);
} catch (IOException e) {
msg = "Error occurred while processing the response";
msg = "Error occurred while processing the response" + e;
throw new KeyMgtException(msg);
}
}

@ -22,7 +22,7 @@
<parent>
<artifactId>apimgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@ -41,7 +41,7 @@
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-api-mockito</artifactId>
<artifactId>powermock-api-mockito2</artifactId>
<scope>test</scope>
</dependency>
<dependency>

@ -90,7 +90,10 @@ public class APIPublisherServiceImpl implements APIPublisherService {
APIApplicationKey apiApplicationKey;
AccessTokenInfo accessTokenInfo;
try {
apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials();
apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(
"ClientForPublisherRestCalls",
"client_credentials password refresh_token"
);
accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication(
apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret());
} catch (APIServicesException e) {
@ -403,7 +406,10 @@ public class APIPublisherServiceImpl implements APIPublisherService {
APIApplicationKey apiApplicationKey;
AccessTokenInfo accessTokenInfo;
try {
apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials();
apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(
"ClientForPublisherRestCalls",
"client_credentials password refresh_token"
);
accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication(
apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret());
} catch (APIServicesException e) {

@ -75,17 +75,18 @@ public class APIPublisherDataHolder {
public void setRealmService(RealmService realmService) {
this.realmService = realmService;
this.setTenantManager(realmService);
setTenantManager(realmService != null ?
realmService.getTenantManager() : null);
}
private void setTenantManager(RealmService realmService) {
if (realmService == null) {
throw new IllegalStateException("Realm service is not initialized properly");
}
this.tenantManager = realmService.getTenantManager();
private void setTenantManager(TenantManager tenantManager) {
this.tenantManager = tenantManager;
}
public TenantManager getTenantManager() {
if (tenantManager == null) {
throw new IllegalStateException("Tenant manager is not initialized properly");
}
return tenantManager;
}

@ -22,7 +22,7 @@
<parent>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>io.entgra.device.mgt.core.parent</artifactId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>

@ -21,7 +21,7 @@
<parent>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>application-mgt</artifactId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -29,6 +29,11 @@ import io.entgra.device.mgt.core.application.mgt.common.response.Category;
import io.entgra.device.mgt.core.application.mgt.common.response.Tag;
import io.entgra.device.mgt.core.application.mgt.common.wrapper.*;
import io.entgra.device.mgt.core.device.mgt.common.Base64File;
<<<<<<< HEAD
=======
import io.entgra.device.mgt.core.application.mgt.common.dto.ApplicationDTO;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
>>>>>>> 3616245ae6 (Improve app visibility restricting functionality)
import org.apache.cxf.jaxrs.ext.multipart.Attachment;
import java.util.List;

@ -21,7 +21,7 @@
<parent>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>application-mgt</artifactId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@ -153,6 +153,10 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<argLine>
--add-opens=java.xml/jdk.xml.internal=ALL-UNNAMED
--add-opens=java.base/jdk.internal.loader=ALL-UNNAMED
</argLine>
<suiteXmlFiles>
<suiteXmlFile>src/test/resources/testng.xml</suiteXmlFile>
</suiteXmlFiles>
@ -160,6 +164,9 @@
<jacoco-agent.destfile>${basedir}/target/coverage-reports/jacoco-unit.exec</jacoco-agent.destfile>
<log4j.configuration>file:src/test/resources/log4j.properties</log4j.configuration>
</systemPropertyVariables>
<classpathDependencyExcludes>
<classpathDependencyExclude>org.ops4j.pax.logging</classpathDependencyExclude>
</classpathDependencyExcludes>
</configuration>
</plugin>
</plugins>
@ -404,6 +411,10 @@
<artifactId>org.wso2.carbon.ntask.core</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>io.entgra.device.mgt.core.notification.logger</artifactId>
</dependency>
</dependencies>
</project>

@ -19,6 +19,16 @@
package io.entgra.device.mgt.core.application.mgt.core.impl;
import io.entgra.device.mgt.core.application.mgt.common.*;
import io.entgra.device.mgt.core.application.mgt.core.exception.BadRequestException;
import io.entgra.device.mgt.core.application.mgt.core.dao.SPApplicationDAO;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
import org.json.JSONObject;
import io.entgra.device.mgt.core.application.mgt.common.ApplicationArtifact;
import io.entgra.device.mgt.core.application.mgt.common.ApplicationInstaller;
import io.entgra.device.mgt.core.application.mgt.common.DeviceTypes;
import io.entgra.device.mgt.core.application.mgt.common.LifecycleChanger;
import io.entgra.device.mgt.core.application.mgt.common.Pagination;
import io.entgra.device.mgt.core.application.mgt.common.config.RatingConfiguration;
import io.entgra.device.mgt.core.application.mgt.common.dto.*;
import io.entgra.device.mgt.core.application.mgt.common.exception.*;
@ -57,6 +67,7 @@ import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import javax.ws.rs.core.Response;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
@ -1239,13 +1250,13 @@ public class ApplicationManagerImpl implements ApplicationManager {
this.changeLifecycleState(applicationReleaseDTO, lifecycleChanger);
}
}
if (Constants.ENTERPRISE_APP_TYPE.equals(applicationDTO.getType()) || Constants.PUBLIC_APP_TYPE.equals(applicationDTO.getType())) {
persistAppIconInfo(applicationReleaseDTO);
}
applicationReleaseEntities.add(applicationReleaseDTO);
}
applicationDTO.setId(appId);
applicationDTO.setApplicationReleaseDTOs(applicationReleaseEntities);
if (applicationDTO.getType().equals("ENTERPRISE") || applicationDTO.getType().equals("PUBLIC") ) {
persistAppIconInfo(applicationReleaseDTO);
}
return APIUtil.appDtoToAppResponse(applicationDTO);
}
} catch (LifeCycleManagementDAOException e) {
@ -1669,6 +1680,31 @@ public class ApplicationManagerImpl implements ApplicationManager {
}
}
/**
* Check whether valid metaData value or not
*
* @return true or false
* @throws MetadataManagementException If it is unable to load metaData
*/
private boolean isUserAbleToViewAllRoles() throws MetadataManagementException {
List<Metadata> allMetadata;
allMetadata = APIUtil.getMetadataManagementService().retrieveAllMetadata();
if (allMetadata != null && !allMetadata.isEmpty()) {
for (Metadata metadata : allMetadata) {
if (Constants.SHOW_ALL_ROLES.equals(metadata.getMetaKey())) {
String metaValue = metadata.getMetaValue();
if (metaValue != null) {
JSONObject jsonObject;
jsonObject = new JSONObject(metaValue);
boolean isUserAbleToViewAllRoles = jsonObject.getBoolean(Constants.IS_USER_ABLE_TO_VIEW_ALL_ROLES);
return isUserAbleToViewAllRoles;
}
}
}
}
return false;
}
/**
* Get assigned role list of the given user.
*
@ -3442,7 +3478,8 @@ public class ApplicationManagerImpl implements ApplicationManager {
}
@Override
public <T> void validateAppCreatingRequest(T param) throws ApplicationManagementException, RequestValidatingException {
public <T> void validateAppCreatingRequest(T param)
throws ApplicationManagementException, RequestValidatingException {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true);
String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
int deviceTypeId = -1;
@ -3614,12 +3651,14 @@ public class ApplicationManagerImpl implements ApplicationManager {
log.error(msg);
throw new ApplicationManagementException(msg);
}
if (!hasUserRole(unrestrictedRoles, userName)) {
String msg = "You are trying to restrict the visibility of the application for a role set, but "
+ "in order to perform the action at least one role should be assigned to user: "
+ userName;
log.error(msg);
throw new BadRequestException(msg);
if (!isUserAbleToViewAllRoles()) {
if (!hasUserRole(unrestrictedRoles, userName)) {
String msg = "You are trying to restrict the visibility of the application for a role set, but "
+ "in order to perform the action at least one role should be assigned to user: "
+ userName;
log.error(msg);
throw new BadRequestException(msg);
}
}
}
@ -3672,6 +3711,10 @@ public class ApplicationManagerImpl implements ApplicationManager {
String msg = "Error occurred when validating the unrestricted roles given for the web clip";
log.error(msg, e);
throw new ApplicationManagementException(msg, e);
} catch (MetadataManagementException e) {
String msg = "Error occurred while retrieving metadata list";
log.error(msg, e);
throw new ApplicationManagementException(msg, e);
} finally {
ConnectionManagerUtil.closeDBConnection();
}

@ -19,6 +19,10 @@
package io.entgra.device.mgt.core.application.mgt.core.impl;
import com.google.gson.Gson;
import io.entgra.device.mgt.core.application.mgt.core.exception.BadRequestException;
import io.entgra.device.mgt.core.device.mgt.extensions.logger.spi.EntgraLogger;
import io.entgra.device.mgt.core.notification.logger.AppInstallLogContext;
import io.entgra.device.mgt.core.notification.logger.impl.EntgraAppInstallLoggerImpl;
import io.entgra.device.mgt.core.apimgt.application.extension.dto.ApiApplicationKey;
import io.entgra.device.mgt.core.apimgt.application.extension.exception.APIManagerException;
import io.entgra.device.mgt.core.application.mgt.common.*;
@ -87,8 +91,8 @@ import java.util.stream.Collectors;
* This is the default implementation for the Subscription Manager.
*/
public class SubscriptionManagerImpl implements SubscriptionManager {
private static final Log log = LogFactory.getLog(SubscriptionManagerImpl.class);
AppInstallLogContext.Builder appInstallLogContextBuilder = new AppInstallLogContext.Builder();
private static final EntgraLogger log = new EntgraAppInstallLoggerImpl(SubscriptionManagerImpl.class);
private SubscriptionDAO subscriptionDAO;
private ApplicationDAO applicationDAO;
private LifecycleStateManager lifecycleStateManager;
@ -620,7 +624,9 @@ public class SubscriptionManagerImpl implements SubscriptionManager {
Properties properties,
boolean isOperationReExecutingDisabled)
throws ApplicationManagementException {
String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
String tenantId = String.valueOf(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
String tenantDomain = String.valueOf(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain());
//Get app subscribing info of each device
SubscribingDeviceIdHolder subscribingDeviceIdHolder = getSubscribingDeviceIdHolder(devices,
applicationDTO.getApplicationReleaseDTOs().get(0).getId());
@ -670,10 +676,36 @@ public class SubscriptionManagerImpl implements SubscriptionManager {
Activity activity = addAppOperationOnDevices(applicationDTO, new ArrayList<>(entry.getValue()),
entry.getKey(), action, properties);
activityList.add(activity);
for (DeviceIdentifier identifier : deviceIdentifiers) {
log.info(String.format("Web app %s triggered", action), appInstallLogContextBuilder
.setAppId(String.valueOf(applicationDTO.getId()))
.setAppName(applicationDTO.getName())
.setAppType(applicationDTO.getType())
.setSubType(subType)
.setTenantId(tenantId)
.setTenantDomain(tenantDomain)
.setDevice(String.valueOf(identifier))
.setUserName(username)
.setAction(action)
.build());
}
}
} else {
Activity activity = addAppOperationOnDevices(applicationDTO, deviceIdentifiers, deviceType, action, properties);
activityList.add(activity);
for (DeviceIdentifier identifier : deviceIdentifiers) {
log.info(String.format("App %s triggered", action), appInstallLogContextBuilder
.setAppId(String.valueOf(applicationDTO.getId()))
.setAppName(applicationDTO.getName())
.setAppType(applicationDTO.getType())
.setSubType(subType)
.setTenantId(tenantId)
.setTenantDomain(tenantDomain)
.setDevice(String.valueOf(identifier))
.setUserName(username)
.setAction(action)
.build());
}
}
ApplicationInstallResponse applicationInstallResponse = new ApplicationInstallResponse();

@ -40,6 +40,7 @@ import io.entgra.device.mgt.core.application.mgt.core.internal.DataHolder;
import io.entgra.device.mgt.core.application.mgt.core.serviceprovider.ISServiceProviderApplicationService;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceManagementException;
import io.entgra.device.mgt.core.device.mgt.core.dto.DeviceType;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@ -64,6 +65,7 @@ public class APIUtil {
private static volatile SubscriptionManager subscriptionManager;
private static volatile ReviewManager reviewManager;
private static volatile AppmDataHandler appmDataHandler;
private static volatile MetadataManagementService metadataManagementService;
public static SPApplicationManager getSPApplicationManager() {
if (SPApplicationManager == null) {
@ -514,7 +516,22 @@ public class APIUtil {
public static String createAppIconPath(ApplicationReleaseDTO applicationReleaseDTO, int tenantId) throws ApplicationManagementException {
String basePath = getArtifactDownloadBaseURL() + tenantId + Constants.FORWARD_SLASH + applicationReleaseDTO
.getAppHashValue() + Constants.FORWARD_SLASH;
String iconPath = basePath + Constants.ICON_ARTIFACT + Constants.FORWARD_SLASH + applicationReleaseDTO.getIconName();
return iconPath;
return basePath + Constants.ICON_ARTIFACT + Constants.FORWARD_SLASH + applicationReleaseDTO.getIconName();
}
public static MetadataManagementService getMetadataManagementService() {
if (metadataManagementService == null) {
synchronized (APIUtil.class) {
if (metadataManagementService == null) {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
metadataManagementService = (MetadataManagementService) ctx.getOSGiService(
MetadataManagementService.class, null);
if (metadataManagementService == null) {
throw new IllegalStateException("Metadata Management service not initialized.");
}
}
}
}
return metadataManagementService;
}
}

@ -70,7 +70,8 @@ public class Constants {
public static final String ANY = "ANY";
public static final String DEFAULT_PCK_NAME = "default.app.com";
public static final String ALL = "ALL";
public static final String SHOW_ALL_ROLES = "SHOW_ALL_ROLES";
public static final String IS_USER_ABLE_TO_VIEW_ALL_ROLES = "isUserAbleToViewAllRoles";
public static final String GOOGLE_PLAY_STORE_URL = "https://play.google.com/store/apps/details?id=";
public static final String APPLE_STORE_URL = "https://itunes.apple.com/country/app/app-name/id";
@ -93,6 +94,9 @@ public class Constants {
public static final String MSI = "MSI";
public static final String APPX = "APPX";
public static final String ENTERPRISE_APP_TYPE = "ENTERPRISE";
public static final String PUBLIC_APP_TYPE = "ENTERPRISE";
private static final Map<String, String> AGENT_DATA = new HashMap<>();
static {
AGENT_DATA.put("android", "android-agent.apk");

@ -27,7 +27,7 @@
<EveryOneRoleName>everyone</EveryOneRoleName>
<ReadOnly>false</ReadOnly>
<MaxUserNameListLength>500</MaxUserNameListLength>
<Property name="url">jdbc:h2:target/databasetest/CARBON_TEST</Property>
<Property name="url">jdbc:h2:./target/databasetest/CARBON_TEST</Property>
<Property name="driverName">org.h2.Driver</Property>
<Property name="maxActive">50</Property>
<Property name="maxWait">60000</Property>

@ -22,7 +22,7 @@
<parent>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>io.entgra.device.mgt.core.parent</artifactId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<artifactId>certificate-mgt</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<artifactId>certificate-mgt</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -21,7 +21,7 @@
<parent>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>certificate-mgt</artifactId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@ -111,6 +111,10 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<argLine>
--add-opens=java.xml/jdk.xml.internal=ALL-UNNAMED
--add-opens=java.base/jdk.internal.loader=ALL-UNNAMED
</argLine>
<suiteXmlFiles>
<suiteXmlFile>src/test/resources/testng.xml</suiteXmlFile>
</suiteXmlFiles>
@ -118,6 +122,9 @@
<jacoco-agent.destfile>${basedir}/target/coverage-reports/jacoco-unit.exec</jacoco-agent.destfile>
<log4j.configuration>file:src/test/resources/log4j.properties</log4j.configuration>
</systemPropertyVariables>
<classpathDependencyExcludes>
<classpathDependencyExclude>org.ops4j.pax.logging</classpathDependencyExclude>
</classpathDependencyExcludes>
</configuration>
</plugin>
<plugin>
@ -175,7 +182,7 @@
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-api-mockito</artifactId>
<artifactId>powermock-api-mockito2</artifactId>
<scope>test</scope>
</dependency>
<dependency>

@ -25,6 +25,15 @@ public class Certificate {
X509Certificate certificate;
int tenantId;
String tenantDomain;
String deviceIdentifier;
public String getDeviceIdentifier() {
return deviceIdentifier;
}
public void setDeviceIdentifier(String deviceIdentifier) {
this.deviceIdentifier = deviceIdentifier;
}
public int getTenantId() {
return tenantId;

@ -41,6 +41,17 @@ public interface CertificateDAO {
void addCertificate(List<Certificate> certificate)
throws CertificateManagementDAOException;
/**
* This can be used to store a certificate in the database, where it will be stored against the serial number
* of the certificate.
*
* @param certificate Holds the certificate and relevant details.
* @throws CertificateManagementDAOException
*
*/
void addCertificate(Certificate certificate)
throws CertificateManagementDAOException;
/**
* Usage is to obtain a certificate stored in the database by providing the common name.
*
@ -51,6 +62,16 @@ public interface CertificateDAO {
*/
CertificateResponse retrieveCertificate(String serialNumber) throws CertificateManagementDAOException;
/**
* Obtain a certificated stored in the database by providing the common name and the tenant ID
*
* @param serialNumber Serial number (Common name) of the certificate
* @param tenantId ID of the certificate owning tenant
* @return representation of the certificate.
* @throws CertificateManagementDAOException if fails to read the certificate from the database
*/
CertificateResponse retrieveCertificate(String serialNumber, int tenantId) throws CertificateManagementDAOException;
/**
* Get all the certificates in a paginated manner.
*

@ -81,6 +81,40 @@ public abstract class AbstractCertificateDAOImpl implements CertificateDAO{
}
}
@Override
public void addCertificate(Certificate certificate)
throws CertificateManagementDAOException {
Connection conn;
PreparedStatement stmt = null;
try {
conn = this.getConnection();
stmt = conn.prepareStatement(
"INSERT INTO DM_DEVICE_CERTIFICATE (SERIAL_NUMBER, CERTIFICATE, TENANT_ID," +
" USERNAME, DEVICE_IDENTIFIER) VALUES (?,?,?,?,?)");
PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.
getThreadLocalCarbonContext();
String username = threadLocalCarbonContext.getUsername();
// the serial number of the certificate used for its creation is set as its alias.
String serialNumber = certificate.getSerial();
if (serialNumber == null || serialNumber.isEmpty()) {
serialNumber = String.valueOf(certificate.getCertificate().getSerialNumber());
}
byte[] bytes = Serializer.serialize(certificate.getCertificate());
stmt.setString(1, serialNumber);
stmt.setBytes(2, bytes);
stmt.setInt(3, certificate.getTenantId());
stmt.setString(4, username);
stmt.setString(5, certificate.getDeviceIdentifier());
stmt.executeUpdate();
} catch (SQLException | IOException e) {
throw new CertificateManagementDAOException("Error occurred while saving the " +
"certificate. ", e);
} finally {
CertificateManagementDAOUtil.cleanupResources(stmt, null);
}
}
@Override
public CertificateResponse retrieveCertificate(String serialNumber)
throws CertificateManagementDAOException {
@ -119,6 +153,42 @@ public abstract class AbstractCertificateDAOImpl implements CertificateDAO{
return certificateResponse;
}
@Override
public CertificateResponse retrieveCertificate(String serialNumber, int tenantId) throws CertificateManagementDAOException {
Connection conn;
PreparedStatement stmt = null;
ResultSet resultSet = null;
CertificateResponse certificateResponse = null;
try {
conn = this.getConnection();
String query =
"SELECT CERTIFICATE, SERIAL_NUMBER, TENANT_ID, USERNAME FROM"
+ " DM_DEVICE_CERTIFICATE WHERE SERIAL_NUMBER = ? AND TENANT_ID = ? ";
stmt = conn.prepareStatement(query);
stmt.setString(1, serialNumber);
stmt.setInt(2, tenantId);
resultSet = stmt.executeQuery();
if (resultSet.next()) {
certificateResponse = new CertificateResponse();
byte[] certificateBytes = resultSet.getBytes("CERTIFICATE");
certificateResponse.setCertificate(certificateBytes);
certificateResponse.setSerialNumber(resultSet.getString("SERIAL_NUMBER"));
certificateResponse.setTenantId(resultSet.getInt("TENANT_ID"));
certificateResponse.setUsername(resultSet.getString("USERNAME"));
CertificateGenerator.extractCertificateDetails(certificateBytes, certificateResponse);
}
} catch (SQLException e) {
String errorMsg =
"Unable to get the read the certificate with serial" + serialNumber;
log.error(errorMsg, e);
throw new CertificateManagementDAOException(errorMsg, e);
} finally {
CertificateManagementDAOUtil.cleanupResources(stmt, resultSet);
}
return certificateResponse;
}
@Override
public List<CertificateResponse> searchCertificate(String serialNumber)
throws CertificateManagementDAOException {

@ -55,10 +55,28 @@ import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.Store;
import org.jscep.message.*;
import org.jscep.message.CertRep;
import org.jscep.message.MessageDecodingException;
import org.jscep.message.MessageEncodingException;
import org.jscep.message.PkcsPkiEnvelopeDecoder;
import org.jscep.message.PkcsPkiEnvelopeEncoder;
import org.jscep.message.PkiMessage;
import org.jscep.message.PkiMessageDecoder;
import org.jscep.message.PkiMessageEncoder;
import org.jscep.transaction.FailInfo;
import org.jscep.transaction.Nonce;
import org.jscep.transaction.TransactionId;
import org.wso2.carbon.certificate.mgt.core.dao.CertificateDAO;
import org.wso2.carbon.certificate.mgt.core.dao.CertificateManagementDAOException;
import org.wso2.carbon.certificate.mgt.core.dao.CertificateManagementDAOFactory;
import org.wso2.carbon.certificate.mgt.core.dto.CAStatus;
import org.wso2.carbon.certificate.mgt.core.dto.CertificateResponse;
import org.wso2.carbon.certificate.mgt.core.dto.SCEPResponse;
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
import org.wso2.carbon.certificate.mgt.core.exception.TransactionManagementException;
import org.wso2.carbon.certificate.mgt.core.util.CertificateManagementConstants;
import org.wso2.carbon.certificate.mgt.core.util.CommonUtil;
import org.wso2.carbon.certificate.mgt.core.util.Serializer;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import javax.naming.InvalidNameException;
@ -70,12 +88,34 @@ import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.*;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.*;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.*;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.concurrent.TimeUnit;
public class CertificateGenerator {
@ -336,15 +376,31 @@ public class CertificateGenerator {
CertificateResponse lookUpCertificate = null;
KeyStoreReader keyStoreReader = new KeyStoreReader();
if (distinguishedName != null && !distinguishedName.isEmpty()) {
if (distinguishedName.contains("/CN=")) {
String[] dnSplits = distinguishedName.split("/");
for (String dnPart : dnSplits) {
if (dnPart.contains("CN=")) {
String commonNameExtracted = dnPart.replace("CN=", "");
lookUpCertificate = keyStoreReader.getCertificateBySerial(commonNameExtracted);
break;
if (distinguishedName.contains("CN=")) {
String[] dnSplits = null;
if (distinguishedName.contains("/")) {
dnSplits = distinguishedName.split("/");
} else if (distinguishedName.contains(",")) {
//some older versions of nginx will forward the client certificate subject dn separated with commas
dnSplits = distinguishedName.split(",");
}
String commonNameExtracted = null;
int tenantId = 0;
if (dnSplits != null && dnSplits.length >= 1) {
for (String dnPart : dnSplits) {
if (dnPart.contains("CN=")) {
commonNameExtracted = dnPart.replace("CN=", "");
} else if (dnPart.contains("OU=")) {
//the OU of the certificate will be like OU=tenant_<TENANT_ID> ex: OU=tenant_-1234
//splitting by underscore to extract the tenant domain
String[] orgUnitSplits = dnPart.split("_");
tenantId = Integer.parseInt(orgUnitSplits[1]);
}
}
}
lookUpCertificate = keyStoreReader.getCertificateBySerial(commonNameExtracted, tenantId);
} else {
LdapName ldapName;
try {
@ -671,6 +727,29 @@ public class CertificateGenerator {
throw new KeystoreException(errorMsg, e);
}
}
public void saveCertificate(org.wso2.carbon.certificate.mgt.core.bean.Certificate
certificate) throws KeystoreException {
if (certificate == null) {
return;
}
try {
CertificateDAO certificateDAO = CertificateManagementDAOFactory.getCertificateDAO();
CertificateManagementDAOFactory.beginTransaction();
certificateDAO.addCertificate(certificate);
CertificateManagementDAOFactory.commitTransaction();
} catch (CertificateManagementDAOException e) {
String errorMsg = "Error occurred when saving the generated certificate in database";
log.error(errorMsg);
CertificateManagementDAOFactory.rollbackTransaction();
throw new KeystoreException(errorMsg, e);
} catch (TransactionManagementException e) {
String errorMsg = "Error occurred when saving the generated certificate in database";
log.error(errorMsg);
throw new KeystoreException(errorMsg, e);
}
}
public void saveCertInKeyStore(List<io.entgra.device.mgt.core.certificate.mgt.core.bean.Certificate> certificate)
throws KeystoreException {
@ -785,8 +864,9 @@ public class CertificateGenerator {
X500Name issuerName = new X500Name(subjectDn);
String commonName = certificationRequest.getSubject().getRDNs(BCStyle.CN)[0].getFirst()
.getValue().toString();
X500Name subjectName = new X500Name("O=" + commonName + "O=AndroidDevice,CN=" +
serialNumber);
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
X500Name subjectName = new X500Name("O=" + commonName + ",CN=" +
serialNumber + ", OU=tenant_"+tenantId);
Date startDate = new Date(System.currentTimeMillis());
Date endDate = new Date(System.currentTimeMillis()
+ TimeUnit.DAYS.toMillis(365 * 100));
@ -809,8 +889,8 @@ public class CertificateGenerator {
List<io.entgra.device.mgt.core.certificate.mgt.core.bean.Certificate> certificates = new ArrayList<>();
certificate.setTenantId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
certificate.setCertificate(issuedCert);
certificates.add(certificate);
saveCertInKeyStore(certificates);
certificate.setDeviceIdentifier(commonName);
saveCertificate(certificate);
} catch (OperatorCreationException e) {
String errorMsg = "Error creating the content signer";

@ -271,6 +271,43 @@ public class KeyStoreReader {
return raPrivateKey;
}
public CertificateResponse getCertificateBySerial(String serialNumber, int tenantId) throws KeystoreException {
CertificateResponse certificateResponse = null;
try {
CertificateCacheManager cacheManager = CertificateCacheManagerImpl.getInstance();
certificateResponse = cacheManager.getCertificateBySerial(serialNumber);
if (certificateResponse == null) {
try {
CertificateManagementDAOFactory.openConnection();
certificateResponse = certDao.retrieveCertificate(serialNumber, tenantId);
} catch (SQLException e) {
String errorMsg = "Error when making a connection to the database.";
throw new KeystoreException(errorMsg, e);
} finally {
CertificateManagementDAOFactory.closeConnection();
}
if (certificateResponse != null && certificateResponse.getCertificate() != null) {
Certificate certificate = (Certificate) Serializer.deserialize(certificateResponse.getCertificate());
if (certificate instanceof X509Certificate) {
X509Certificate x509cert = (X509Certificate) certificate;
String commonName = CertificateGenerator.getCommonName(x509cert);
certificateResponse.setCommonName(commonName);
cacheManager.addCertificateBySerial(serialNumber, certificateResponse);
}
}
}
} catch (CertificateManagementDAOException e) {
String errorMsg = "Error when retrieving certificate from the the database for the serial number: " +
serialNumber;
throw new KeystoreException(errorMsg, e);
} catch (ClassNotFoundException | IOException e) {
String errorMsg = "Error when de-serializing saved certificate.";
throw new KeystoreException(errorMsg, e);
}
return certificateResponse;
}
public CertificateResponse getCertificateBySerial(String serialNumber) throws KeystoreException {
CertificateResponse certificateResponse = null;
try {

@ -18,7 +18,7 @@
-->
<DataSourceConfig>
<Url>jdbc:h2:mem:cdm-test-db;DB_CLOSE_ON_EXIT=FALSE;MVCC=true</Url>
<Url>jdbc:h2:mem:cdm-test-db;DB_CLOSE_ON_EXIT=FALSE</Url>
<DriverClassName>org.h2.Driver</DriverClassName>
<User>wso2carbon</User>
<Password>wso2carbon</Password>

@ -22,7 +22,7 @@
<parent>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>io.entgra.device.mgt.core.parent</artifactId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@ -106,13 +106,19 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<argLine>
--add-opens=java.xml/jdk.xml.internal=ALL-UNNAMED
--add-opens=java.base/jdk.internal.loader=ALL-UNNAMED
</argLine>
<systemPropertyVariables>
<log4j.configuration>file:src/test/resources/carbon-home/repository/conf/log4j.properties
</log4j.configuration>
<log4j.configuration>file:src/test/resources/log4j.properties</log4j.configuration>
</systemPropertyVariables>
<suiteXmlFiles>
<file>src/test/resources/testng.xml</file>
</suiteXmlFiles>
<classpathDependencyExcludes>
<classpathDependencyExclude>org.ops4j.pax.logging</classpathDependencyExclude>
</classpathDependencyExcludes>
</configuration>
</plugin>
</plugins>
@ -207,5 +213,15 @@
<groupId>org.wso2.orbit.javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
</dependency>
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-core</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-impl</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
</project>

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@ -104,6 +104,21 @@
<artifactId>io.entgra.device.mgt.core.device.mgt.core</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-core</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-impl</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
@ -157,6 +172,25 @@
</instructions>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<argLine>
--add-opens=java.xml/jdk.xml.internal=ALL-UNNAMED
--add-opens=java.base/jdk.internal.loader=ALL-UNNAMED
</argLine>
<systemPropertyVariables>
<log4j.configuration>file:src/test/resources/log4j.properties</log4j.configuration>
</systemPropertyVariables>
<suiteXmlFiles>
<file>src/test/resources/testng.xml</file>
</suiteXmlFiles>
<classpathDependencyExcludes>
<classpathDependencyExclude>org.ops4j.pax.logging</classpathDependencyExclude>
</classpathDependencyExcludes>
</configuration>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>

@ -21,7 +21,7 @@
<parent>
<artifactId>device-mgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@ -122,6 +122,16 @@
<artifactId>powermock-module-testng</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.securevault</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
@ -189,6 +199,25 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<argLine>
--add-opens=java.xml/jdk.xml.internal=ALL-UNNAMED
--add-opens=java.base/jdk.internal.loader=ALL-UNNAMED
</argLine>
<systemPropertyVariables>
<log4j.configuration>file:src/test/resources/log4j.properties</log4j.configuration>
</systemPropertyVariables>
<suiteXmlFiles>
<file>src/test/resources/testng.xml</file>
</suiteXmlFiles>
<classpathDependencyExcludes>
<classpathDependencyExclude>org.ops4j.pax.logging</classpathDependencyExclude>
</classpathDependencyExcludes>
</configuration>
</plugin>
</plugins>
</build>

@ -1,658 +0,0 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
~ Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
~
~ Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<!--
This is the main server configuration file
${carbon.home} represents the carbon.home system property.
Other system properties can be specified in a similar manner.
-->
<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
<!--
Product Name
-->
<Name>${product.name}</Name>
<!--
machine readable unique key to identify each product
-->
<ServerKey>${product.key}</ServerKey>
<!--
Product Version
-->
<Version>${product.version}</Version>
<!--
Host name or IP address of the machine hosting this server
e.g. www.wso2.org, 192.168.1.10
This is will become part of the End Point Reference of the
services deployed on this server instance.
-->
<!--HostName>www.wso2.org</HostName-->
<!--
Host name to be used for the Carbon management console
-->
<!--MgtHostName>mgt.wso2.org</MgtHostName-->
<!--
The URL of the back end server. This is where the admin services are hosted and
will be used by the clients in the front end server.
This is required only for the Front-end server. This is used when seperating BE server from FE server
-->
<ServerURL>local:/${carbon.context}/services/</ServerURL>
<!--
<ServerURL>https://${carbon.local.ip}:${carbon.management.port}${carbon.context}/services/</ServerURL>
-->
<!--
The URL of the index page. This is where the user will be redirected after signing in to the
carbon server.
-->
<!-- IndexPageURL>/carbon/admin/index.jsp</IndexPageURL-->
<!--
For cApp deployment, we have to identify the roles that can be acted by the current server.
The following property is used for that purpose. Any number of roles can be defined here.
Regular expressions can be used in the role.
Ex : <Role>.*</Role> means this server can act any role
-->
<ServerRoles>
<Role>${default.server.role}</Role>
</ServerRoles>
<!-- uncommnet this line to subscribe to a bam instance automatically -->
<!--<BamServerURL>https://bamhost:bamport/services/</BamServerURL>-->
<!--
The fully qualified name of the server
-->
<Package>org.wso2.carbon</Package>
<!--
Webapp context root of WSO2 Carbon management console.
-->
<WebContextRoot>/</WebContextRoot>
<!--
Proxy context path is a useful parameter to add a proxy path when a Carbon server is fronted by reverse proxy. In addtion
to the proxy host and proxy port this parameter allows you add a path component to external URLs. e.g.
URL of the Carbon server -> https://10.100.1.1:9443/carbon
URL of the reverse proxy -> https://prod.abc.com/appserver/carbon
appserver - proxy context path. This specially required whenever you are generating URLs to displace in
Carbon UI components.
-->
<!--
<MgtProxyContextPath></MgtProxyContextPath>
<ProxyContextPath></ProxyContextPath>
-->
<!-- In-order to get the registry http Port from the back-end when the default http transport is not the same-->
<!--RegistryHttpPort>9763</RegistryHttpPort-->
<!--
Number of items to be displayed on a management console page. This is used at the
backend server for pagination of various items.
-->
<ItemsPerPage>15</ItemsPerPage>
<!-- The endpoint URL of the cloud instance management Web service -->
<!--<InstanceMgtWSEndpoint>https://ec2.amazonaws.com/</InstanceMgtWSEndpoint>-->
<!--
Ports used by this server
-->
<Ports>
<!-- Ports offset. This entry will set the value of the ports defined below to
the define value + Offset.
e.g. Offset=2 and HTTPS port=9443 will set the effective HTTPS port to 9445
-->
<Offset>0</Offset>
<!-- The JMX Ports -->
<JMX>
<!--The port RMI registry is exposed-->
<RMIRegistryPort>9999</RMIRegistryPort>
<!--The port RMI server should be exposed-->
<RMIServerPort>11111</RMIServerPort>
</JMX>
<!-- Embedded LDAP server specific ports -->
<EmbeddedLDAP>
<!-- Port which embedded LDAP server runs -->
<LDAPServerPort>10389</LDAPServerPort>
<!-- Port which KDC (Kerberos Key Distribution Center) server runs -->
<KDCServerPort>8000</KDCServerPort>
</EmbeddedLDAP>
<!--
Override datasources JNDIproviderPort defined in bps.xml and datasources.properties files
-->
<!--<JNDIProviderPort>2199</JNDIProviderPort>-->
<!--Override receive port of thrift based entitlement service.-->
<ThriftEntitlementReceivePort>10500</ThriftEntitlementReceivePort>
</Ports>
<!--
JNDI Configuration
-->
<JNDI>
<!--
The fully qualified name of the default initial context factory
-->
<DefaultInitialContextFactory>org.wso2.carbon.tomcat.jndi.CarbonJavaURLContextFactory</DefaultInitialContextFactory>
<!--
The restrictions that are done to various JNDI Contexts in a Multi-tenant environment
-->
<Restrictions>
<!--
Contexts that will be available only to the super-tenant
-->
<!-- <SuperTenantOnly>
<UrlContexts>
<UrlContext>
<Scheme>foo</Scheme>
</UrlContext>
<UrlContext>
<Scheme>bar</Scheme>
</UrlContext>
</UrlContexts>
</SuperTenantOnly> -->
<!--
Contexts that are common to all tenants
-->
<AllTenants>
<UrlContexts>
<UrlContext>
<Scheme>java</Scheme>
</UrlContext>
<!-- <UrlContext>
<Scheme>foo</Scheme>
</UrlContext> -->
</UrlContexts>
</AllTenants>
<!--
All other contexts not mentioned above will be available on a per-tenant basis
(i.e. will not be shared among tenants)
-->
</Restrictions>
</JNDI>
<!--
Property to determine if the server is running an a cloud deployment environment.
This property should only be used to determine deployment specific details that are
applicable only in a cloud deployment, i.e when the server deployed *-as-a-service.
-->
<IsCloudDeployment>false</IsCloudDeployment>
<!--
Property to determine whether usage data should be collected for metering purposes
-->
<EnableMetering>false</EnableMetering>
<!-- The Max time a thread should take for execution in seconds -->
<MaxThreadExecutionTime>600</MaxThreadExecutionTime>
<!--
A flag to enable or disable Ghost Deployer. By default this is set to false. That is
because the Ghost Deployer works only with the HTTP/S transports. If you are using
other transports, don't enable Ghost Deployer.
-->
<GhostDeployment>
<Enabled>false</Enabled>
</GhostDeployment>
<!--
Eager loading or lazy loading is a design pattern commonly used in computer programming which
will initialize an object upon creation or load on-demand. In carbon, lazy loading is used to
load tenant when a request is received only. Similarly Eager loading is used to enable load
existing tenants after carbon server starts up. Using this feature, you will be able to include
or exclude tenants which are to be loaded when server startup.
We can enable only one LoadingPolicy at a given time.
1. Tenant Lazy Loading
This is the default behaviour and enabled by default. With this policy, tenants are not loaded at
server startup, but loaded based on-demand (i.e when a request is received for a tenant).
The default tenant idle time is 30 minutes.
2. Tenant Eager Loading
This is by default not enabled. It can be be enabled by un-commenting the <EagerLoading> section.
The eager loading configurations supported are as below. These configurations can be given as the
value for <Include> element with eager loading.
(i)Load all tenants when server startup - *
(ii)Load all tenants except foo.com & bar.com - *,!foo.com,!bar.com
(iii)Load only foo.com & bar.com to be included - foo.com,bar.com
-->
<Tenant>
<LoadingPolicy>
<LazyLoading>
<IdleTime>30</IdleTime>
</LazyLoading>
<!-- <EagerLoading>
<Include>*,!foo.com,!bar.com</Include>
</EagerLoading>-->
</LoadingPolicy>
</Tenant>
<!--
Caching related configurations
-->
<Cache>
<!-- Default cache timeout in minutes -->
<DefaultCacheTimeout>15</DefaultCacheTimeout>
</Cache>
<!--
Axis2 related configurations
-->
<Axis2Config>
<!--
Location of the Axis2 Services & Modules repository
This can be a directory in the local file system, or a URL.
e.g.
1. /home/wso2wsas/repository/ - An absolute path
2. repository - In this case, the path is relative to CARBON_HOME
3. file:///home/wso2wsas/repository/
4. http://wso2wsas/repository/
-->
<RepositoryLocation>${carbon.home}/repository/deployment/server/</RepositoryLocation>
<!--
Deployment update interval in seconds. This is the interval between repository listener
executions.
-->
<DeploymentUpdateInterval>15</DeploymentUpdateInterval>
<!--
Location of the main Axis2 configuration descriptor file, a.k.a. axis2.xml file
This can be a file on the local file system, or a URL
e.g.
1. /home/repository/axis2.xml - An absolute path
2. conf/axis2.xml - In this case, the path is relative to CARBON_HOME
3. file:///home/carbon/repository/axis2.xml
4. http://repository/conf/axis2.xml
-->
<ConfigurationFile>${carbon.home}/repository/conf/axis2/axis2.xml</ConfigurationFile>
<!--
ServiceGroupContextIdleTime, which will be set in ConfigurationContex
for multiple clients which are going to access the same ServiceGroupContext
Default Value is 30 Sec.
-->
<ServiceGroupContextIdleTime>30000</ServiceGroupContextIdleTime>
<!--
This repository location is used to crete the client side configuration
context used by the server when calling admin services.
-->
<ClientRepositoryLocation>${carbon.home}/repository/deployment/client/</ClientRepositoryLocation>
<!-- This axis2 xml is used in createing the configuration context by the FE server
calling to BE server -->
<clientAxis2XmlLocation>${carbon.home}/repository/conf/axis2/axis2_client.xml</clientAxis2XmlLocation>
<!-- If this parameter is set, the ?wsdl on an admin service will not give the admin service wsdl. -->
<HideAdminServiceWSDLs>true</HideAdminServiceWSDLs>
<!--WARNING-Use With Care! Uncommenting bellow parameter would expose all AdminServices in HTTP transport.
With HTTP transport your credentials and data routed in public channels are vulnerable for sniffing attacks.
Use bellow parameter ONLY if your communication channels are confirmed to be secured by other means -->
<!--HttpAdminServices>*</HttpAdminServices-->
</Axis2Config>
<!--
The default user roles which will be created when the server
is started up for the first time.
-->
<ServiceUserRoles>
<Role>
<Name>admin</Name>
<Description>Default Administrator Role</Description>
</Role>
<Role>
<Name>user</Name>
<Description>Default User Role</Description>
</Role>
</ServiceUserRoles>
<!--
Enable following config to allow Emails as usernames.
-->
<!--EnableEmailUserName>true</EnableEmailUserName-->
<!--
Security configurations
-->
<Security>
<!--
KeyStore which will be used for encrypting/decrypting passwords
and other sensitive information.
-->
<KeyStore>
<!-- Keystore file location-->
<Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
<!-- Keystore type (JKS/PKCS12 etc.)-->
<Type>JKS</Type>
<!-- Keystore password-->
<Password>wso2carbon</Password>
<!-- Private Key alias-->
<KeyAlias>wso2carbon</KeyAlias>
<!-- Private Key password-->
<KeyPassword>wso2carbon</KeyPassword>
</KeyStore>
<!--
System wide trust-store which is used to maintain the certificates of all
the trusted parties.
-->
<TrustStore>
<!-- trust-store file location -->
<Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location>
<!-- trust-store type (JKS/PKCS12 etc.) -->
<Type>JKS</Type>
<!-- trust-store password -->
<Password>wso2carbon</Password>
</TrustStore>
<!--
The Authenticator configuration to be used at the JVM level. We extend the
java.net.Authenticator to make it possible to authenticate to given servers and
proxies.
-->
<NetworkAuthenticatorConfig>
<!--
Below is a sample configuration for a single authenticator. Please note that
all child elements are mandatory. Not having some child elements would lead to
exceptions at runtime.
-->
<!-- <Credential> -->
<!--
the pattern that would match a subset of URLs for which this authenticator
would be used
-->
<!-- <Pattern>regularExpression</Pattern> -->
<!--
the type of this authenticator. Allowed values are:
1. server
2. proxy
-->
<!-- <Type>proxy</Type> -->
<!-- the username used to log in to server/proxy -->
<!-- <Username>username</Username> -->
<!-- the password used to log in to server/proxy -->
<!-- <Password>password</Password> -->
<!-- </Credential> -->
</NetworkAuthenticatorConfig>
<!--
The Tomcat realm to be used for hosted Web applications. Allowed values are;
1. UserManager
2. Memory
If this is set to 'UserManager', the realm will pick users & roles from the system's
WSO2 User Manager. If it is set to 'memory', the realm will pick users & roles from
CARBON_HOME/repository/conf/tomcat/tomcat-users.xml
-->
<TomcatRealm>UserManager</TomcatRealm>
<!--Option to disable storing of tokens issued by STS-->
<DisableTokenStore>false</DisableTokenStore>
<!--
Security token store class name. If this is not set, default class will be
org.wso2.carbon.security.util.SecurityTokenStore
-->
<!--TokenStoreClassName>org.wso2.carbon.identity.sts.store.DBTokenStore</TokenStoreClassName-->
</Security>
<!--
The temporary work directory
-->
<WorkDirectory>${carbon.home}/tmp/work</WorkDirectory>
<!--
House-keeping configuration
-->
<HouseKeeping>
<!--
true - Start House-keeping thread on server startup
false - Do not start House-keeping thread on server startup.
The user will run it manually as and when he wishes.
-->
<AutoStart>true</AutoStart>
<!--
The interval in *minutes*, between house-keeping runs
-->
<Interval>10</Interval>
<!--
The maximum time in *minutes*, temp files are allowed to live
in the system. Files/directories which were modified more than
"MaxTempFileLifetime" minutes ago will be removed by the
house-keeping task
-->
<MaxTempFileLifetime>30</MaxTempFileLifetime>
</HouseKeeping>
<!--
Configuration for handling different types of file upload & other file uploading related
config parameters.
To map all actions to a particular FileUploadExecutor, use
<Action>*</Action>
-->
<FileUploadConfig>
<!--
The total file upload size limit in MB
-->
<TotalFileSizeLimit>100</TotalFileSizeLimit>
<Mapping>
<Actions>
<Action>keystore</Action>
<Action>certificate</Action>
<Action>*</Action>
</Actions>
<Class>org.wso2.carbon.ui.transports.fileupload.AnyFileUploadExecutor</Class>
</Mapping>
<Mapping>
<Actions>
<Action>jarZip</Action>
</Actions>
<Class>org.wso2.carbon.ui.transports.fileupload.JarZipUploadExecutor</Class>
</Mapping>
<Mapping>
<Actions>
<Action>dbs</Action>
</Actions>
<Class>org.wso2.carbon.ui.transports.fileupload.DBSFileUploadExecutor</Class>
</Mapping>
<Mapping>
<Actions>
<Action>tools</Action>
</Actions>
<Class>org.wso2.carbon.ui.transports.fileupload.ToolsFileUploadExecutor</Class>
</Mapping>
<Mapping>
<Actions>
<Action>toolsAny</Action>
</Actions>
<Class>org.wso2.carbon.ui.transports.fileupload.ToolsAnyFileUploadExecutor</Class>
</Mapping>
</FileUploadConfig>
<!--
Processors which process special HTTP GET requests such as ?wsdl, ?policy etc.
In order to plug in a processor to handle a special request, simply add an entry to this
section.
The value of the Item element is the first parameter in the query string(e.g. ?wsdl)
which needs special processing
The value of the Class element is a class which implements
org.wso2.carbon.transport.HttpGetRequestProcessor
-->
<HttpGetRequestProcessors>
<Processor>
<Item>info</Item>
<Class>org.wso2.carbon.core.transports.util.InfoProcessor</Class>
</Processor>
<Processor>
<Item>wsdl</Item>
<Class>org.wso2.carbon.core.transports.util.Wsdl11Processor</Class>
</Processor>
<Processor>
<Item>wsdl2</Item>
<Class>org.wso2.carbon.core.transports.util.Wsdl20Processor</Class>
</Processor>
<Processor>
<Item>xsd</Item>
<Class>org.wso2.carbon.core.transports.util.XsdProcessor</Class>
</Processor>
</HttpGetRequestProcessors>
<!-- Deployment Synchronizer Configuration. t Enabled value to true when running with "svn based" dep sync.
In master nodes you need to set both AutoCommit and AutoCheckout to true
and in worker nodes set only AutoCheckout to true.
-->
<DeploymentSynchronizer>
<Enabled>false</Enabled>
<AutoCommit>false</AutoCommit>
<AutoCheckout>true</AutoCheckout>
<RepositoryType>svn</RepositoryType>
<SvnUrl>http://svnrepo.example.com/repos/</SvnUrl>
<SvnUser>username</SvnUser>
<SvnPassword>password</SvnPassword>
<SvnUrlAppendTenantId>true</SvnUrlAppendTenantId>
</DeploymentSynchronizer>
<!-- Deployment Synchronizer Configuration. Uncomment the following section when running with "registry based" dep sync.
In master nodes you need to set both AutoCommit and AutoCheckout to true
and in worker nodes set only AutoCheckout to true.
-->
<!--<DeploymentSynchronizer>
<Enabled>true</Enabled>
<AutoCommit>false</AutoCommit>
<AutoCheckout>true</AutoCheckout>
</DeploymentSynchronizer>-->
<!-- Mediation persistence configurations. Only valid if mediation features are available i.e. ESB -->
<!--<MediationConfig>
<LoadFromRegistry>false</LoadFromRegistry>
<SaveToFile>false</SaveToFile>
<Persistence>enabled</Persistence>
<RegistryPersistence>enabled</RegistryPersistence>
</MediationConfig>-->
<!--
Server intializing code, specified as implementation classes of org.wso2.carbon.core.ServerInitializer.
This code will be run when the Carbon server is initialized
-->
<ServerInitializers>
<!--<Initializer></Initializer>-->
</ServerInitializers>
<!--
Indicates whether the Carbon Servlet is required by the system, and whether it should be
registered
-->
<RequireCarbonServlet>${require.carbon.servlet}</RequireCarbonServlet>
<!--
Carbon H2 OSGI Configuration
By default non of the servers start.
name="web" - Start the web server with the H2 Console
name="webPort" - The port (default: 8082)
name="webAllowOthers" - Allow other computers to connect
name="webSSL" - Use encrypted (HTTPS) connections
name="tcp" - Start the TCP server
name="tcpPort" - The port (default: 9092)
name="tcpAllowOthers" - Allow other computers to connect
name="tcpSSL" - Use encrypted (SSL) connections
name="pg" - Start the PG server
name="pgPort" - The port (default: 5435)
name="pgAllowOthers" - Allow other computers to connect
name="trace" - Print additional trace information; for all servers
name="baseDir" - The base directory for H2 databases; for all servers
-->
<!--H2DatabaseConfiguration>
<property name="web" />
<property name="webPort">8082</property>
<property name="webAllowOthers" />
<property name="webSSL" />
<property name="tcp" />
<property name="tcpPort">9092</property>
<property name="tcpAllowOthers" />
<property name="tcpSSL" />
<property name="pg" />
<property name="pgPort">5435</property>
<property name="pgAllowOthers" />
<property name="trace" />
<property name="baseDir">${carbon.home}</property>
</H2DatabaseConfiguration-->
<!--Disabling statistics reporter by default-->
<StatisticsReporterDisabled>true</StatisticsReporterDisabled>
<!-- Enable accessing Admin Console via HTTP -->
<!-- EnableHTTPAdminConsole>true</EnableHTTPAdminConsole -->
<!--
Default Feature Repository of WSO2 Carbon.
-->
<FeatureRepository>
<RepositoryName>default repository</RepositoryName>
<RepositoryURL>${p2.repo.url}</RepositoryURL>
</FeatureRepository>
<!--
Configure API Management
-->
<APIManagement>
<!--Uses the embedded API Manager by default. If you want to use an external
API Manager instance to manage APIs, configure below externalAPIManager-->
<Enabled>true</Enabled>
<!--Uncomment and configure API Gateway and
Publisher URLs to use external API Manager instance-->
<!--ExternalAPIManager>
<APIGatewayURL>http://localhost:8281</APIGatewayURL>
<APIPublisherURL>http://localhost:8281/publisher</APIPublisherURL>
</ExternalAPIManager-->
<LoadAPIContextsInServerStartup>true</LoadAPIContextsInServerStartup>
</APIManagement>
</Server>

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt-extensions</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<artifactId>io.entgra.device.mgt.core.parent</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@ -364,7 +364,7 @@
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-api-mockito</artifactId>
<artifactId>powermock-api-mockito2</artifactId>
<scope>test</scope>
</dependency>
<dependency>

@ -26,6 +26,24 @@ import io.entgra.device.mgt.core.device.mgt.common.DeviceIdentifier;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroup;
import io.swagger.annotations.*;
import org.apache.axis2.transport.http.HTTPConstants;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceGroupList;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceList;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceToGroupsAssignment;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.ErrorResponse;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.RoleList;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.Constants;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.Extension;
import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Info;
import io.swagger.annotations.ResponseHeader;
import io.swagger.annotations.SwaggerDefinition;
import io.swagger.annotations.Tag;
import javax.validation.Valid;
import javax.ws.rs.*;
@ -159,6 +177,13 @@ import java.util.List;
key = "perm:groups:devices-types",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/devices/types"}
),
@Scope(
name = "View whether the groups has relevant device types",
description = "View whether the groups has relevant device types",
key = "perm:groups:add",
roles = {"Internal/devicemgt-user"},
permissions = {"/device-mgt/groups/device-types"}
)
}
)
@ -1206,4 +1231,77 @@ public interface GroupManagementService {
required = true)
List<String> identifiers);
@POST
@Path("/roles/share")
@ApiOperation(
produces = MediaType.APPLICATION_JSON,
httpMethod = HTTPConstants.HEADER_POST,
value = "Consolidated API for Creating a Device Group, Adding Devices, and Sharing",
notes = "This API can be used to create a new device group, add devices to the group, and share the group with user roles.",
tags = "Device Group Management",
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:add")
})
}
)
@ApiResponses(
value = {
@ApiResponse(
code = 201,
message = "Created. \n Device group has successfully been created.",
responseHeaders = {
@ResponseHeader(
name = "Content-Location",
description = "The URL of the created group."),
@ResponseHeader(
name = "Content-Type",
description = "The content type of the body."),
@ResponseHeader(
name = "ETag",
description = "Entity Tag of the response resource.\n" +
"Used by caches, or in conditional requests."),
@ResponseHeader(
name = "Last-Modified",
description = "Date and time the resource has been modified the last time.\n" +
"Used by caches, or in conditional requests.")
}
),
@ApiResponse(
code = 303,
message = "See Other. \n Source can be retrieved from the URL specified at the Location " +
"header.",
responseHeaders = {
@ResponseHeader(
name = "Content-Location",
description = "The Source URL of the document.")}),
@ApiResponse(
code = 400,
message = "Bad Request. \n Invalid request or validation error.",
response = ErrorResponse.class),
@ApiResponse(
code = 401,
message = "Unauthorized. \n Current logged in user is not authorized to perform the operation.",
response = ErrorResponse.class),
@ApiResponse(
code = 404,
message = "Group not found.",
response = ErrorResponse.class),
@ApiResponse(
code = 406,
message = "Not Acceptable.\n The requested media type is not supported."),
@ApiResponse(
code = 500,
message = "Internal Server Error. \n " +
"Server error occurred while creating the group or adding devices or sharing the group.",
response = ErrorResponse.class)
})
Response createGroupWithRoles(
@ApiParam(
name = "group",
value = "Define the group object with data.",
required = true)
@Valid DeviceGroupRoleWrapper group
);
}

@ -187,6 +187,104 @@ public interface RoleManagementService {
defaultValue = "5")
@QueryParam("limit") int limit);
@GET
@Path("/visible/{metaKey}")
@ApiOperation(
produces = MediaType.APPLICATION_JSON,
httpMethod = "GET",
value = "Getting the List of Visible Roles",
notes = "WSO2 IoTS supports role-based access control (RBAC) and role management. Using this API you can the list of roles that are in WSO2 IoTS.\n" +
"Note: Internal roles, roles created for service-providers, and application related roles will not be given in the output.",
tags = "Role Management",
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "perm:roles:view")
})
}
)
@ApiResponses(value = {
@ApiResponse(
code = 200,
message = "OK. \n Successfully fetched the list of roles in WSO2 IoTS.",
response = RoleList.class,
responseHeaders = {
@ResponseHeader(
name = "Content-Type",
description = "The content type of the body"),
@ResponseHeader(
name = "ETag",
description = "Entity Tag of the response resource.\n" +
"Used by caches, or in conditional requests."),
@ResponseHeader(
name = "Last-Modified",
description = "Date and time the resource has been modified the last time.\n" +
"Used by caches, or in conditional requests."),
}),
@ApiResponse(
code = 304,
message = "Not Modified. \n Empty body because the client already has the latest version of the " +
"requested resource."),
@ApiResponse(
code = 404,
message = "Not Found. \n The specified resource does not exist.\n",
response = ErrorResponse.class),
@ApiResponse(
code = 406,
message = "Not Acceptable.\n The requested media type is not supported",
response = ErrorResponse.class),
@ApiResponse(
code = 500,
message = "Internal Server Error. \n Server error occurred while fetching the list of roles" +
" assigned to the specified user.",
response = ErrorResponse.class)
})
Response getVisibleRole(
@ApiParam(
name = "filter",
value = "Provide a character or a few characters in the role name.",
required = false)
@QueryParam("filter") String filter,
@ApiParam(
name = "user-store",
value = "The name of the UserStore you wish to get the list of roles.",
required = false)
@QueryParam("user-store") String userStoreName,
@ApiParam(
name = "If-Modified-Since",
value = "Checks if the requested variant was modified, since the specified date-time." +
"Provide the value in the following format: EEE, d MMM yyyy HH:mm:ss Z.\n" +
"Example: Mon, 05 Jan 2014 15:10:00 +0200",
required = false)
@HeaderParam("If-Modified-Since") String ifModifiedSince,
@ApiParam(
name = "offset",
value = "The starting pagination index for the complete list of qualified items.",
required = false,
defaultValue = "0")
@QueryParam("offset") int offset,
@ApiParam(
name = "limit",
value = "Provide how many role details you require from the starting pagination index/offset.",
required = false,
defaultValue = "5")
@QueryParam("limit") int limit,
@ApiParam(
name = "username",
value = "The username of the user.",
required = true,
defaultValue = "admin")
@QueryParam("username") String username,
@ApiParam(
name = "domain",
value = "The domain name of the user store.",
required = false)
@QueryParam("domain") String domain,
@ApiParam(
name = "metaKey",
value = "Key of the metadata",
required = true)
@PathParam("metaKey") String metaKey);
@GET
@Path("/filter/{prefix}")
@ApiOperation(

@ -27,8 +27,16 @@ import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroup;
import io.swagger.annotations.*;
import org.apache.axis2.transport.http.HTTPConstants;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
import javax.validation.Valid;
import javax.ws.rs.*;
import javax.ws.rs.Consumes;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@ -358,4 +366,79 @@ public interface GroupManagementAdminService {
required = true)
@Valid DeviceGroup group);
@POST
@Path("/roles/share")
@ApiOperation(
produces = MediaType.APPLICATION_JSON,
httpMethod = HTTPConstants.HEADER_POST,
value = "Consolidated API for Creating a Device Group, Adding Devices, and Sharing",
notes = "This API can be used to create a new device group, add devices to the group, and share the group with user roles.",
tags = "Device Group Management",
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "perm:groups:add")
})
}
)
@ApiResponses(
value = {
@ApiResponse(
code = 201,
message = "Created. \n Device group has successfully been created.",
responseHeaders = {
@ResponseHeader(
name = "Content-Location",
description = "The URL of the created group."),
@ResponseHeader(
name = "Content-Type",
description = "The content type of the body."),
@ResponseHeader(
name = "ETag",
description = "Entity Tag of the response resource.\n" +
"Used by caches, or in conditional requests."),
@ResponseHeader(
name = "Last-Modified",
description = "Date and time the resource has been modified the last time.\n" +
"Used by caches, or in conditional requests.")
}
),
@ApiResponse(
code = 303,
message = "See Other. \n Source can be retrieved from the URL specified at the Location " +
"header.",
responseHeaders = {
@ResponseHeader(
name = "Content-Location",
description = "The Source URL of the document.")}),
@ApiResponse(
code = 400,
message = "Bad Request. \n Invalid request or validation error.",
response = ErrorResponse.class),
@ApiResponse(
code = 401,
message = "Unauthorized. \n Current logged in user is not authorized to perform the operation.",
response = ErrorResponse.class),
@ApiResponse(
code = 404,
message = "Group not found.",
response = ErrorResponse.class),
@ApiResponse(
code = 406,
message = "Not Acceptable.\n The requested media type is not supported."),
@ApiResponse(
code = 500,
message = "Internal Server Error. \n " +
"Server error occurred while creating the group or adding devices or sharing the group.",
response = ErrorResponse.class)
})
Response createGroupWithRoles(@ApiParam(
name = "group",
value = "Define the group object with data.",
required = true)
@Valid DeviceGroupRoleWrapper group
);
}

@ -23,6 +23,11 @@ import io.entgra.device.mgt.core.apimgt.application.extension.APIManagementProvi
import io.entgra.device.mgt.core.apimgt.application.extension.APIManagementProviderServiceImpl;
import io.entgra.device.mgt.core.apimgt.application.extension.dto.ApiApplicationKey;
import io.entgra.device.mgt.core.apimgt.application.extension.exception.APIManagerException;
import io.entgra.device.mgt.core.apimgt.application.extension.internal.APIApplicationManagerExtensionDataHolder;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIServicesException;
import io.entgra.device.mgt.core.apimgt.keymgt.extension.DCRResponse;
import io.entgra.device.mgt.core.apimgt.keymgt.extension.TokenRequest;
import io.entgra.device.mgt.core.apimgt.keymgt.extension.TokenResponse;
@ -804,11 +809,12 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
//todo - lasantha - can't get password from here
ApiApplicationKey apiApplicationKey;
try {
DCRResponse adminDCRResponse = keyMgtService.dynamicClientRegistration(applicationName,
PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm()
.getRealmConfiguration().getAdminUserName(),
"client_credentials", null, new String[] {"device_management"}, false, validityTime, PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm()
.getRealmConfiguration().getAdminPassword());
APIApplicationServices apiApplicationServices = DeviceMgtAPIUtils.getApiApplicationServices();
APIApplicationKey adminDCRResponse = apiApplicationServices.createAndRetrieveApplicationCredentials(
"ClientForJWTTokenGeneration",
"client_credentials password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer"
);
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
JWTClientManagerService jwtClientManagerService = (JWTClientManagerService) ctx.
@ -816,11 +822,14 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
JWTClient jwtClient = jwtClientManagerService.getJWTClient();
AccessTokenInfo accessTokenInfo = jwtClient.getAccessToken(adminDCRResponse.getClientId(),
adminDCRResponse.getClientSecret(),
username, "appm:subscribe");
username, "appm:subscribe apim:admin apim:api_key apim:app_import_export apim:app_manage" +
" apim:store_settings apim:sub_alert_manage apim:sub_manage apim:subscribe openid perm:device:enroll " +
"perm:devices:details perm:devices:features perm:devices:search perm:devices:view perm:groups:groups " +
"perm:users:send-invitation");
APIManagementProviderService apiManagementProviderService = DeviceMgtAPIUtils.getAPIManagementService();
apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys(applicationName,
new String[] {"device_management"}, null, false, String.valueOf(validityTime),
new String[] {"device_management"}, "PRODUCTION", false, String.valueOf(validityTime),
accessTokenInfo.getAccessToken());
} catch (JWTClientException e) {
@ -828,8 +837,8 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} catch (UserStoreException e) {
String msg = "Error while getting user credentials.";
} catch (APIServicesException e) {
String msg = "Error while generating api Application";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();

@ -18,6 +18,28 @@
package io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroup;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupConstants;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceTypesOfGroups;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupAlreadyExistException;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupNotExistException;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.RoleDoesNotExistException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import io.entgra.device.mgt.core.device.mgt.common.Device;
import io.entgra.device.mgt.core.device.mgt.common.DeviceIdentifier;
import io.entgra.device.mgt.core.device.mgt.common.EnrolmentInfo;
import io.entgra.device.mgt.core.device.mgt.common.GroupPaginationRequest;
import io.entgra.device.mgt.core.device.mgt.common.PaginationResult;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceManagementException;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceNotFoundException;
import io.entgra.device.mgt.core.device.mgt.core.service.DeviceManagementProviderService;
import io.entgra.device.mgt.core.device.mgt.core.service.GroupManagementProviderService;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceGroupList;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceList;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceToGroupsAssignment;
@ -37,10 +59,21 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import javax.ws.rs.*;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.transaction.UserTransaction;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
public class GroupManagementServiceImpl implements GroupManagementService {
@ -94,8 +127,18 @@ public class GroupManagementServiceImpl implements GroupManagementService {
request.setGroupName(name);
request.setOwner(owner);
request.setDepth(depth);
PaginationResult deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
.getGroupsWithHierarchy(currentUser, request, requireGroupProps);
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
UserRealm realmService = DeviceMgtAPIUtils.getRealmService().getTenantUserRealm(tenantId);
String[] roles = realmService.getUserStoreManager().getRoleListOfUser(currentUser);
boolean hasAdminRole = Arrays.asList(roles).contains(DEFAULT_ADMIN_ROLE);
PaginationResult deviceGroupsResult;
if (hasAdminRole) {
deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
.getGroupsWithHierarchy(null, request, requireGroupProps);
} else{
deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
.getGroupsWithHierarchy(currentUser, request, requireGroupProps);
}
DeviceGroupList deviceGroupList = new DeviceGroupList();
deviceGroupList.setList(deviceGroupsResult.getData());
deviceGroupList.setCount(deviceGroupsResult.getRecordsTotal());
@ -104,6 +147,10 @@ public class GroupManagementServiceImpl implements GroupManagementService {
String error = "Error occurred while retrieving groups with hierarchy.";
log.error(error, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(error).build();
} catch (UserStoreException e) {
String msg = "Error occurred while getting user realm.";
log.error(msg, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
}
}
@ -416,4 +463,38 @@ public class GroupManagementServiceImpl implements GroupManagementService {
}
}
@POST
@Path("/roles/share")
@Override
public Response createGroupWithRoles(DeviceGroupRoleWrapper groups) {
if (groups == null) {
return Response.status(Response.Status.BAD_REQUEST).build();
}
groups.setOwner(PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername());
groups.setStatus(DeviceGroupConstants.GroupStatus.ACTIVE);
try {
DeviceMgtAPIUtils.getGroupManagementProviderService().createGroupWithRoles(groups, DEFAULT_ADMIN_ROLE, DEFAULT_ADMIN_PERMISSIONS);
DeviceGroup group = DeviceMgtAPIUtils.getGroupManagementProviderService().getGroup(groups.getName(),
PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername().isEmpty());
if (group != null) {
DeviceMgtAPIUtils.getGroupManagementProviderService().manageGroupSharing(group.getGroupId(), groups.getUserRoles());
return Response.status(Response.Status.CREATED).entity(group.getGroupId()).build();
} else {
String msg = "Error occurred while retrieving newly created group.";
log.error(msg);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
}
} catch (GroupManagementException e) {
String msg = "Error occurred while adding " + groups.getName() + " group";
log.error(msg, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
} catch (GroupAlreadyExistException e) {
String msg = "Group already exists with name : " + groups.getName() + " Try with another group name.";
log.error(msg, e);
return Response.status(Response.Status.CONFLICT).entity(msg).build();
} catch (RoleDoesNotExistException e) {
return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build();
}
}
}

@ -17,6 +17,14 @@
*/
package io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl;
import com.google.common.base.Strings;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
import org.apache.axis2.databinding.types.xsd._boolean;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.ErrorResponse;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.RoleInfo;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.RoleList;
@ -28,6 +36,7 @@ import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.DeviceMgtAPIUtils;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.SetReferenceTransformer;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.util.StringUtils;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.context.CarbonContext;
@ -50,6 +59,12 @@ import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.util.*;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import static io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.Constants.PRIMARY_USER_STORE;
@ -97,6 +112,96 @@ public class RoleManagementServiceImpl implements RoleManagementService {
}
}
@GET
@Path("/visible/{metaKey}")
@Override
public Response getVisibleRole(
@QueryParam("filter") String filter,
@QueryParam("user-store") String userStore,
@HeaderParam("If-Modified-Since") String ifModifiedSince,
@QueryParam("offset") int offset,
@QueryParam("limit") int limit,
@QueryParam("username") String username,
@QueryParam("domain") String domain,
@PathParam("metaKey") String metaKey) {
RequestValidationUtil.validatePaginationParameters(offset, limit);
if (limit == 0){
limit = Constants.DEFAULT_PAGE_LIMIT;
}
if (!Strings.isNullOrEmpty(domain)) {
username = domain + '/' + username;
}
Metadata metadata;
List<String> visibleRoles;
RoleList visibleRoleList = new RoleList();
try {
metadata = DeviceMgtAPIUtils.getMetadataManagementService().retrieveMetadata(metaKey);
String metaValue = metadata.getMetaValue();
JSONParser parser = new JSONParser();
JSONObject jsonObject = (JSONObject) parser.parse(metaValue);
boolean decision = (boolean) jsonObject.get(Constants.IS_USER_ABLE_TO_VIEW_ALL_ROLES);
if (decision) {
if (Strings.isNullOrEmpty(userStore)){
userStore = PRIMARY_USER_STORE;
}
try {
visibleRoles = getRolesFromUserStore(filter, userStore);
visibleRoleList.setList(visibleRoles);
visibleRoles = FilteringUtil.getFilteredList(getRolesFromUserStore(filter, userStore), offset, limit);
visibleRoleList.setList(visibleRoles);
return Response.status(Response.Status.OK).entity(visibleRoleList).build();
} catch (UserStoreException e) {
String msg = "Error occurred while retrieving roles from the underlying user stores";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
} else {
try {
UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
if (!userStoreManager.isExistingUser(username)) {
if (log.isDebugEnabled()) {
log.debug("User by username: " + username + " does not exist for role retrieval.");
}
String msg = "User by username: " + username + " does not exist for role retrieval.";
return Response.status(Response.Status.NOT_FOUND).entity(msg).build();
}
visibleRoleList.setList(getFilteredVisibleRoles(userStoreManager, username));
return Response.status(Response.Status.OK).entity(visibleRoleList).build();
} catch (UserStoreException e) {
String msg = "Error occurred while trying to retrieve roles of the user '" + username + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}
} catch (MetadataManagementException e) {
String msg = "Error occurred while getting the metadata entry for metaKey:" + metaKey;
log.error(msg, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
} catch (ParseException e) {
String msg = "Error occurred while parsing JSON metadata: " + e.getMessage();
log.error(msg, e);
return Response.status(Response.Status.BAD_REQUEST).entity(msg).build();
}
}
private List<String> getFilteredVisibleRoles(UserStoreManager userStoreManager, String username)
throws UserStoreException {
String[] roleListOfUser;
roleListOfUser = userStoreManager.getRoleListOfUser(username);
List<String> filteredRoles = new ArrayList<>();
for (String role : roleListOfUser) {
if (!(role.startsWith("Internal/") || role.startsWith("Authentication/"))) {
filteredRoles.add(role);
}
}
return filteredRoles;
}
@GET
@Path("/filter/{prefix}")
@Override
@ -542,6 +647,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
@Consumes(MediaType.WILDCARD)
@Override
public Response deleteRole(@PathParam("roleName") String roleName, @QueryParam("user-store") String userStoreName) {
String roleToDelete = roleName;
if (userStoreName != null && !userStoreName.isEmpty()) {
roleName = userStoreName + "/" + roleName;
}
@ -549,6 +655,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
try {
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
final UserStoreManager userStoreManager = userRealm.getUserStoreManager();
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
if (!userStoreManager.isExistingRole(roleName)) {
String msg = "No role exists with the name : " + roleName ;
return Response.status(404).entity(msg).build();
@ -558,16 +665,18 @@ public class RoleManagementServiceImpl implements RoleManagementService {
if (log.isDebugEnabled()) {
log.debug("Deleting the role in user store");
}
userStoreManager.deleteRole(roleName);
// Delete all authorizations for the current role before deleting
authorizationManager.clearRoleAuthorization(roleName);
DeviceMgtAPIUtils.getGroupManagementProviderService().deleteRoleAndRoleGroupMapping(roleName, roleToDelete, tenantId, userStoreManager, authorizationManager);
return Response.status(Response.Status.OK).build();
} catch (UserStoreException e) {
String msg = "Error occurred while deleting the role '" + roleName + "'";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} catch (GroupManagementException e) {
String msg = "Error occurred while deleting group-role mapping records";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}
@ -597,7 +706,7 @@ public class RoleManagementServiceImpl implements RoleManagementService {
userStoreManager.updateUserListOfRole(roleName, usersToDelete, usersToAdd);
return Response.status(Response.Status.OK).entity("Role '" + roleName + "' has " +
"successfully been updated with the user list")
"successfully been updated with the user list")
.build();
} catch (UserStoreException e) {
String msg = "Error occurred while updating the users of the role '" + roleName + "'";

@ -424,6 +424,9 @@ public class UserManagementServiceImpl implements UserManagementService {
userList = new ArrayList<>(users.size());
BasicUserInfo user;
for (String username : users) {
if (Constants.APIM_RESERVED_USER.equals(username) || Constants.RESERVED_USER.equals(username)) {
continue;
}
user = getBasicUserInfo(username);
userList.add(user);
}
@ -484,6 +487,10 @@ public class UserManagementServiceImpl implements UserManagementService {
if (StringUtils.isNotEmpty(username)) {
commonUsers = getUserList(null, username);
}
if (commonUsers != null) {
commonUsers.remove(Constants.APIM_RESERVED_USER);
commonUsers.remove(Constants.RESERVED_USER);
}
if (!skipSearch(commonUsers) && StringUtils.isNotEmpty(firstName)) {
tempList = getUserList(Constants.USER_CLAIM_FIRST_NAME, firstName);
@ -658,6 +665,9 @@ public class UserManagementServiceImpl implements UserManagementService {
userList = new ArrayList<>();
UserInfo user;
for (String username : users) {
if (Constants.APIM_RESERVED_USER.equals(username) || Constants.RESERVED_USER.equals(username)) {
continue;
}
user = new UserInfo();
user.setUsername(username);
user.setEmailAddress(getClaimValue(username, Constants.USER_CLAIM_EMAIL_ADDRESS));

@ -29,13 +29,34 @@ import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupAlreadyExistEx
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroup;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupConstants;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupAlreadyExistException;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.RoleDoesNotExistException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import io.entgra.device.mgt.core.device.mgt.common.GroupPaginationRequest;
import io.entgra.device.mgt.core.device.mgt.common.PaginationResult;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.beans.DeviceGroupList;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.api.admin.GroupManagementAdminService;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.service.impl.util.RequestValidationUtil;
import io.entgra.device.mgt.core.device.mgt.api.jaxrs.util.DeviceMgtAPIUtils;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.apache.commons.lang.StringUtils;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.Arrays;
public class GroupManagementAdminServiceImpl implements GroupManagementAdminService {
@ -90,13 +111,25 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ
@DefaultValue("5") @QueryParam("limit") int limit) {
try {
RequestValidationUtil.validatePaginationParameters(offset, limit);
String currentUser = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
GroupPaginationRequest request = new GroupPaginationRequest(offset, limit);
request.setGroupName(name);
request.setOwner(owner);
request.setStatus(status);
request.setDepth(depth);
PaginationResult deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
.getGroupsWithHierarchy(null, request, requireGroupProps);
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
UserRealm realmService = DeviceMgtAPIUtils.getRealmService().getTenantUserRealm(tenantId);
String[] roles = realmService.getUserStoreManager().getRoleListOfUser(currentUser);
boolean isAdmin = DEFAULT_ADMIN_ROLE.equals(currentUser);
boolean hasAdminRole = Arrays.asList(roles).contains(DEFAULT_ADMIN_ROLE);
PaginationResult deviceGroupsResult;
if (StringUtils.isBlank(currentUser) || isAdmin || hasAdminRole) {
deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
.getGroupsWithHierarchy(null, request, requireGroupProps);
} else {
deviceGroupsResult = DeviceMgtAPIUtils.getGroupManagementProviderService()
.getGroupsWithHierarchy(currentUser, request, requireGroupProps);
}
DeviceGroupList deviceGroupList = new DeviceGroupList();
deviceGroupList.setList(deviceGroupsResult.getData());
deviceGroupList.setCount(deviceGroupsResult.getRecordsTotal());
@ -105,6 +138,10 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ
String error = "Error occurred while retrieving groups with hierarchy.";
log.error(error, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(error).build();
} catch (UserStoreException e) {
String msg = "Error occurred while getting user realm.";
log.error(msg, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
}
}
@ -144,4 +181,30 @@ public class GroupManagementAdminServiceImpl implements GroupManagementAdminServ
return Response.status(Response.Status.CONFLICT).entity(msg).build();
}
}
@POST
@Path("/roles/share")
@Override
public Response createGroupWithRoles(DeviceGroupRoleWrapper group) {
if (group == null) {
return Response.status(Response.Status.BAD_REQUEST).build();
}
group.setOwner(PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername());
group.setStatus(DeviceGroupConstants.GroupStatus.ACTIVE);
try {
DeviceMgtAPIUtils.getGroupManagementProviderService().createGroupWithRoles(group, DEFAULT_ADMIN_ROLE, DEFAULT_ADMIN_PERMISSIONS);
DeviceMgtAPIUtils.getGroupManagementProviderService().manageGroupSharing(group.getGroupId(), group.getUserRoles());
return Response.status(Response.Status.CREATED).build();
} catch (GroupManagementException e) {
String msg = "Error occurred while adding " + group.getName() + " group";
log.error(msg, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
} catch (GroupAlreadyExistException e) {
String msg = "Group already exists with name : " + group.getName() + " Try with another group name.";
log.error(msg, e);
return Response.status(Response.Status.CONFLICT).entity(msg).build();
} catch (RoleDoesNotExistException e) {
return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build();
}
}
}

@ -30,13 +30,16 @@ public class Constants {
public static final String USER_CLAIM_MODIFIED = "http://wso2.org/claims/modified";
public static final String USER_CLAIM_DEVICES = "http://wso2.org/claims/devices";
public static final String PRIMARY_USER_STORE = "PRIMARY";
public static final String DEFAULT_STREAM_VERSION = "1.0.0";
public static final String APIM_RESERVED_USER = "apim_reserved_user";
public static final String RESERVED_USER = "reserved_user";
public static final String DEFAULT_STREAM_VERSION = "1.0.0";
public static final String SCOPE = "scope";
public static final String JDBC_USERSTOREMANAGER = "org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager";
public static final String DEFAULT_SIMPLE_DATE_FORMAT = "EEE, d MMM yyyy HH:mm:ss Z";
public static final int DEFAULT_PAGE_LIMIT = 50;
public static final String FORWARD_SLASH = "/";
public static final String ANDROID = "android";
public static final String IS_USER_ABLE_TO_VIEW_ALL_ROLES = "isUserAbleToViewAllRoles";
public static final String ANDROID_POLICY_VALIDATOR = "io.entgra.proprietary.uem.platform.android." +
"core.polcy.AndroidPolicyPayloadValidator";
public static final String IOS = "ios";

@ -19,6 +19,7 @@
package io.entgra.device.mgt.core.device.mgt.api.jaxrs.util;
import io.entgra.device.mgt.core.apimgt.application.extension.APIManagementProviderService;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.ConsumerRESTAPIServices;
import io.entgra.device.mgt.core.application.mgt.common.services.ApplicationManager;
import io.entgra.device.mgt.core.application.mgt.common.services.SubscriptionManager;
@ -157,6 +158,7 @@ public class DeviceMgtAPIUtils {
private static volatile SubscriptionManager subscriptionManager;
private static volatile ApplicationManager applicationManager;
private static volatile ConsumerRESTAPIServices consumerRESTAPIServices;
private static volatile APIApplicationServices apiApplicationServices;
private static volatile APIManagementProviderService apiManagementProviderService;
static {
@ -410,6 +412,25 @@ public class DeviceMgtAPIUtils {
return consumerRESTAPIServices;
}
/**
* Initializing and accessing method for APIM API application REST API.
*
* @return APIApplicationServices instance
* @throws IllegalStateException if APIApplicationServices cannot be initialized
*/
public static synchronized APIApplicationServices getApiApplicationServices() {
if (apiApplicationServices == null) {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
apiApplicationServices = (APIApplicationServices) ctx.getOSGiService(APIApplicationServices.class, null);
if (apiApplicationServices == null) {
String msg = "API application service has not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
}
return apiApplicationServices;
}
/**
* Initializing and accessing method for API management Provider Service.
*

@ -21,7 +21,7 @@
<parent>
<artifactId>device-mgt</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -134,6 +134,8 @@ public final class DeviceManagementConstants {
public static final String LAST_NAME = "last-name";
public static final String TENANT_ADMIN_USERNAME = "tenant-admin-username";
public static final String TENANT_ADMIN_PASSWORD = "tenant-admin-password";
public static final int OTP_DEFAULT_EXPIRY_SECONDS = 3600;
}
public static final class EventServices {

@ -18,10 +18,22 @@
package io.entgra.device.mgt.core.device.mgt.common.general;
import java.util.Map;
public class QREnrollmentDetails {
String ownershipType;
String username;
String enrollmentMode;
Map<String, String> customValues;
public Map<String, String> getCustomValues() {
return customValues;
}
public void setCustomValues(Map<String, String> customValues) {
this.customValues = customValues;
}
int tokenExpiry;
public String getOwnershipType() { return ownershipType; }
@ -34,4 +46,12 @@ public class QREnrollmentDetails {
public String getEnrollmentMode() { return enrollmentMode; }
public void setEnrollmentMode(String enrollmentMode) { this.enrollmentMode = enrollmentMode; }
public int getTokenExpiry() {
return tokenExpiry;
}
public void setTokenExpiry(int tokenExpiry) {
this.tokenExpiry = tokenExpiry;
}
}

@ -0,0 +1,151 @@
/*
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package io.entgra.device.mgt.core.device.mgt.common.group.mgt;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import io.swagger.annotations.ApiParam;
import java.io.Serializable;
import java.util.List;
import java.util.Map;
/**
* Holds Device Group details and expose to external access
*/
@ApiModel(value = "DeviceGroupRoleWrapper", description = "This class carries all information related to a managed device group.")
public class DeviceGroupRoleWrapper implements Serializable {
private static final long serialVersionUID = 1998121711L;
@ApiModelProperty(name = "id", value = "ID of the device group in the device group information database.")
private int id;
@ApiModelProperty(name = "description", value = "The device group description that can be set on the device group by the user.", required = true)
private String description;
@ApiModelProperty(name = "name", value = "The device group name that can be set on the device group by the user.", required = true)
private String name;
private String owner;
@ApiModelProperty(name = "status", value = "The status of group that needs updating/retrieval.")
private String status;
@ApiModelProperty(name = "parentGroupId", value = "Group ID of parent group")
private int parentGroupId;
@ApiModelProperty(name = "parentPath", value = "Path of parent group")
private String parentPath;
@ApiModelProperty(name = "childrenGroups", value = "Children groups")
private List<DeviceGroup> childrenGroups;
@ApiModelProperty(name = "userRoles", value = "User roles")
private List<String> userRoles;
public DeviceGroupRoleWrapper() {
}
public DeviceGroupRoleWrapper(String name) {
this.name = name;
}
public String getStatus() {
return status;
}
public void setStatus(String status) {
this.status = status;
}
private Map<String, String> groupProperties;
public int getGroupId() {
return id;
}
public void setGroupId(int id) {
this.id = id;
}
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getOwner() {
return owner;
}
public void setOwner(String owner) {
this.owner = owner;
}
public Map<String, String> getGroupProperties() {
return groupProperties;
}
public void setGroupProperties(Map<String, String> groupProperties) {
this.groupProperties = groupProperties;
}
public int getParentGroupId() {
return parentGroupId;
}
public void setParentGroupId(int parentGroupId) {
this.parentGroupId = parentGroupId;
}
public String getParentPath() {
return parentPath;
}
public void setParentPath(String parentPath) {
this.parentPath = parentPath;
}
public List<DeviceGroup> getChildrenGroups() {
return childrenGroups;
}
public void setChildrenGroups(List<DeviceGroup> childrenGroups) {
this.childrenGroups = childrenGroups;
}
public List<String> getUserRoles() {
return userRoles;
}
public void setUserRoles(List<String> userRoles) {
this.userRoles = userRoles;
}
}

@ -19,5 +19,5 @@
package io.entgra.device.mgt.core.device.mgt.common.otp.mgt;
public enum OTPEmailTypes {
USER_VERIFY, DEVICE_ENROLLMENT
USER_VERIFY, DEVICE_ENROLLMENT, USER_INVITE, REMOTE_SESSION
}

@ -35,7 +35,8 @@ public interface OTPManagementService {
* @throws OTPManagementException if error occurred whle verifying validity of the OPT
* @throws BadRequestException if found an null value for OTP
*/
OneTimePinDTO isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException;
OneTimePinDTO isValidOTP(String oneTimeToken, boolean requireRenewal) throws
OTPManagementException, BadRequestException;
/**
* Invalidate the OTP and send welcome mail
@ -59,8 +60,7 @@ public interface OTPManagementService {
boolean hasEmailRegistered(String email, String emailDomain) throws OTPManagementException,
DeviceManagementException;
OneTimePinDTO generateOneTimePin(String email, String emailType, String userName, Object metaDataObj,
int tenantId, boolean persistPin) throws OTPManagementException;
OneTimePinDTO generateOneTimePin(OneTimePinDTO oneTimePinData, boolean persistPin) throws OTPManagementException;
OneTimePinDTO getRenewedOtpByEmailAndMailType(String email, String emailType) throws OTPManagementException;

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@ -76,12 +76,20 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<systemPropertyVariables>
<log4j.configuration>file:src/test/resources/log4j.properties</log4j.configuration>
</systemPropertyVariables>
<argLine>
--add-opens=java.xml/jdk.xml.internal=ALL-UNNAMED
--add-opens=java.base/jdk.internal.loader=ALL-UNNAMED
</argLine>
<suiteXmlFiles>
<suiteXmlFile>src/test/resources/testng.xml</suiteXmlFile>
</suiteXmlFiles>
<systemPropertyVariables>
<jacoco-agent.destfile>${basedir}/target/coverage-reports/jacoco-unit.exec</jacoco-agent.destfile>
<log4j.configuration>file:src/test/resources/log4j.properties</log4j.configuration>
</systemPropertyVariables>
<classpathDependencyExcludes>
<classpathDependencyExclude>org.ops4j.pax.logging</classpathDependencyExclude>
</classpathDependencyExcludes>
</configuration>
</plugin>
</plugins>
@ -255,7 +263,7 @@
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-api-mockito</artifactId>
<artifactId>powermock-api-mockito2</artifactId>
<scope>test</scope>
</dependency>
<dependency>

@ -139,7 +139,12 @@ public interface DeviceManagementConfigService {
value = "The properties list using for query a device",
required = true)
@QueryParam("properties")
String properties);
String properties,
@ApiParam(
name = "withAccessToken",
value = "Whether to use access token or otp token for device configuration")
@QueryParam("withAccessToken")
boolean withAccessToken);
@PUT
@Path("/device/transfer")

@ -21,6 +21,10 @@ import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.OTPManagementException;
import io.entgra.device.mgt.core.device.mgt.common.otp.mgt.OTPEmailTypes;
import io.entgra.device.mgt.core.device.mgt.common.otp.mgt.dto.OneTimePinDTO;
import io.entgra.device.mgt.core.device.mgt.common.spi.OTPManagementService;
import io.entgra.device.mgt.core.device.mgt.common.AppRegistrationCredentials;
import io.entgra.device.mgt.core.device.mgt.common.ApplicationRegistrationException;
import io.entgra.device.mgt.core.device.mgt.common.DeviceTransferRequest;
@ -48,6 +52,30 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.AppRegistrationCredentials;
import org.wso2.carbon.device.mgt.common.ApplicationRegistrationException;
import org.wso2.carbon.device.mgt.common.DeviceTransferRequest;
import org.wso2.carbon.device.mgt.common.configuration.mgt.AmbiguousConfigurationException;
import org.wso2.carbon.device.mgt.common.configuration.mgt.DeviceConfiguration;
import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException;
import org.wso2.carbon.device.mgt.common.exceptions.DeviceNotFoundException;
import org.wso2.carbon.device.mgt.common.exceptions.OTPManagementException;
import org.wso2.carbon.device.mgt.common.general.TenantDetail;
import org.wso2.carbon.device.mgt.common.otp.mgt.OTPEmailTypes;
import org.wso2.carbon.device.mgt.common.otp.mgt.dto.OneTimePinDTO;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
import org.wso2.carbon.device.mgt.core.DeviceManagementConstants;
import org.wso2.carbon.device.mgt.core.config.DeviceConfigurationManager;
import org.wso2.carbon.device.mgt.core.config.DeviceManagementConfig;
import org.wso2.carbon.device.mgt.core.config.keymanager.KeyManagerConfigurations;
import org.wso2.carbon.device.mgt.core.config.ui.UIConfiguration;
import org.wso2.carbon.device.mgt.core.config.ui.UIConfigurationManager;
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.device.mgt.core.util.DeviceManagerUtil;
import org.wso2.carbon.identity.jwt.client.extension.dto.AccessTokenInfo;
import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException;
import org.wso2.carbon.user.api.Tenant;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
@ -70,7 +98,8 @@ public class DeviceManagementConfigServiceImpl implements DeviceManagementConfig
@Path("/configurations")
@Produces(MediaType.APPLICATION_JSON)
public Response getConfiguration(@HeaderParam("token") String token,
@QueryParam("properties") String properties) {
@QueryParam("properties") String properties,
@QueryParam("withAccessToken") boolean withAccessToken) {
DeviceManagementProviderService dms = DeviceMgtAPIUtils.getDeviceManagementService();
try {
if (token == null || token.isEmpty()) {
@ -95,7 +124,8 @@ public class DeviceManagementConfigServiceImpl implements DeviceManagementConfig
deviceProps.put("token", token);
DeviceConfiguration devicesConfiguration =
dms.getDeviceConfiguration(deviceProps);
setAccessTokenToDeviceConfigurations(devicesConfiguration);
if (withAccessToken) setAccessTokenToDeviceConfigurations(devicesConfiguration);
else setOTPTokenToDeviceConfigurations(devicesConfiguration);
return Response.status(Response.Status.OK).entity(devicesConfiguration).build();
} catch (DeviceManagementException e) {
String msg = "Error occurred while retrieving configurations";
@ -207,6 +237,33 @@ public class DeviceManagementConfigServiceImpl implements DeviceManagementConfig
}
}
private void setOTPTokenToDeviceConfigurations(DeviceConfiguration deviceConfiguration)
throws DeviceManagementException {
OneTimePinDTO oneTimePinData = new OneTimePinDTO();
oneTimePinData.setEmail(OTPEmailTypes.DEVICE_ENROLLMENT.toString());
oneTimePinData.setEmailType(OTPEmailTypes.DEVICE_ENROLLMENT.toString());
oneTimePinData.setUsername(deviceConfiguration.getDeviceOwner());
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
deviceConfiguration.getTenantDomain(), true);
oneTimePinData.setTenantId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
PrivilegedCarbonContext.endTenantFlow();
OTPManagementService otpManagementService = DeviceMgtAPIUtils.getOtpManagementService();
try {
OneTimePinDTO oneTimePinDTO = otpManagementService.generateOneTimePin(oneTimePinData, true);
if (oneTimePinDTO == null) {
String msg = "Null value returned when generating OTP token for " + oneTimePinData.getOtpToken();
log.error(msg);
throw new DeviceManagementException(msg);
}
deviceConfiguration.setAccessToken(oneTimePinDTO.getOtpToken());
} catch (OTPManagementException ex) {
String msg = "Error occurred while generating one time pin: " + ex.getMessage();
log.error(msg, ex);
throw new DeviceManagementException(msg, ex);
}
}
@Override
@Path("/tenants")
@GET

@ -22,6 +22,8 @@ import io.entgra.device.mgt.core.device.mgt.core.service.DeviceManagementProvide
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.user.core.service.RealmService;
/**
@ -34,6 +36,8 @@ public class DeviceMgtAPIUtils {
private static DeviceManagementProviderService deviceManagementProviderService = null;
private static RealmService realmService = null;
private static OTPManagementService otpManagementService = null;
public static DeviceManagementProviderService getDeviceManagementService() {
if (deviceManagementProviderService == null) {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
@ -48,6 +52,19 @@ public class DeviceMgtAPIUtils {
return deviceManagementProviderService;
}
public static OTPManagementService getOtpManagementService() {
if (otpManagementService == null) {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
otpManagementService = (OTPManagementService) ctx.getOSGiService(OTPManagementService.class, null);
if (otpManagementService == null) {
String msg = "OTP Management Service has not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
}
return otpManagementService;
}
public static RealmService getRealmService() {
if (realmService == null) {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();

@ -22,7 +22,7 @@
<parent>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>device-mgt</artifactId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@ -473,7 +473,7 @@
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-api-mockito</artifactId>
<artifactId>powermock-api-mockito2</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.multitenancy</groupId>

@ -22,6 +22,7 @@ import io.entgra.device.mgt.core.device.mgt.common.Device;
import io.entgra.device.mgt.core.device.mgt.common.GroupPaginationRequest;
import io.entgra.device.mgt.core.device.mgt.common.PaginationRequest;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroup;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
import java.util.List;
import java.util.Map;
@ -40,6 +41,18 @@ public interface GroupDAO {
*/
int addGroup(DeviceGroup deviceGroup, int tenantId) throws GroupManagementDAOException;
/**
* Add properties for device group.
* Note that groupId parameter is considered seperately due to the groupId parameter passed with
* device group Payload is ignored in the add/update logic instead the internal groupId reference is used.
*
* @param groups to be added.
* @param tenantId of the group.
* @return sql execution result.
* @throws GroupManagementDAOException
*/
int addGroupWithRoles(DeviceGroupRoleWrapper groups, int tenantId) throws GroupManagementDAOException;
/**
* Add properties for device group.
* Note that groupId parameter is considered seperately due to the groupId parameter passed with
@ -52,6 +65,18 @@ public interface GroupDAO {
*/
boolean addGroupProperties(DeviceGroup deviceGroup, int groupId, int tenantId) throws GroupManagementDAOException;
/**
* Update properties for device group.
* Note that groupId parameter is considered seperately due to the groupId parameter passed with
* device group Payload is ignored in the add/update logic instead the internal groupId reference is used.
*
* @param groups to be updated.
* @param tenantId of the group.
* @return sql execution result.
* @throws GroupManagementDAOException
*/
boolean addGroupPropertiesWithRoles(DeviceGroupRoleWrapper groups, int groupId, int tenantId) throws GroupManagementDAOException;
/**
* Update properties for device group.
* Note that groupId parameter is considered seperately due to the groupId parameter passed with
@ -130,6 +155,15 @@ public interface GroupDAO {
*/
void deleteGroupsMapping(List<Integer> groupIds, int tenantId) throws GroupManagementDAOException;
/**
* Delete mappings of Device Groups.
*
* @param role of Device Groups.
* @param tenantId of the role.
* @throws GroupManagementDAOException on error during deletion of mappings of groups
*/
void deleteGroupsMapping(String role, int tenantId) throws GroupManagementDAOException;
/**
* Delete existing Device Groups.
*
@ -186,6 +220,19 @@ public interface GroupDAO {
*/
List<DeviceGroup> getGroups(GroupPaginationRequest paginationRequest, int tenantId) throws GroupManagementDAOException;
/**
* Get paginated list of Device Groups in tenant with specified device group ids.
*
* @param paginationRequest to filter results.
* @param deviceGroupIds of groups required.
* @param tenantId of user's tenant.
* @param isWithParentPath of user's ParentPath.
* @return List of all Device Groups in tenant.
* @throws GroupManagementDAOException
*/
List<DeviceGroup> getGroups(GroupPaginationRequest paginationRequest, List<Integer> deviceGroupIds,
int tenantId, boolean isWithParentPath) throws GroupManagementDAOException;
/**
* Get paginated list of Device Groups in tenant with specified device group ids.
*
@ -412,4 +459,4 @@ public interface GroupDAO {
List<String> groupNames)
throws GroupManagementDAOException;
}
}

@ -18,6 +18,7 @@
package io.entgra.device.mgt.core.device.mgt.core.dao.impl;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
import io.entgra.device.mgt.core.device.mgt.common.Device;
import io.entgra.device.mgt.core.device.mgt.common.GroupPaginationRequest;
import io.entgra.device.mgt.core.device.mgt.common.PaginationRequest;
@ -49,7 +50,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
throws GroupManagementDAOException {
try {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH FROM DM_GROUP "
String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP "
+ "WHERE TENANT_ID = ?";
if (StringUtils.isNotBlank(request.getGroupName())) {
sql += " AND GROUP_NAME LIKE ?";
@ -103,7 +104,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
@Override
public List<DeviceGroup> getGroups(GroupPaginationRequest request, List<Integer> deviceGroupIds,
int tenantId) throws GroupManagementDAOException {
int tenantId) throws GroupManagementDAOException {
int deviceGroupIdsCount = deviceGroupIds.size();
if (deviceGroupIdsCount == 0) {
return new ArrayList<>();
@ -111,7 +112,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
try {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH FROM DM_GROUP WHERE TENANT_ID = ?";
String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP WHERE TENANT_ID = ?";
if (StringUtils.isNotBlank(request.getGroupName())) {
sql += " AND GROUP_NAME LIKE ?";
}
@ -164,6 +165,73 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
throw new GroupManagementDAOException(msg, e);
}
}
@Override
public List<DeviceGroup> getGroups(GroupPaginationRequest request, List<Integer> deviceGroupIds,
int tenantId, boolean isWithParentPath) throws GroupManagementDAOException {
int deviceGroupIdsCount = deviceGroupIds.size();
if (deviceGroupIdsCount == 0) {
return new ArrayList<>();
}
try {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP WHERE TENANT_ID = ?";
if (StringUtils.isNotBlank(request.getGroupName())) {
sql += " AND GROUP_NAME LIKE ?";
}
if (StringUtils.isNotBlank(request.getOwner())) {
sql += " AND OWNER LIKE ?";
}
if (StringUtils.isNotBlank(request.getParentPath())) {
if(isWithParentPath){
sql += " AND PARENT_PATH LIKE ?";
}
}
sql += " AND ID IN (";
for (int i = 0; i < deviceGroupIdsCount; i++) {
sql += (deviceGroupIdsCount - 1 != i) ? "?," : "?";
}
sql += ")";
if (request.getRowCount() != 0) {
sql += " LIMIT ? OFFSET ?";
}
try (PreparedStatement stmt = conn.prepareStatement(sql)) {
int paramIndex = 1;
stmt.setInt(paramIndex++, tenantId);
if (StringUtils.isNotBlank(request.getGroupName())) {
stmt.setString(paramIndex++, request.getGroupName() + "%");
}
if (StringUtils.isNotBlank(request.getOwner())) {
stmt.setString(paramIndex++, request.getOwner() + "%");
}
if (StringUtils.isNotBlank(request.getParentPath())) {
if(isWithParentPath){
stmt.setString(paramIndex++, request.getParentPath());
}
}
for (Integer deviceGroupId : deviceGroupIds) {
stmt.setInt(paramIndex++, deviceGroupId);
}
if (request.getRowCount() != 0) {
stmt.setInt(paramIndex++, request.getRowCount());
stmt.setInt(paramIndex, request.getStartIndex());
}
List<DeviceGroup> deviceGroupList = new ArrayList<>();
try (ResultSet resultSet = stmt.executeQuery()) {
while (resultSet.next()) {
deviceGroupList.add(GroupManagementDAOUtil.loadGroup(resultSet));
}
}
return deviceGroupList;
}
} catch (SQLException e) {
String msg = "Error occurred while retrieving groups of groups IDs " + deviceGroupIds.toString()
+ " in tenant: " + tenantId;
log.error(msg);
throw new GroupManagementDAOException(msg, e);
}
}
@Override
public int addGroup(DeviceGroup deviceGroup, int tenantId) throws GroupManagementDAOException {
@ -175,11 +243,11 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql;
if (deviceGroup.getStatus() == null || deviceGroup.getStatus().isEmpty()) {
sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH) "
+ "VALUES (?, ?, ?, ?, ?)";
} else {
sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH, STATUS) "
sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH, PARENT_GROUP_ID) "
+ "VALUES (?, ?, ?, ?, ?, ?)";
} else {
sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH, PARENT_GROUP_ID, STATUS) "
+ "VALUES (?, ?, ?, ?, ?, ?, ?)";
hasStatus = true;
}
stmt = conn.prepareStatement(sql, new String[]{"ID"});
@ -188,8 +256,9 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
stmt.setString(3, deviceGroup.getOwner());
stmt.setInt(4, tenantId);
stmt.setString(5, deviceGroup.getParentPath());
stmt.setInt(6, deviceGroup.getParentGroupId());
if (hasStatus) {
stmt.setString(6, deviceGroup.getStatus());
stmt.setString(7, deviceGroup.getStatus());
}
stmt.executeUpdate();
@ -206,6 +275,47 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
}
}
@Override
public int addGroupWithRoles(DeviceGroupRoleWrapper groups, int tenantId) throws GroupManagementDAOException {
int groupId = -1;
boolean hasStatus = false;
try {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql;
if (groups.getStatus() == null || groups.getStatus().isEmpty()) {
sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH, PARENT_GROUP_ID) "
+ "VALUES (?, ?, ?, ?, ?, ?)";
} else {
sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH, PARENT_GROUP_ID, STATUS) "
+ "VALUES (?, ?, ?, ?, ?, ?, ?)";
hasStatus = true;
}
try (PreparedStatement stmt = conn.prepareStatement(sql, new String[]{"ID"})) {
stmt.setString(1, groups.getDescription());
stmt.setString(2, groups.getName());
stmt.setString(3, groups.getOwner());
stmt.setInt(4, tenantId);
stmt.setString(5, groups.getParentPath());
stmt.setInt(6, groups.getParentGroupId());
if (hasStatus) {
stmt.setString(7, groups.getStatus());
}
stmt.executeUpdate();
try (ResultSet rs = stmt.getGeneratedKeys();) {
if (rs.next()) {
groupId = rs.getInt(1);
}
return groupId;
}
}
} catch (SQLException e) {
String msg = "Error occurred while adding deviceGroup '" +
groups.getName() + "'";
log.error(msg);
throw new GroupManagementDAOException(msg, e);
}
}
public boolean addGroupProperties(DeviceGroup deviceGroup, int groupId, int tenantId)
throws GroupManagementDAOException {
boolean status;
@ -234,6 +344,33 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
return status;
}
public boolean addGroupPropertiesWithRoles(DeviceGroupRoleWrapper groups, int groupId, int tenantId)
throws GroupManagementDAOException {
boolean status;
try {
Connection conn = GroupManagementDAOFactory.getConnection();
try (PreparedStatement stmt = conn.prepareStatement(
"INSERT INTO GROUP_PROPERTIES(GROUP_ID, PROPERTY_NAME, " +
"PROPERTY_VALUE, TENANT_ID) VALUES (?, ?, ?, ?)")) {
for (Map.Entry<String, String> entry : groups.getGroupProperties().entrySet()) {
stmt.setInt(1, groupId);
stmt.setString(2, entry.getKey());
stmt.setString(3, entry.getValue());
stmt.setInt(4, tenantId);
stmt.addBatch();
}
stmt.executeBatch();
status = true;
}
} catch (SQLException e) {
String msg = "Error occurred while adding properties for group '" +
groups.getName() + "' values : " + groups.getGroupProperties();
log.error(msg);
throw new GroupManagementDAOException(msg, e);
}
return status;
}
public boolean updateGroupProperties(DeviceGroup deviceGroup, int groupId, int tenantId)
throws GroupManagementDAOException {
boolean status;
@ -303,7 +440,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
try {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql = "UPDATE DM_GROUP SET DESCRIPTION = ?, GROUP_NAME = ?, OWNER = ?, STATUS = ?, "
+ "PARENT_PATH = ? WHERE ID = ? AND TENANT_ID = ?";
+ "PARENT_PATH = ?, PARENT_GROUP_ID = ? WHERE ID = ? AND TENANT_ID = ?";
try (PreparedStatement stmt = conn.prepareStatement(sql)){
for (DeviceGroup deviceGroup : deviceGroups) {
stmt.setString(1, deviceGroup.getDescription());
@ -311,8 +448,9 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
stmt.setString(3, deviceGroup.getOwner());
stmt.setString(4, deviceGroup.getStatus());
stmt.setString(5, deviceGroup.getParentPath());
stmt.setInt(6, deviceGroup.getGroupId());
stmt.setInt(7, tenantId);
stmt.setInt(6, deviceGroup.getParentGroupId());
stmt.setInt(7, deviceGroup.getGroupId());
stmt.setInt(8, tenantId);
stmt.addBatch();
}
stmt.executeBatch();
@ -403,6 +541,23 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
}
}
@Override
public void deleteGroupsMapping(String role, int tenantId) throws GroupManagementDAOException {
try {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql = "DELETE FROM DM_ROLE_GROUP_MAP WHERE ROLE = ? AND TENANT_ID = ?";
try (PreparedStatement stmt = conn.prepareStatement(sql)) {
stmt.setString(1, role);
stmt.setInt(2, tenantId);
stmt.executeUpdate();
}
} catch (SQLException e) {
String msg = "Error occurred while removing record from group-role mapping.";
log.error(msg);
throw new GroupManagementDAOException(msg, e);
}
}
@Override
public void deleteGroups(List<Integer> groupIds, int tenantId) throws GroupManagementDAOException {
try {
@ -491,7 +646,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
ResultSet resultSet = null;
try {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH FROM DM_GROUP WHERE ID = ? "
String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP WHERE ID = ? "
+ "AND TENANT_ID = ?";
stmt = conn.prepareStatement(sql);
stmt.setInt(1, groupId);
@ -514,7 +669,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
public List<DeviceGroup> getChildrenGroups(String parentPath, int tenantId) throws GroupManagementDAOException {
try {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH FROM DM_GROUP "
String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP "
+ "WHERE PARENT_PATH LIKE ? AND TENANT_ID = ?";
try (PreparedStatement stmt = conn.prepareStatement(sql)) {
stmt.setString(1, parentPath + "%");
@ -539,7 +694,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
public List<DeviceGroup> getRootGroups(int tenantId) throws GroupManagementDAOException {
try {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH FROM DM_GROUP "
String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP "
+ "WHERE PARENT_PATH LIKE ? AND TENANT_ID = ?";
try (PreparedStatement stmt = conn.prepareStatement(sql)) {
stmt.setString(1, "/");
@ -567,7 +722,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
List<DeviceGroup> deviceGroupBuilders = new ArrayList<>();
try {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql = "SELECT G.ID, G.GROUP_NAME, G.DESCRIPTION, G.OWNER, G.STATUS, G.PARENT_PATH FROM DM_GROUP G " +
String sql = "SELECT G.ID, G.GROUP_NAME, G.DESCRIPTION, G.OWNER, G.STATUS, G.PARENT_PATH, G.PARENT_GROUP_ID FROM DM_GROUP G " +
"INNER JOIN DM_DEVICE_GROUP_MAP GM ON G.ID = GM.GROUP_ID " +
"WHERE GM.DEVICE_ID = ? AND GM.TENANT_ID = ?";
stmt = conn.prepareStatement(sql);
@ -705,7 +860,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
try {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql =
"SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH FROM DM_GROUP "
"SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP "
+ "WHERE LOWER(GROUP_NAME) = LOWER(?) AND TENANT_ID = ?";
stmt = conn.prepareStatement(sql);
stmt.setString(1, groupName);
@ -876,7 +1031,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
List<DeviceGroup> deviceGroupList = null;
try {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH FROM DM_GROUP g, " +
String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID P FROM DM_GROUP g, " +
"(SELECT GROUP_ID FROM DM_ROLE_GROUP_MAP WHERE ROLE IN (";
int index = 0;
@ -990,7 +1145,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
List<DeviceGroup> deviceGroupList = null;
try {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH FROM DM_GROUP "
String sql = "SELECT ID, DESCRIPTION, GROUP_NAME, OWNER, STATUS, PARENT_PATH, PARENT_GROUP_ID FROM DM_GROUP "
+ "WHERE OWNER = ? AND TENANT_ID = ?";
stmt = conn.prepareStatement(sql);
stmt.setString(1, username);
@ -1128,7 +1283,7 @@ public abstract class AbstractGroupDAOImpl implements GroupDAO {
}
@Override
@Override
public List<Device> getAllDevicesOfGroup(String groupName, int tenantId) throws GroupManagementDAOException {
Connection conn;
List<Device> devices;

@ -18,6 +18,9 @@
package io.entgra.device.mgt.core.device.mgt.core.dao.impl.group;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import io.entgra.device.mgt.core.device.mgt.common.Device;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroup;
import io.entgra.device.mgt.core.device.mgt.core.dao.GroupManagementDAOException;
@ -39,6 +42,7 @@ import java.util.List;
*/
public class PostgreSQLGroupDAOImpl extends AbstractGroupDAOImpl {
private static final Log log = LogFactory.getLog(PostgreSQLGroupDAOImpl.class);
@Override
public int addGroup(DeviceGroup deviceGroup, int tenantId) throws GroupManagementDAOException {
PreparedStatement stmt = null;
@ -49,7 +53,7 @@ public class PostgreSQLGroupDAOImpl extends AbstractGroupDAOImpl {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql;
if(StringUtils.isEmpty(deviceGroup.getStatus())) {
sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH) " +
sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH, PARENT_GROUP_ID) " +
"VALUES (?, ?, ?, ?) RETURNING ID";
} else {
sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH, STATUS) " +
@ -79,6 +83,46 @@ public class PostgreSQLGroupDAOImpl extends AbstractGroupDAOImpl {
}
}
@Override
public int addGroupWithRoles(DeviceGroupRoleWrapper groups, int tenantId) throws GroupManagementDAOException {
int groupId = -1;
boolean hasStatus = false;
try {
Connection conn = GroupManagementDAOFactory.getConnection();
String sql;
if (StringUtils.isEmpty(groups.getStatus())) {
sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH) " +
"VALUES (?, ?, ?, ?) RETURNING ID";
} else {
sql = "INSERT INTO DM_GROUP(DESCRIPTION, GROUP_NAME, OWNER, TENANT_ID, PARENT_PATH, STATUS) " +
"VALUES (?, ?, ?, ?, ?) RETURNING ID";
hasStatus = true;
}
try (PreparedStatement stmt = conn.prepareStatement(sql)) {
stmt.setString(1, groups.getDescription());
stmt.setString(2, groups.getName());
stmt.setString(3, groups.getOwner());
stmt.setInt(4, tenantId);
stmt.setString(5, groups.getParentPath());
if (hasStatus) {
stmt.setString(6, groups.getStatus());
}
stmt.execute();
try (ResultSet rs = stmt.getGeneratedKeys()) {
if (rs.next()) {
groupId = rs.getInt(1);
}
return groupId;
}
}
} catch (SQLException e) {
String msg = "Error occurred while adding deviceGroup '" +
groups.getName() + "'";
log.error(msg);
throw new GroupManagementDAOException(msg, e);
}
}
@Override
public List<Device> getDevices(int groupId, int startIndex, int rowCount, int tenantId)
throws GroupManagementDAOException {

@ -87,6 +87,7 @@ public final class GroupManagementDAOUtil {
group.setOwner(resultSet.getString("OWNER"));
group.setStatus(resultSet.getString("STATUS"));
group.setParentPath(resultSet.getString("PARENT_PATH"));
group.setParentGroupId(resultSet.getInt("PARENT_GROUP_ID"));
return group;
}

@ -118,18 +118,18 @@ public class DeviceManagementDataHolder {
public void setRealmService(RealmService realmService) {
this.realmService = realmService;
this.setTenantManager(realmService);
setTenantManager(realmService != null ?
realmService.getTenantManager() : null);
}
public TenantManager getTenantManager() {
return tenantManager;
}
private void setTenantManager(RealmService realmService) {
if (realmService == null) {
throw new IllegalStateException("Realm service is not initialized properly");
if (tenantManager == null) {
throw new IllegalStateException("Tenant manager is not initialized properly");
}
this.tenantManager = realmService.getTenantManager();
return tenantManager; }
private void setTenantManager(TenantManager tenantManager) {
this.tenantManager = tenantManager;
}
public DeviceManagementProviderService getDeviceManagementProvider() {

@ -19,6 +19,23 @@
package io.entgra.device.mgt.core.device.mgt.core.operation.mgt;
import io.entgra.device.mgt.core.device.mgt.common.*;
import com.google.gson.Gson;
import io.entgra.device.mgt.core.device.mgt.extensions.logger.spi.EntgraLogger;
import io.entgra.device.mgt.core.notification.logger.DeviceConnectivityLogContext;
import io.entgra.device.mgt.core.notification.logger.impl.EntgraDeviceConnectivityLoggerImpl;
import io.entgra.device.mgt.core.notification.logger.impl.EntgraPolicyLoggerImpl;
import org.apache.commons.lang.StringUtils;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import io.entgra.device.mgt.core.device.mgt.common.ActivityPaginationRequest;
import io.entgra.device.mgt.core.device.mgt.common.Device;
import io.entgra.device.mgt.core.device.mgt.common.DeviceIdentifier;
import io.entgra.device.mgt.core.device.mgt.common.DynamicTaskContext;
import io.entgra.device.mgt.core.device.mgt.common.EnrolmentInfo;
import io.entgra.device.mgt.core.device.mgt.common.MonitoringOperation;
import io.entgra.device.mgt.core.device.mgt.common.OperationMonitoringTaskConfig;
import io.entgra.device.mgt.core.device.mgt.common.PaginationRequest;
import io.entgra.device.mgt.core.device.mgt.common.PaginationResult;
import io.entgra.device.mgt.core.device.mgt.common.authorization.DeviceAccessAuthorizationException;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceManagementException;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.InvalidDeviceException;
@ -68,7 +85,8 @@ import java.util.concurrent.ThreadPoolExecutor;
*/
public class OperationManagerImpl implements OperationManager {
private static final Log log = LogFactory.getLog(OperationManagerImpl.class);
DeviceConnectivityLogContext.Builder deviceConnectivityLogContextBuilder = new DeviceConnectivityLogContext.Builder();
private static final EntgraLogger log = new EntgraDeviceConnectivityLoggerImpl(OperationManagerImpl.class);
private static final int CACHE_VALIDITY_PERIOD = 5 * 60 * 1000;
private static final String NOTIFIER_TYPE_LOCAL = "LOCAL";
private static final String SYSTEM = "system";
@ -151,6 +169,8 @@ public class OperationManagerImpl implements OperationManager {
}
}
String tenantId = String.valueOf(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
DeviceIDHolder deviceValidationResult = DeviceManagerUtil.validateDeviceIdentifiers(deviceIds);
List<DeviceIdentifier> validDeviceIds = deviceValidationResult.getValidDeviceIDList();
if (!validDeviceIds.isEmpty()) {
@ -227,6 +247,10 @@ public class OperationManagerImpl implements OperationManager {
activity.setActivityStatus(
this.getActivityStatus(deviceValidationResult, deviceAuthorizationResult));
}
for (DeviceIdentifier deviceId : authorizedDeviceIds) {
device = getDevice(deviceId);
log.info("Operation added", deviceConnectivityLogContextBuilder.setDeviceId(String.valueOf(device.getId())).setDeviceType(deviceType).setActionTag("ADD_OPERATION").setTenantDomain(tenantDomain).setTenantId(tenantId).setUserName(initiatedBy).setOperationCode(operationCode).build());
}
return activity;
} catch (OperationManagementDAOException e) {
OperationManagementDAOFactory.rollbackTransaction();
@ -448,6 +472,7 @@ public class OperationManagerImpl implements OperationManager {
int failAttempts = 0;
while (true) {
try {
OperationManagementDAOFactory.beginTransaction();
operationMappingDAO.updateOperationMapping(operation.getId(), device.getEnrolmentInfo().getId(),
io.entgra.device.mgt.core.device.mgt.core.dto.operation.mgt.Operation.PushNotificationStatus.SCHEDULED);
OperationManagementDAOFactory.commitTransaction();
@ -470,6 +495,11 @@ public class OperationManagerImpl implements OperationManager {
} catch (InterruptedException ignore) {
break;
}
} catch (TransactionManagementException ex) {
log.error("Error occurred while initiating the transaction", ex);
break;
} finally {
OperationManagementDAOFactory.closeConnection();
}
}
} catch (Exception e) {
@ -673,7 +703,9 @@ public class OperationManagerImpl implements OperationManager {
if (log.isDebugEnabled()) {
log.debug("Device identifier id:[" + deviceId.getId() + "] type:[" + deviceId.getType() + "]");
}
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
EnrolmentInfo enrolmentInfo = this.getActiveEnrolmentInfo(deviceId);
if (enrolmentInfo == null) {
throw new OperationManagementException("Device not found for the given device Identifier:" +
@ -686,16 +718,25 @@ public class OperationManagerImpl implements OperationManager {
case INACTIVE:
case UNREACHABLE:
this.setEnrolmentStatus(enrolmentId, EnrolmentInfo.Status.ACTIVE);
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
DeviceCacheManagerImpl.getInstance().removeDeviceFromCache(deviceId, tenantId);
break;
}
log.info("Device Connected", deviceConnectivityLogContextBuilder
.setDeviceId(deviceId.getId())
.setDeviceType(deviceId.getType())
.setActionTag("PENDING_OPERATION")
.setTenantDomain(tenantDomain)
.setTenantId(String.valueOf(tenantId))
.setUserName(userName)
.build());
return getOperations(deviceId, Operation.Status.PENDING, enrolmentId);
}
@Override
public List<? extends Operation> getPendingOperations(Device device) throws OperationManagementException {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
EnrolmentInfo enrolmentInfo = device.getEnrolmentInfo();
if (enrolmentInfo == null) {
throw new OperationManagementException("Device not found for the given device Identifier:" +
@ -713,10 +754,10 @@ public class OperationManagerImpl implements OperationManager {
this.setEnrolmentStatus(enrolmentId, EnrolmentInfo.Status.ACTIVE);
enrolmentInfo.setStatus(EnrolmentInfo.Status.ACTIVE);
device.setEnrolmentInfo(enrolmentInfo);
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
DeviceCacheManagerImpl.getInstance().addDeviceToCache(deviceIdentifier, device, tenantId);
break;
}
log.info("Device Connected", deviceConnectivityLogContextBuilder.setDeviceId(device.getDeviceIdentifier()).setDeviceType(device.getType()).setActionTag("PENDING_OPERATION").setTenantDomain(tenantDomain).setTenantId(String.valueOf(tenantId)).setUserName(userName).build());
return getOperations(deviceIdentifier, Operation.Status.PENDING, enrolmentId);
}

@ -18,6 +18,7 @@
package io.entgra.device.mgt.core.device.mgt.core.otp.mgt.dao.impl;
import io.entgra.device.mgt.core.device.mgt.common.DeviceManagementConstants;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.DBConnectionException;
import io.entgra.device.mgt.core.device.mgt.common.otp.mgt.dto.OneTimePinDTO;
import io.entgra.device.mgt.core.device.mgt.core.otp.mgt.dao.AbstractDAOImpl;
@ -25,7 +26,12 @@ import io.entgra.device.mgt.core.device.mgt.core.otp.mgt.dao.OTPManagementDAO;
import io.entgra.device.mgt.core.device.mgt.core.otp.mgt.exception.OTPManagementDAOException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.device.mgt.common.DeviceManagementConstants;
import org.wso2.carbon.device.mgt.common.exceptions.DBConnectionException;
import org.wso2.carbon.device.mgt.common.otp.mgt.dto.OneTimePinDTO;
import org.wso2.carbon.device.mgt.core.otp.mgt.dao.AbstractDAOImpl;
import org.wso2.carbon.device.mgt.core.otp.mgt.dao.OTPManagementDAO;
import org.wso2.carbon.device.mgt.core.otp.mgt.exception.OTPManagementDAOException;
import java.sql.*;
import java.util.Calendar;
import java.util.List;
@ -51,7 +57,8 @@ public class GenericOTPManagementDAOImpl extends AbstractDAOImpl implements OTPM
+ "META_INFO, "
+ "CREATED_AT,"
+ "TENANT_ID,"
+ "USERNAME) VALUES (?, ?, ?, ?, ?, ?, ?)";
+ "USERNAME, "
+ "EXPIRY_TIME) VALUES (?, ?, ?, ?, ?, ?, ?, ?)";
try {
Connection conn = this.getDBConnection();
Calendar calendar = Calendar.getInstance();
@ -65,6 +72,8 @@ public class GenericOTPManagementDAOImpl extends AbstractDAOImpl implements OTPM
stmt.setTimestamp(5, timestamp);
stmt.setInt(6, oneTimePinDTO.getTenantId());
stmt.setString(7, oneTimePinDTO.getUsername());
stmt.setInt(8, oneTimePinDTO.getExpiryTime() == 0
? DeviceManagementConstants.OTPProperties.OTP_DEFAULT_EXPIRY_SECONDS : oneTimePinDTO.getExpiryTime());
stmt.addBatch();
}
stmt.executeBatch();

@ -117,7 +117,8 @@ public class OTPManagementServiceImpl implements OTPManagementService {
}
@Override
public OneTimePinDTO isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException {
public OneTimePinDTO isValidOTP(String oneTimeToken, boolean requireRenewal) throws OTPManagementException,
BadRequestException {
if (StringUtils.isBlank(oneTimeToken)){
String msg = "Received blank OTP to verify. OTP: " + oneTimeToken;
log.error(msg);
@ -141,17 +142,19 @@ public class OTPManagementServiceImpl implements OTPManagementService {
oneTimePinDTO.getCreatedAt().getTime() + oneTimePinDTO.getExpiryTime() * 1000L);
if (currentTimestamp.after(expiredTimestamp)) {
String renewedOTP = UUID.randomUUID().toString();
renewOTP(oneTimePinDTO, renewedOTP);
Gson gson = new Gson();
Tenant tenant = gson.fromJson(oneTimePinDTO.getMetaInfo(), Tenant.class);
if (requireRenewal) {
String renewedOTP = UUID.randomUUID().toString();
renewOTP(oneTimePinDTO, renewedOTP);
Gson gson = new Gson();
Tenant tenant = gson.fromJson(oneTimePinDTO.getMetaInfo(), Tenant.class);
Properties props = new Properties();
props.setProperty("first-name", tenant.getAdminFirstName());
props.setProperty("otp-token", renewedOTP);
props.setProperty("email", oneTimePinDTO.getEmail());
props.setProperty("type", oneTimePinDTO.getEmailType());
sendMail(props, oneTimePinDTO.getEmail(), DeviceManagementConstants.EmailAttributes.USER_VERIFY_TEMPLATE);
Properties props = new Properties();
props.setProperty("first-name", tenant.getAdminFirstName());
props.setProperty("otp-token", renewedOTP);
props.setProperty("email", oneTimePinDTO.getEmail());
props.setProperty("type", oneTimePinDTO.getEmailType());
sendMail(props, oneTimePinDTO.getEmail(), DeviceManagementConstants.EmailAttributes.USER_VERIFY_TEMPLATE);
}
return null;
}
return oneTimePinDTO;
@ -224,9 +227,6 @@ public class OTPManagementServiceImpl implements OTPManagementService {
}
}
}
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
OneTimePinDTO oneTimePinDTO;
List<OneTimePinDTO> oneTimePinDTOList = new ArrayList<>();
Properties props = new Properties();
props.setProperty("enrollment-steps", enrollmentSteps.toString());
try {
@ -234,16 +234,11 @@ public class OTPManagementServiceImpl implements OTPManagementService {
for (String username : deviceEnrollmentInvitation.getUsernames()) {
String emailAddress = DeviceManagerUtil.getUserClaimValue(
username, DeviceManagementConstants.User.CLAIM_EMAIL_ADDRESS);
oneTimePinDTO = generateOneTimePin(emailAddress, OTPEmailTypes.DEVICE_ENROLLMENT.toString(), username,
null, tenantId, false);
oneTimePinDTOList.add(oneTimePinDTO);
props.setProperty("first-name", DeviceManagerUtil.
getUserClaimValue(username, DeviceManagementConstants.User.CLAIM_FIRST_NAME));
props.setProperty("username", username);
props.setProperty("otp-token", oneTimePinDTO.getOtpToken());
sendMail(props, emailAddress, DeviceManagementConstants.EmailAttributes.USER_ENROLLMENT_TEMPLATE);
}
this.otpManagementDAO.addOTPData(oneTimePinDTOList);
ConnectionManagerUtil.commitDBTransaction();
} catch (UserStoreException e) {
String msg = "Error occurred while getting claim values to invite user";
@ -257,11 +252,6 @@ public class OTPManagementServiceImpl implements OTPManagementService {
String msg = "SQL Error occurred when adding OPT data to send device enrollment Invitation.";
log.error(msg, e);
throw new OTPManagementException(msg, e);
} catch (OTPManagementDAOException e) {
ConnectionManagerUtil.rollbackDBTransaction();
String msg = "Error occurred while saving the OTP data.";
log.error(msg, e);
throw new OTPManagementException(msg, e);
} finally {
ConnectionManagerUtil.closeDBConnection();
}
@ -269,27 +259,17 @@ public class OTPManagementServiceImpl implements OTPManagementService {
/**
* Create One Time Token
* @param email email
* @param emailType email type
* @param userName username
* @param metaDataObj meta data object
* @param tenantId tenant Id
* @param oneTimePinDTO Data related to the one time pin
* @return {@link OneTimePinDTO}
*/
@Override
public OneTimePinDTO generateOneTimePin(String email, String emailType, String userName, Object metaDataObj,
int tenantId, boolean persistPin) throws OTPManagementException {
public OneTimePinDTO generateOneTimePin(OneTimePinDTO oneTimePinDTO, boolean persistPin) throws OTPManagementException {
String otpValue = UUID.randomUUID().toString();
Gson gson = new Gson();
String metaInfo = gson.toJson(metaDataObj);
String metaInfo = gson.toJson(oneTimePinDTO.getMetaInfo());
OneTimePinDTO oneTimePinDTO = new OneTimePinDTO();
oneTimePinDTO.setEmail(email);
oneTimePinDTO.setTenantId(tenantId);
oneTimePinDTO.setUsername(userName);
oneTimePinDTO.setEmailType(emailType);
oneTimePinDTO.setMetaInfo(metaInfo);
oneTimePinDTO.setOtpToken(otpValue);

@ -21,6 +21,30 @@ package io.entgra.device.mgt.core.device.mgt.core.service;
import com.google.common.reflect.TypeToken;
import com.google.gson.Gson;
import io.entgra.device.mgt.core.device.mgt.common.*;
import io.entgra.device.mgt.core.device.mgt.extensions.logger.spi.EntgraLogger;
import io.entgra.device.mgt.core.notification.logger.DeviceEnrolmentLogContext;
import io.entgra.device.mgt.core.notification.logger.impl.EntgraDeviceEnrolmentLoggerImpl;
import org.apache.commons.collections.map.SingletonMap;
import org.apache.commons.lang.StringUtils;
import io.entgra.device.mgt.core.device.mgt.common.ActivityPaginationRequest;
import io.entgra.device.mgt.core.device.mgt.common.Billing;
import io.entgra.device.mgt.core.device.mgt.common.Device;
import io.entgra.device.mgt.core.device.mgt.common.DeviceEnrollmentInfoNotification;
import io.entgra.device.mgt.core.device.mgt.common.DeviceIdentifier;
import io.entgra.device.mgt.core.device.mgt.common.DeviceManager;
import io.entgra.device.mgt.core.device.mgt.common.DeviceNotification;
import io.entgra.device.mgt.core.device.mgt.common.DevicePropertyNotification;
import io.entgra.device.mgt.core.device.mgt.common.DeviceTransferRequest;
import io.entgra.device.mgt.core.device.mgt.common.DynamicTaskContext;
import io.entgra.device.mgt.core.device.mgt.common.EnrolmentInfo;
import io.entgra.device.mgt.core.device.mgt.common.FeatureManager;
import io.entgra.device.mgt.core.device.mgt.common.InitialOperationConfig;
import io.entgra.device.mgt.core.device.mgt.common.MonitoringOperation;
import io.entgra.device.mgt.core.device.mgt.common.OperationMonitoringTaskConfig;
import io.entgra.device.mgt.core.device.mgt.common.PaginationRequest;
import io.entgra.device.mgt.core.device.mgt.common.PaginationResult;
import io.entgra.device.mgt.core.device.mgt.common.StartupOperationConfig;
import io.entgra.device.mgt.core.device.mgt.common.BillingResponse;
import io.entgra.device.mgt.core.device.mgt.common.app.mgt.Application;
import io.entgra.device.mgt.core.device.mgt.common.app.mgt.ApplicationManagementException;
import io.entgra.device.mgt.core.device.mgt.common.configuration.mgt.*;
@ -111,13 +135,27 @@ import java.sql.SQLException;
import java.sql.Timestamp;
import java.time.LocalDateTime;
import java.util.*;
import java.time.LocalTime;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
public class DeviceManagementProviderServiceImpl implements DeviceManagementProviderService,
PluginInitializationListener {
private static final Log log = LogFactory.getLog(DeviceManagementProviderServiceImpl.class);
DeviceEnrolmentLogContext.Builder deviceEnrolmentLogContextBuilder = new DeviceEnrolmentLogContext.Builder();
private static final EntgraLogger log = new EntgraDeviceEnrolmentLoggerImpl(DeviceManagementProviderServiceImpl.class);
private static final String OPERATION_RESPONSE_EVENT_STREAM_DEFINITION = "org.wso2.iot.OperationResponseStream";
private final DeviceManagementPluginRepository pluginRepository;
@ -205,6 +243,8 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
}
return false;
}
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
EnrollmentConfiguration enrollmentConfiguration = DeviceManagerUtil.getEnrollmentConfigurationEntry();
String deviceSerialNumber = null;
if (enrollmentConfiguration != null) {
@ -291,6 +331,15 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
device.getType() + " upon the user '" + device.getEnrolmentInfo().getOwner() +
"'");
}
log.info("Device enrolled successfully", deviceEnrolmentLogContextBuilder
.setDeviceId(String.valueOf(existingDevice.getId()))
.setDeviceType(String.valueOf(existingDevice.getType()))
.setOwner(newEnrolmentInfo.getOwner())
.setOwnership(String.valueOf(newEnrolmentInfo.getOwnership()))
.setTenantID(String.valueOf(tenantId))
.setTenantDomain(tenantDomain)
.setUserName(userName)
.build());
status = true;
} else {
log.warn("Unable to update device enrollment for device : " + device.getDeviceIdentifier() +
@ -327,6 +376,7 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
}
device.setEnrolmentInfo(enrollment);
DeviceManagementDAOFactory.commitTransaction();
log.info("Device enrolled successfully", deviceEnrolmentLogContextBuilder.setDeviceId(String.valueOf(device.getId())).setDeviceType(String.valueOf(device.getType())).setOwner(enrollment.getOwner()).setOwnership(String.valueOf(enrollment.getOwnership())).setTenantID(String.valueOf(tenantId)).setTenantDomain(tenantDomain).setUserName(userName).build());
} else {
DeviceManagementDAOFactory.rollbackTransaction();
throw new DeviceManagementException("No device type registered with name - " + device.getType()
@ -404,6 +454,8 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
if (log.isDebugEnabled()) {
log.debug("Modifying enrollment for device: " + device.getId() + " of type '" + device.getType() + "'");
}
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
DeviceManager deviceManager = this.getDeviceManager(device.getType());
DeviceIdentifier deviceIdentifier = new DeviceIdentifier(device.getDeviceIdentifier(), device.getType());
if (deviceManager == null) {
@ -432,6 +484,7 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
enrollmentDAO.updateEnrollment(device.getEnrolmentInfo(), tenantId);
DeviceManagementDAOFactory.commitTransaction();
log.info("Device enrolled successfully", deviceEnrolmentLogContextBuilder.setDeviceId(String.valueOf(currentDevice.getId())).setDeviceType(String.valueOf(currentDevice.getType())).setOwner(currentDevice.getEnrolmentInfo().getOwner()).setOwnership(String.valueOf(currentDevice.getEnrolmentInfo().getOwnership())).setTenantID(String.valueOf(tenantId)).setTenantDomain(tenantDomain).setUserName(userName).build());
this.removeDeviceFromCache(deviceIdentifier);
} catch (DeviceManagementDAOException e) {
DeviceManagementDAOFactory.rollbackTransaction();
@ -515,7 +568,8 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
}
int tenantId = this.getTenantId();
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
String userName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
Device device = this.getDevice(deviceId, false);
if (device == null) {
if (log.isDebugEnabled()) {
@ -549,7 +603,7 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
}
}
//procees to dis-enroll a device from traccar ends
log.info("Device disenrolled successfully", deviceEnrolmentLogContextBuilder.setDeviceId(String.valueOf(device.getId())).setDeviceType(String.valueOf(device.getType())).setOwner(device.getEnrolmentInfo().getOwner()).setOwnership(String.valueOf(device.getEnrolmentInfo().getOwnership())).setTenantID(String.valueOf(tenantId)).setTenantDomain(tenantDomain).setUserName(userName).build());
} catch (DeviceManagementDAOException e) {
DeviceManagementDAOFactory.rollbackTransaction();
String msg = "Error occurred while dis-enrolling '" + deviceId.getType() +
@ -1006,7 +1060,15 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
dateDiff = endDate.getTime() - device.getEnrolmentInfo().getDateOfEnrolment();
}
}
long dateInDays = TimeUnit.DAYS.convert(dateDiff, TimeUnit.MILLISECONDS);
// Convert dateDiff to days as a decimal value
double dateDiffInDays = (double) dateDiff / (24 * 60 * 60 * 1000);
if (dateDiffInDays % 1 >= 0.9) {
dateDiffInDays = Math.ceil(dateDiffInDays);
}
long dateInDays = (long) dateDiffInDays;
double cost = (tenantCost.getCost() / 365) * dateInDays;
totalCost += cost;
device.setCost(Math.round(cost * 100.0) / 100.0);
@ -1073,9 +1135,13 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
long difference_In_Days = (difference_In_Time / (1000 * 60 * 60 * 24)) % 365;
if (difference_In_Time % (1000 * 60 * 60 * 24) >= 0.9 * (1000 * 60 * 60 * 24)) {
difference_In_Days++;
}
for (int i = 1; i <= difference_In_Years; i++) {
List<Device> allDevicesPerYear = new ArrayList<>();
LocalDateTime oneYearAfterStart = startDate.toLocalDateTime().plusYears(1);
LocalDateTime oneYearAfterStart = startDate.toLocalDateTime().plusYears(1).with(LocalTime.of(23, 59, 59));;
Timestamp newStartDate;
Timestamp newEndDate;
@ -1084,14 +1150,12 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
remainingDaysConsidered = true;
oneYearAfterStart = startDate.toLocalDateTime();
newEndDate = endDate;
} else if (Timestamp.valueOf(oneYearAfterStart).getTime() >= endDate.getTime()) {
newEndDate = Timestamp.valueOf(oneYearAfterStart);
} else {
oneYearAfterStart = startDate.toLocalDateTime().plusYears(1);
oneYearAfterStart = startDate.toLocalDateTime().plusYears(1).with(LocalTime.of(23, 59, 59));;
newEndDate = Timestamp.valueOf(oneYearAfterStart);
}
} else {
oneYearAfterStart = startDate.toLocalDateTime().plusYears(1);
oneYearAfterStart = startDate.toLocalDateTime().plusYears(1).with(LocalTime.of(23, 59, 59));;
newEndDate = Timestamp.valueOf(oneYearAfterStart);
}
@ -1114,7 +1178,7 @@ public class DeviceManagementProviderServiceImpl implements DeviceManagementProv
allDevices.addAll(billingResponse.getDevice());
totalCost = totalCost + billingResponse.getTotalCostPerYear();
deviceCount = deviceCount + billingResponse.getDeviceCount();
LocalDateTime nextStartDate = oneYearAfterStart.plusDays(1);
LocalDateTime nextStartDate = oneYearAfterStart.plusDays(1).with(LocalTime.of(00, 00, 00));
startDate = Timestamp.valueOf(nextStartDate);
}

@ -24,6 +24,15 @@ import io.entgra.device.mgt.core.device.mgt.common.GroupPaginationRequest;
import io.entgra.device.mgt.core.device.mgt.common.PaginationResult;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceNotFoundException;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.*;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroup;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceTypesOfGroups;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupAlreadyExistException;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupNotExistException;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.RoleDoesNotExistException;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.UserStoreManager;
import java.util.List;
@ -43,6 +52,16 @@ public interface GroupManagementProviderService {
void createGroup(DeviceGroup deviceGroup, String defaultRole,
String[] defaultPermissions) throws GroupManagementException, GroupAlreadyExistException;
/**
* Add new device group and create default role with default permissions.
*
* @param groups to add
* @param defaultRole of the deviceGroup
* @param defaultPermissions of the default role
* @throws GroupManagementException
*/
void createGroupWithRoles(DeviceGroupRoleWrapper groups, String defaultRole, String[] defaultPermissions) throws GroupAlreadyExistException,GroupManagementException, RoleDoesNotExistException;
/**
* Update existing device group.
*
@ -63,6 +82,18 @@ public interface GroupManagementProviderService {
*/
boolean deleteGroup(int groupId, boolean isDeleteChildren) throws GroupManagementException;
/**
* Delete existing device group.
*
* @param role to be deleted with the userStore name.
* @param roleToDelete to delete the role.
* @param tenantId to belongs to roles.
* @param userStoreManager with details.
* @param authorizationManager with details.
* @throws GroupManagementException
*/
void deleteRoleAndRoleGroupMapping(String role, String roleToDelete, int tenantId, UserStoreManager userStoreManager, AuthorizationManager authorizationManager) throws GroupManagementException;
/**
* Get the device group provided the device group id.
*

@ -19,6 +19,23 @@
package io.entgra.device.mgt.core.device.mgt.core.service;
import io.entgra.device.mgt.core.device.mgt.common.*;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroup;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupConstants;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceGroupRoleWrapper;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.DeviceTypesOfGroups;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupAlreadyExistException;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupManagementException;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.GroupNotExistException;
import io.entgra.device.mgt.core.device.mgt.common.group.mgt.RoleDoesNotExistException;
import io.entgra.device.mgt.core.device.mgt.core.dao.DeviceDAO;
import io.entgra.device.mgt.core.device.mgt.core.dao.DeviceManagementDAOException;
import io.entgra.device.mgt.core.device.mgt.core.dao.DeviceManagementDAOFactory;
import io.entgra.device.mgt.core.device.mgt.core.dao.GroupDAO;
import io.entgra.device.mgt.core.device.mgt.core.dao.GroupManagementDAOException;
import io.entgra.device.mgt.core.device.mgt.core.dao.GroupManagementDAOFactory;
import io.entgra.device.mgt.core.device.mgt.common.Device;
import io.entgra.device.mgt.core.device.mgt.common.DeviceIdentifier;
import io.entgra.device.mgt.core.device.mgt.common.DeviceManagementConstants;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceManagementException;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceNotFoundException;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.TransactionManagementException;
@ -35,12 +52,20 @@ import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import io.entgra.device.mgt.core.device.mgt.common.GroupPaginationRequest;
import io.entgra.device.mgt.core.device.mgt.common.PaginationResult;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import java.sql.SQLException;
import java.util.*;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.stream.Collectors;
@ -125,6 +150,59 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
}
}
public void createGroupWithRoles(DeviceGroupRoleWrapper groups, String defaultRole, String[] defaultPermissions) throws GroupAlreadyExistException, GroupManagementException {
if (groups == null) {
String msg = "Received incomplete data for createGroup";
log.error(msg);
throw new GroupManagementException(msg);
}
if (log.isDebugEnabled()) {
log.debug("Creating group '" + groups.getName() + "'");
}
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
try {
GroupManagementDAOFactory.beginTransaction();
DeviceGroup existingGroup = this.groupDAO.getGroup(groups.getName(), tenantId);
if (existingGroup == null) {
if (groups.getParentGroupId() == 0) {
groups.setParentPath(DeviceGroupConstants.HierarchicalGroup.SEPERATOR);
} else {
DeviceGroup immediateParentGroup = groupDAO.getGroup(groups.getParentGroupId(), tenantId);
if (immediateParentGroup == null) {
GroupManagementDAOFactory.rollbackTransaction();
String msg = "Parent group with group ID '" + groups.getParentGroupId() + "' does not exist. Hence creating of group '" + groups.getName() + "' was not success";
log.error(msg);
throw new GroupManagementException(msg);
}
String parentPath = DeviceManagerUtil.createParentPath(immediateParentGroup);
groups.setParentPath(parentPath);
}
int updatedGroupID = this.groupDAO.addGroupWithRoles(groups, tenantId);
if (groups.getGroupProperties() != null && groups.getGroupProperties().size() > 0) {
this.groupDAO.addGroupPropertiesWithRoles(groups, updatedGroupID, tenantId);
}
GroupManagementDAOFactory.commitTransaction();
} else {
throw new GroupAlreadyExistException("Group already exists with name : " + groups.getName() + " Try with another group name.");
}
} catch (GroupManagementDAOException e) {
GroupManagementDAOFactory.rollbackTransaction();
String msg = e.getMessage();
log.error(msg, e);
throw new GroupManagementException(msg, e);
} catch (TransactionManagementException e) {
String msg = "Error occurred while initiating transaction.";
log.error(msg, e);
throw new GroupManagementException(msg, e);
} finally {
GroupManagementDAOFactory.closeConnection();
}
if (log.isDebugEnabled()) {
log.debug("DeviceGroup added: " + groups.getName());
}
}
/**
* {@inheritDoc}
*/
@ -236,6 +314,13 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
newParentPath = DeviceGroupConstants.HierarchicalGroup.SEPERATOR;
}
childrenGroup.setParentPath(newParentPath);
if (!DeviceGroupConstants.HierarchicalGroup.SEPERATOR.equals(newParentPath)) {
String[] groupIds = newParentPath.split(DeviceGroupConstants.HierarchicalGroup.SEPERATOR);
int latestGroupId = Integer.parseInt(groupIds[groupIds.length - 1]);
childrenGroup.setParentGroupId(latestGroupId);
} else {
childrenGroup.setParentGroupId(0);
}
}
}
}
@ -276,6 +361,40 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
}
}
/**
* {@inheritDoc}
*/
@Override
public void deleteRoleAndRoleGroupMapping(String roleName, String roleToDelete, int tenantId, UserStoreManager userStoreManager, AuthorizationManager authorizationManager) throws GroupManagementException {
if (log.isDebugEnabled()) {
log.debug("Delete roles");
}
try {
GroupManagementDAOFactory.beginTransaction();
groupDAO.deleteGroupsMapping(roleToDelete, tenantId);
userStoreManager.deleteRole(roleName);
// Delete all authorizations for the current role before deleting
authorizationManager.clearRoleAuthorization(roleName);
GroupManagementDAOFactory.commitTransaction();
} catch (UserStoreException e) {
GroupManagementDAOFactory.rollbackTransaction();
String msg = "Error occurred while deleting the role '" + roleName + "'";
log.error(msg, e);
throw new GroupManagementException(msg, e);
} catch (TransactionManagementException e) {
String msg = "Error occurred while initiating transaction.";
log.error(msg, e);
throw new GroupManagementException(msg, e);
} catch (GroupManagementDAOException e) {
GroupManagementDAOFactory.rollbackTransaction();
String msg = "Error occurred while deleting the role";
log.error(msg, e);
throw new GroupManagementException(msg, e);
} finally {
GroupManagementDAOFactory.closeConnection();
}
}
/**
* {@inheritDoc}
*/
@ -442,7 +561,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
@Override
public PaginationResult getGroupsWithHierarchy(String username, GroupPaginationRequest request,
boolean requireGroupProps) throws GroupManagementException {
boolean requireGroupProps) throws GroupManagementException {
if (request == null) {
String msg = "Received incomplete data for retrieve groups with hierarchy";
log.error(msg);
@ -451,6 +570,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
if (log.isDebugEnabled()) {
log.debug("Get groups with hierarchy " + request.toString());
}
boolean isWithParentPath = false;
DeviceManagerUtil.validateGroupListPageSize(request);
List<DeviceGroup> rootGroups;
try {
@ -462,7 +582,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
} else {
List<Integer> allDeviceGroupIdsOfUser = getGroupIds(username);
GroupManagementDAOFactory.openConnection();
rootGroups = this.groupDAO.getGroups(request, allDeviceGroupIdsOfUser, tenantId);
rootGroups = this.groupDAO.getGroups(request, allDeviceGroupIdsOfUser, tenantId, isWithParentPath);
}
String parentPath;
List<DeviceGroup> childrenGroups;
@ -1283,7 +1403,7 @@ public class GroupManagementProviderServiceImpl implements GroupManagementProvid
* @throws GroupManagementDAOException on error during population of group properties.
*/
private void createGroupWithChildren(DeviceGroup parentGroup, List<DeviceGroup> childrenGroups,
boolean requireGroupProps, int tenantId, int depth, int counter) throws GroupManagementDAOException {
boolean requireGroupProps, int tenantId, int depth, int counter) throws GroupManagementDAOException {
if (childrenGroups.isEmpty() || depth == counter) {
return;
}

@ -16,6 +16,7 @@ CREATE TABLE IF NOT EXISTS DM_GROUP (
OWNER VARCHAR(45) DEFAULT NULL,
PARENT_PATH VARCHAR(255) DEFAULT NULL,
TENANT_ID INTEGER DEFAULT 0,
PARENT_GROUP_ID INTEGER DEFAULT 0,
PRIMARY KEY (ID)
);

@ -22,7 +22,7 @@
<parent>
<artifactId>device-mgt</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@ -78,7 +78,7 @@
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-api-mockito</artifactId>
<artifactId>powermock-api-mockito2</artifactId>
<scope>test</scope>
</dependency>
<dependency>

@ -23,7 +23,7 @@
<parent>
<artifactId>device-mgt</artifactId>
<groupId>io.entgra.device.mgt.core</groupId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -0,0 +1,32 @@
/* Copyright (c) 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.core.common.exception;
/**
* Represents the exception thrown during storing and retrieving the artifacts.
*/
public class StorageManagementException extends Exception {
public StorageManagementException(String message, Throwable ex) {
super(message, ex);
}
public StorageManagementException(String message) {
super(message);
}
}

@ -22,7 +22,7 @@
<parent>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>io.entgra.device.mgt.core.parent</artifactId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>heartbeat-management</artifactId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>io.entgra.device.mgt.core.parent</artifactId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>

@ -22,7 +22,7 @@
<parent>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>identity-extensions</artifactId>
<version>5.0.26-SNAPSHOT</version>
<version>5.0.27-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

Some files were not shown because too many files have changed in this diff Show More

Loading…
Cancel
Save