forked from community/device-mgt-core
commit
126c2ec371
@ -0,0 +1,38 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* you may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.device.mgt.core.config.permission;
|
||||||
|
|
||||||
|
import javax.xml.bind.annotation.XmlElement;
|
||||||
|
import javax.xml.bind.annotation.XmlRootElement;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
@XmlRootElement(name = "PermissionConfiguration")
|
||||||
|
public class PermissionConfiguration {
|
||||||
|
|
||||||
|
private List<Permission> permissions;
|
||||||
|
|
||||||
|
public List<Permission> getPermissions() {
|
||||||
|
return permissions;
|
||||||
|
}
|
||||||
|
|
||||||
|
@XmlElement(name = "Permission", required = true)
|
||||||
|
public void setPermissions(List<Permission> permissions) {
|
||||||
|
this.permissions = permissions;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,77 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.device.mgt.core.config.permission;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Collection;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This class represents the node of a permission graph.
|
||||||
|
*/
|
||||||
|
public class PermissionHolder {
|
||||||
|
|
||||||
|
String pathName;
|
||||||
|
Map<String, Permission> permissions = new HashMap<String, Permission>();
|
||||||
|
List<PermissionHolder> children = new ArrayList<PermissionHolder>();
|
||||||
|
|
||||||
|
public PermissionHolder(String pathName) {
|
||||||
|
this.pathName = pathName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getPathName() {
|
||||||
|
return pathName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setPathName(String pathName) {
|
||||||
|
this.pathName = pathName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<PermissionHolder> getChildren() {
|
||||||
|
return children;
|
||||||
|
}
|
||||||
|
|
||||||
|
public PermissionHolder getChild(String pathName) {
|
||||||
|
PermissionHolder child = null;
|
||||||
|
for (PermissionHolder node : children) {
|
||||||
|
if (node.getPathName().equals(pathName)) {
|
||||||
|
return node;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return child;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void addChild(PermissionHolder node) {
|
||||||
|
children.add(node);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void addPermission(String httpMethod, Permission permission) {
|
||||||
|
permissions.put(httpMethod, permission);
|
||||||
|
}
|
||||||
|
|
||||||
|
public Permission getPermission(String httpMethod) {
|
||||||
|
return permissions.get(httpMethod);
|
||||||
|
}
|
||||||
|
|
||||||
|
public Collection<Permission> getPermissions() {
|
||||||
|
return permissions.values();
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,43 @@
|
|||||||
|
package org.wso2.carbon.device.mgt.core.internal;
|
||||||
|
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.osgi.framework.BundleContext;
|
||||||
|
import org.osgi.service.component.ComponentContext;
|
||||||
|
import org.wso2.carbon.device.mgt.core.scep.SCEPManager;
|
||||||
|
import org.wso2.carbon.device.mgt.core.scep.SCEPManagerImpl;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @scr.component name="org.wso2.carbon.device.mgt.core.scep" immediate="true"
|
||||||
|
*/
|
||||||
|
public class SCEPManagerServiceComponent {
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(SCEPManagerServiceComponent.class);
|
||||||
|
|
||||||
|
protected void activate(ComponentContext componentContext) {
|
||||||
|
|
||||||
|
try {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Initializing SCEP core bundle");
|
||||||
|
}
|
||||||
|
|
||||||
|
BundleContext bundleContext = componentContext.getBundleContext();
|
||||||
|
bundleContext.registerService(SCEPManager.class.getName(),
|
||||||
|
new SCEPManagerImpl(), null);
|
||||||
|
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("SCEP core bundle has been successfully initialized");
|
||||||
|
}
|
||||||
|
} catch (Throwable e) {
|
||||||
|
String msg = "Error occurred while initializing SCEP core bundle";
|
||||||
|
log.error(msg, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void deactivate(ComponentContext ctx) {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Deactivating SCEP core bundle");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,86 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.webapp.authenticator.framework.authorizer;
|
||||||
|
|
||||||
|
import org.apache.catalina.connector.Request;
|
||||||
|
import org.apache.catalina.connector.Response;
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.wso2.carbon.context.CarbonContext;
|
||||||
|
import org.wso2.carbon.device.mgt.core.config.permission.Permission;
|
||||||
|
import org.wso2.carbon.device.mgt.core.config.permission.PermissionManager;
|
||||||
|
import org.wso2.carbon.user.api.UserStoreException;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||||
|
|
||||||
|
import java.util.StringTokenizer;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This class represents the methods that are used to authorize requests.
|
||||||
|
*/
|
||||||
|
public class PermissionAuthorizer {
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(PermissionAuthorizer.class);
|
||||||
|
|
||||||
|
public WebappAuthenticator.Status authorize(Request request, Response response) {
|
||||||
|
|
||||||
|
// contextOperation is used to get defined operation type from the web.xml
|
||||||
|
String requestUri = request.getRequestURI();
|
||||||
|
String requestMethod = request.getMethod();
|
||||||
|
|
||||||
|
if (requestUri == null || requestUri.isEmpty() ||
|
||||||
|
requestMethod == null || requestMethod.isEmpty()) {
|
||||||
|
return WebappAuthenticator.Status.CONTINUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
PermissionManager permissionManager = PermissionManager.getInstance();
|
||||||
|
Permission requestPermission = permissionManager.getPermission(requestUri, requestMethod);
|
||||||
|
|
||||||
|
if (requestPermission == null) {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Permission to request '" + requestUri + "' is not defined in the configuration");
|
||||||
|
}
|
||||||
|
return WebappAuthenticator.Status.FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
String permissionString = requestPermission.getPath();
|
||||||
|
|
||||||
|
// This is added temporarily until authentication works.
|
||||||
|
String username = "admin";
|
||||||
|
|
||||||
|
boolean isUserAuthorized;
|
||||||
|
try {
|
||||||
|
isUserAuthorized = CarbonContext.getThreadLocalCarbonContext().getUserRealm().
|
||||||
|
getAuthorizationManager().isUserAuthorized(username, permissionString, "read");
|
||||||
|
} catch (UserStoreException e) {
|
||||||
|
log.error("Error occurred while retrieving user store. " + e.getMessage());
|
||||||
|
return WebappAuthenticator.Status.FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Is user authorized: " + isUserAuthorized);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isUserAuthorized) {
|
||||||
|
return WebappAuthenticator.Status.SUCCESS;
|
||||||
|
} else {
|
||||||
|
return WebappAuthenticator.Status.FAILURE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,76 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.webapp.authenticator.framework.authorizer;
|
||||||
|
|
||||||
|
import org.apache.catalina.connector.Request;
|
||||||
|
import org.apache.catalina.connector.Response;
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
|
||||||
|
import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil;
|
||||||
|
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
|
public class PermissionAuthorizerValve extends CarbonTomcatValve {
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(PermissionAuthorizerValve.class);
|
||||||
|
private static final String AUTHORIZATION_ENABLED = "authorization-enabled";
|
||||||
|
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void invoke(Request request, Response response, CompositeValve compositeValve) {
|
||||||
|
|
||||||
|
String permissionStatus =
|
||||||
|
request.getContext().findParameter(AUTHORIZATION_ENABLED);
|
||||||
|
if (permissionStatus == null || permissionStatus.isEmpty()) {
|
||||||
|
this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// check whether the permission checking function is enabled
|
||||||
|
boolean isEnabled = new Boolean(permissionStatus);
|
||||||
|
if (!isEnabled) {
|
||||||
|
this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Checking permission of request: " + request.getRequestURI());
|
||||||
|
}
|
||||||
|
PermissionAuthorizer permissionAuthorizer = new PermissionAuthorizer();
|
||||||
|
WebappAuthenticator.Status status = permissionAuthorizer.authorize(request, response);
|
||||||
|
this.processResponse(request, response, compositeValve, status);
|
||||||
|
}
|
||||||
|
|
||||||
|
private void processResponse(Request request, Response response, CompositeValve compositeValve,
|
||||||
|
WebappAuthenticator.Status status) {
|
||||||
|
switch (status) {
|
||||||
|
case SUCCESS:
|
||||||
|
case CONTINUE:
|
||||||
|
this.getNext().invoke(request, response, compositeValve);
|
||||||
|
break;
|
||||||
|
case FAILURE:
|
||||||
|
String msg = "Failed to authorize incoming request";
|
||||||
|
log.error(msg);
|
||||||
|
AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -1,3 +1,2 @@
|
|||||||
instructions.configure = \
|
instructions.configure = \
|
||||||
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.webapp.authenticator.framework.server_${feature.version}/conf/webapp-authenticator-config.xml,target:${installFolder}/../../conf/etc/webapp-authenticator-config.xml,overwrite:true);\
|
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.webapp.authenticator.framework.server_${feature.version}/conf/webapp-authenticator-config.xml,target:${installFolder}/../../conf/etc/webapp-authenticator-config.xml,overwrite:true);\
|
||||||
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.webapp.authenticator.framework.server_${feature.version}/conf/permissions-config.xml,target:${installFolder}/../../conf/etc/permissions-config.xml,overwrite:true);\
|
|
Loading…
Reference in new issue