From 466c2b1151b0c91eebdb03c9c017a377174da0c8 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Thu, 12 Jan 2017 19:29:59 +0530 Subject: [PATCH] moved to gateway mode --- .../src/main/webapp/WEB-INF/web.xml | 4 - .../src/main/webapp/WEB-INF/web.xml | 4 - .../src/main/webapp/WEB-INF/web.xml | 4 - .../src/main/webapp/WEB-INF/web.xml | 8 -- .../authorization/DeviceAuthorizer.java | 5 ++ .../authorization/PermissionUtil.java | 76 +++++++++++++++++++ ...ebsocketEventAdaptorServiceDataHolder.java | 13 ++++ ...cketLocalEventAdapterServiceComponent.java | 31 ++++++++ .../client/OAuthRequestInterceptor.java | 3 +- .../client/dto/TokenIssuerService.java | 6 ++ .../src/main/webapp/WEB-INF/web.xml | 5 -- .../src/main/webapp/WEB-INF/web.xml | 4 - 12 files changed, 133 insertions(+), 30 deletions(-) create mode 100644 components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/PermissionUtil.java diff --git a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml index be0eee231..2c66f5c1d 100644 --- a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml +++ b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml @@ -16,10 +16,6 @@ CXFServlet /* - - isAdminService - false - doAuthentication true diff --git a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/webapp/WEB-INF/web.xml b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/webapp/WEB-INF/web.xml index a137eb9cc..96122464a 100644 --- a/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/webapp/WEB-INF/web.xml +++ b/components/device-types/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/webapp/WEB-INF/web.xml @@ -16,10 +16,6 @@ CXFServlet /* - - isAdminService - false - doAuthentication true diff --git a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/webapp/WEB-INF/web.xml b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/webapp/WEB-INF/web.xml index 975eb808a..e6b97eaed 100644 --- a/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/webapp/WEB-INF/web.xml +++ b/components/device-types/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/webapp/WEB-INF/web.xml @@ -16,10 +16,6 @@ CXFServlet /* - - isAdminService - false - doAuthentication true diff --git a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/webapp/WEB-INF/web.xml b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/webapp/WEB-INF/web.xml index eb4a397bf..4337c5720 100644 --- a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/webapp/WEB-INF/web.xml +++ b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/webapp/WEB-INF/web.xml @@ -16,18 +16,10 @@ CXFServlet /* - - isAdminService - false - doAuthentication true - - providerTenantDomain - carbon.super - diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java index d8e779491..0edea4d1e 100644 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java @@ -61,6 +61,11 @@ public class DeviceAuthorizer implements Authorizer { @Override public void init(Map globalProperties) { statPermissions = getPermissions(globalProperties); + if (statPermissions != null && !statPermissions.isEmpty()) { + for (String permission : statPermissions) { + PermissionUtil.putPermission(permission); + } + } try { deviceAccessAuthorizationAdminService = Feign.builder() .requestInterceptor(new OAuthRequestInterceptor(globalProperties)) diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/PermissionUtil.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/PermissionUtil.java new file mode 100644 index 000000000..cab25a8c4 --- /dev/null +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/PermissionUtil.java @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * you may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.base.MultitenantConstants; +import org.wso2.carbon.device.mgt.output.adapter.websocket.internal.WebsocketEventAdaptorServiceDataHolder; +import org.wso2.carbon.registry.api.Resource; +import org.wso2.carbon.registry.core.Registry; +import org.wso2.carbon.registry.core.exceptions.RegistryException; + +import java.util.StringTokenizer; + +/** + * Utility class which holds necessary utility methods required for persisting permissions in + * registry. + */ +public class PermissionUtil { + + public static final String PERMISSION_PROPERTY_NAME = "name"; + private static Log log = LogFactory.getLog(DeviceAuthorizer.class); + + public static void putPermission(String permission) { + try { + StringTokenizer tokenizer = new StringTokenizer(permission, "/"); + String lastToken = "", currentToken, tempPath; + while (tokenizer.hasMoreTokens()) { + currentToken = tokenizer.nextToken(); + tempPath = lastToken + "/" + currentToken; + if (!checkResourceExists(tempPath)) { + createRegistryCollection(tempPath, currentToken); + + } + lastToken = tempPath; + } + } catch (org.wso2.carbon.registry.api.RegistryException e) { + log.error("Failed to creation permission in registry" + permission, e); + } + } + + public static void createRegistryCollection(String path, String resourceName) + throws org.wso2.carbon.registry.api.RegistryException { + Resource resource = getGovernanceRegistry().newCollection(); + resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName); + getGovernanceRegistry().beginTransaction(); + getGovernanceRegistry().put(path, resource); + getGovernanceRegistry().commitTransaction(); + } + + public static boolean checkResourceExists(String path) + throws RegistryException { + return getGovernanceRegistry().resourceExists(path); + } + + public static Registry getGovernanceRegistry() throws RegistryException { + return WebsocketEventAdaptorServiceDataHolder.getRegistryService() + .getGovernanceSystemRegistry(MultitenantConstants.SUPER_TENANT_ID); + } + +} diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/internal/WebsocketEventAdaptorServiceDataHolder.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/internal/WebsocketEventAdaptorServiceDataHolder.java index 0485b0710..7cf22b0a2 100644 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/internal/WebsocketEventAdaptorServiceDataHolder.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/internal/WebsocketEventAdaptorServiceDataHolder.java @@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.output.adapter.websocket.internal; import org.wso2.carbon.device.mgt.output.adapter.websocket.WebsocketOutputCallbackControllerServiceImpl; import org.wso2.carbon.event.stream.core.EventStreamService; +import org.wso2.carbon.registry.core.service.RegistryService; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.LinkedBlockingDeque; @@ -35,6 +36,7 @@ public final class WebsocketEventAdaptorServiceDataHolder { private static ConcurrentHashMap>> tenantSpecificStreamEventMap = new ConcurrentHashMap<>(); private static EventStreamService eventStreamService; + private static RegistryService registryService; public static void registerEventStreamService(EventStreamService eventBuilderService) { WebsocketEventAdaptorServiceDataHolder.eventStreamService = eventBuilderService; @@ -63,4 +65,15 @@ public final class WebsocketEventAdaptorServiceDataHolder { getTenantSpecificStreamEventMap() { return tenantSpecificStreamEventMap; } + + public static RegistryService getRegistryService() { + if (registryService == null) { + throw new IllegalStateException("Registry service is not initialized properly"); + } + return registryService; + } + + public static void setRegistryService(RegistryService registryService) { + WebsocketEventAdaptorServiceDataHolder.registryService = registryService; + } } diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/internal/WebsocketLocalEventAdapterServiceComponent.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/internal/WebsocketLocalEventAdapterServiceComponent.java index 4820d46e6..9425f9cda 100644 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/internal/WebsocketLocalEventAdapterServiceComponent.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/internal/WebsocketLocalEventAdapterServiceComponent.java @@ -26,12 +26,19 @@ import org.wso2.carbon.device.mgt.output.adapter.websocket.WebsocketOutputCallba import org.wso2.carbon.event.output.adapter.core.OutputEventAdapterFactory; import org.wso2.carbon.device.mgt.output.adapter.websocket.WebsocketOutputCallbackControllerService; import org.wso2.carbon.event.stream.core.EventStreamService; +import org.wso2.carbon.registry.core.service.RegistryService; /** * @scr.component component.name="output.extensions.secured.websocket.AdapterService.component" immediate="true" * @scr.reference name="eventStreamService.service" * interface="org.wso2.carbon.event.stream.core.EventStreamService" cardinality="1..1" * policy="dynamic" bind="setEventStreamService" unbind="unsetEventStreamService" + * @scr.reference name="registry.service" + * interface="org.wso2.carbon.registry.core.service.RegistryService" + * cardinality="1..1" + * policy="dynamic" + * bind="setRegistryService" + * unbind="unsetRegistryService" */ public class WebsocketLocalEventAdapterServiceComponent { @@ -80,4 +87,28 @@ public class WebsocketLocalEventAdapterServiceComponent { } WebsocketEventAdaptorServiceDataHolder.registerEventStreamService(null); } + + /** + * Sets Registry Service. + * + * @param registryService An instance of RegistryService + */ + protected void setRegistryService(RegistryService registryService) { + if (log.isDebugEnabled()) { + log.debug("Setting Registry Service"); + } + WebsocketEventAdaptorServiceDataHolder.setRegistryService(registryService); + } + + /** + * Unsets Registry Service. + * + * @param registryService An instance of RegistryService + */ + protected void unsetRegistryService(RegistryService registryService) { + if (log.isDebugEnabled()) { + log.debug("Un setting Registry Service"); + } + WebsocketEventAdaptorServiceDataHolder.setRegistryService(null); + } } diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java index 886daa912..9a29d0026 100755 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java @@ -40,6 +40,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { private static final String APPLICATION_NAME = "mqtt_broker"; private static final String PASSWORD_GRANT_TYPE = "password"; private static final String REFRESH_GRANT_TYPE = "refresh_token"; + private static final String REQUIRED_SCOPE = "perm:authorization:verify"; private ApiApplicationRegistrationService apiApplicationRegistrationService; private TokenIssuerService tokenIssuerService; @@ -76,7 +77,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .target(TokenIssuerService.class, AuthorizationConfigurationManager.getInstance().getTokenEndpoint()); - tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password); + tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password, REQUIRED_SCOPE); tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); } synchronized (this) { diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/TokenIssuerService.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/TokenIssuerService.java index 3e8413b45..5938587f3 100755 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/TokenIssuerService.java +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/dto/TokenIssuerService.java @@ -33,6 +33,12 @@ public interface TokenIssuerService { AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("username") String username, @QueryParam("password") String password); + @POST + @Produces(MediaType.APPLICATION_JSON) + @Consumes(MediaType.APPLICATION_FORM_URLENCODED) + AccessTokenInfo getToken(@QueryParam("grant_type") String grant, @QueryParam("username") String username, + @QueryParam("password") String password, @QueryParam("scopes") String scopes); + @POST @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_FORM_URLENCODED) diff --git a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/webapp/WEB-INF/web.xml b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/webapp/WEB-INF/web.xml index 63510fe9b..b22bd2b5d 100644 --- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/webapp/WEB-INF/web.xml +++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/webapp/WEB-INF/web.xml @@ -42,11 +42,6 @@ 60 - - - isAdminService - false - managed-api-enabled true diff --git a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/webapp/WEB-INF/web.xml b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/webapp/WEB-INF/web.xml index 8dbd5e352..6ea6be132 100644 --- a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/webapp/WEB-INF/web.xml +++ b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/webapp/WEB-INF/web.xml @@ -48,10 +48,6 @@ 60 - - isAdminService - false - managed-api-enabled true