fixed permission and assigned environment variables for url context

8 years ago · 2fbaf31b93
parent 93ae646c50
commit 2fbaf31b93
13 changed files with 145 additions and 14 deletions
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml
@ -173,6 +173,11 @@
            <artifactId>org.wso2.carbon.device.mgt.common</artifactId>
            <scope>provided</scope>
        </dependency>
+		<dependency>
+			<groupId>org.wso2.carbon</groupId>
+			<artifactId>org.wso2.carbon.registry.core</artifactId>
+			<scope>provided</scope>
+		</dependency>
    </dependencies>

    <build>
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java
@ -56,6 +56,9 @@ public class ApiPermissionFilter implements Filter {
                PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
                        unmarshaller.unmarshal(permissionStream);
                permissions = permissionConfiguration.getPermissions();
+                for (Permission permission : permissions) {
+                    APIUtil.putPermission(PERMISSION_PREFIX + permission.getPath());
+                }
            } catch (JAXBException e) {
                log.error("invalid permissions.xml", e);
            }
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java
@ -21,12 +21,18 @@ package org.wso2.carbon.apimgt.application.extension.api.util;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService;
+import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
 import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
+import org.wso2.carbon.registry.api.Resource;
+import org.wso2.carbon.registry.core.Registry;
+import org.wso2.carbon.registry.core.exceptions.RegistryException;
+import org.wso2.carbon.registry.core.service.RegistryService;
 import org.wso2.carbon.user.core.service.RealmService;

 import java.util.List;
+import java.util.StringTokenizer;

 /**
 * This class provides utility functions used by REST-API.
@ -35,6 +41,8 @@ public class APIUtil {

    private static Log log = LogFactory.getLog(APIUtil.class);
    private static final String DEFAULT_CDMF_API_TAG = "device_management";
+    private static final String DEFAULT_CERT_API_TAG = "scep_management";
+    public static final String PERMISSION_PROPERTY_NAME = "name";

    public static String getAuthenticatedUser() {
        PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
@ -48,8 +56,7 @@ public class APIUtil {

    public static String getTenantDomainOftheUser() {
        PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
-        String tenantDomain = threadLocalCarbonContext.getTenantDomain();
-        return tenantDomain;
+        return threadLocalCarbonContext.getTenantDomain();
    }

    public static APIManagementProviderService getAPIManagementProviderService() {
@ -92,6 +99,55 @@ public class APIUtil {
        //Todo get allowed cdmf service tags from config.
        List<String> allowedApisTags = getDeviceManagementProviderService().getAvailableDeviceTypes();
        allowedApisTags.add(DEFAULT_CDMF_API_TAG);
+        allowedApisTags.add(DEFAULT_CERT_API_TAG);
        return allowedApisTags;
    }
+
+    public static void putPermission(String permission) {
+        try {
+            StringTokenizer tokenizer = new StringTokenizer(permission, "/");
+            String lastToken = "", currentToken, tempPath;
+            while (tokenizer.hasMoreTokens()) {
+                currentToken = tokenizer.nextToken();
+                tempPath = lastToken + "/" + currentToken;
+                if (!checkResourceExists(tempPath)) {
+                    createRegistryCollection(tempPath, currentToken);
+
+                }
+                lastToken = tempPath;
+            }
+        } catch (org.wso2.carbon.registry.api.RegistryException e) {
+            log.error("Failed to creation permission in registry" + permission, e);
+        }
+    }
+
+    public static void createRegistryCollection(String path, String resourceName)
+            throws org.wso2.carbon.registry.api.RegistryException {
+        Resource resource = getGovernanceRegistry().newCollection();
+        resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
+        getGovernanceRegistry().beginTransaction();
+        getGovernanceRegistry().put(path, resource);
+        getGovernanceRegistry().commitTransaction();
+    }
+
+    public static boolean checkResourceExists(String path)
+            throws RegistryException {
+        return getGovernanceRegistry().resourceExists(path);
+    }
+
+    public static Registry getGovernanceRegistry() throws RegistryException {
+        return getRegistryService().getGovernanceSystemRegistry(MultitenantConstants.SUPER_TENANT_ID);
+    }
+
+    public static RegistryService getRegistryService() {
+        PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+        RegistryService registryService =
+                (RegistryService) ctx.getOSGiService(RegistryService.class, null);
+        if (registryService == null) {
+            String msg = "registry service has not initialized.";
+            log.error(msg);
+            throw new IllegalStateException(msg);
+        }
+        return registryService;
+    }
 }
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/META-INF/permissions.xml
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/META-INF/permissions.xml
@ -37,14 +37,14 @@
    </Permission>
    <Permission>
        <name>Register application</name>
-        <path>/device-mgt/user/api/application</path>
+        <path>/device-mgt/api/application</path>
        <url>/register</url>
        <method>POST</method>
        <scope>application_user</scope>
    </Permission>
    <Permission>
        <name>Delete application</name>
-        <path>/device-mgt/user/api/application</path>
+        <path>/device-mgt/api/application</path>
        <url>/unregister</url>
        <method>DELETE</method>
        <scope>application_user</scope>
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java
@ -64,6 +64,12 @@ import javax.ws.rs.core.Response;
                description = "Deleting an SSL Certificate",
                key = "perm:admin:certificates:delete",
                permissions = {"/device-mgt/admin/certificates/delete"}
+        ),
+        @Scope(
+                name = "Verify SSL certificate",
+                description = "Verify SSL certificate",
+                key = "perm:admin:certificates:verify",
+                permissions = {"/device-mgt/admin/certificates/verify"}
        )
 }
 )
@ -428,7 +434,12 @@ public interface CertificateManagementAdminService {
            httpMethod = "POST",
            value = "Verify Android SSL certificate",
            notes = "Verify Android Certificate for the API security filter.\n",
-            tags = "Certificate Management")
+            tags = "Certificate Management",
+            extensions = {
+                    @Extension(properties = {
+                            @ExtensionProperty(name = SCOPE, value = "perm:admin:certificates:add")
+                    })
+            })
    @ApiResponses(
            value = {
                    @ApiResponse(
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java
@ -29,7 +29,6 @@ import io.swagger.annotations.ApiParam;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
 import io.swagger.annotations.ResponseHeader;
-import org.json.JSONObject;
 import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.apimgt.annotations.api.Scopes;
 import org.wso2.carbon.device.mgt.common.Device;
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java
@ -22,9 +22,17 @@ import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
+import io.swagger.annotations.Extension;
+import io.swagger.annotations.ExtensionProperty;
+import io.swagger.annotations.Info;
+import io.swagger.annotations.SwaggerDefinition;
+import io.swagger.annotations.Tag;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
+import org.wso2.carbon.apimgt.annotations.api.Scopes;
 import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult;
 import org.wso2.carbon.device.mgt.jaxrs.beans.AuthorizationRequest;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
+import org.wso2.carbon.device.mgt.jaxrs.util.Constants;

 import javax.ws.rs.Consumes;
 import javax.ws.rs.POST;
@ -37,6 +45,32 @@ import javax.ws.rs.core.Response;
@Api(value = "Device Authorization Administrative Service", description = "This an  API intended to be used by " +
        "'internal' components to log in as an admin user and validate whether the user/device are trusted entity." +
        "Further, this is strictly restricted to admin users only ")
+
+@SwaggerDefinition(
+        info = @Info(
+                version = "1.0.0",
+                title = "",
+                extensions = {
+                        @Extension(properties = {
+                                @ExtensionProperty(name = "name", value = "DeviceAccessAuthorizationAdminService"),
+                                @ExtensionProperty(name = "context", value = "/api/device-mgt/v1.0/admin/authorization"),
+                        })
+                }
+        ),
+        tags = {
+                @Tag(name = "device_management", description = "")
+        }
+)
+@Scopes(
+        scopes = {
+                @Scope(
+                        name = "Verify device authorization",
+                        description = "Verify device authorization",
+                        key = "perm:authorization:verify",
+                        permissions = {"/device-mgt/authorization/verify"}
+                )
+        }
+)
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
 /**
@ -52,7 +86,13 @@ public interface DeviceAccessAuthorizationAdminService {
            value = "Check for device access authorization\n",
            notes = "This is an internal API that can be used to check for authorization.",
            response = DeviceAuthorizationResult.class,
-            tags = "Authorization Administrative Service")
+            tags = "Authorization Administrative Service",
+            extensions = {
+                    @Extension(properties = {
+                            @ExtensionProperty(name = Constants.SCOPE, value = "perm:authorization:verify")
+                    })
+            })
+
    @ApiResponses(value = {
            @ApiResponse(
                    code = 200,
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json
@ -1,7 +1,7 @@
 {
    "appContext": "/devicemgt/",
-    "httpsURL" : "https://localhost:8243",
-    "httpURL" : "http://localhost:8280",
+    "httpsURL" : "https://%server.ip%:8243",
+    "httpURL" : "http://%server.ip%:8280",
    "wssURL" : "https://localhost:9445",
    "wsURL" : "%http.ip%",
    "portalURL": "https://%server.ip%:9445",
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java
@ -35,6 +35,8 @@ import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
 import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;

 import java.util.Properties;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;

 public class Utils {

@ -86,4 +88,18 @@ public class Utils {
        }
    }

+    public static String replaceSystemProperty(String urlWithPlaceholders)  {
+        String regex = "\\$\\{(.*?)\\}";
+        Pattern pattern = Pattern.compile(regex);
+        Matcher matchPattern = pattern.matcher(urlWithPlaceholders);
+        while (matchPattern.find()) {
+            String sysPropertyName = matchPattern.group(1);
+            String sysPropertyValue = System.getProperty(sysPropertyName);
+            if (sysPropertyValue != null && !sysPropertyName.isEmpty()) {
+                urlWithPlaceholders = urlWithPlaceholders.replaceAll("\\$\\{(" + sysPropertyName + ")\\}", sysPropertyValue);
+            }
+        }
+        return urlWithPlaceholders;
+    }
+
 }
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java
@ -66,7 +66,7 @@ public class BSTAuthenticator implements WebappAuthenticator {
                    "are not provided");
        }

-        String url = this.properties.getProperty("TokenValidationEndpointUrl");
+        String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl"));
        if ((url == null) || (url.isEmpty())) {
            throw new IllegalArgumentException("OAuth token validation endpoint url is not provided");
        }
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
@ -55,7 +55,7 @@ public class OAuthAuthenticator implements WebappAuthenticator {
                    "are not provided");
        }

-        String url = this.properties.getProperty("TokenValidationEndpointUrl");
+        String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl"));
        if ((url == null) || (url.isEmpty())) {
            throw new IllegalArgumentException("OAuth token validation endpoint url is not provided");
        }
--- a/features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/src/main/resources/conf/webapp-publisher-config.xml
+++ b/features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/src/main/resources/conf/webapp-publisher-config.xml
@ -24,7 +24,7 @@
 <WebappPublisherConfigs>

    <!-- This host is used to define the host address which is used to publish APIs -->
-    <Host>https://localhost:${carbon.https.port}</Host>
+    <Host>https://${iot.core.host}:${iot.core.https.port}</Host>

    <!-- If it is true, the APIs of this instance will be published to the defined host -->
    <PublishAPI>true</PublishAPI>
--- a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml
+++ b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml
@ -5,7 +5,7 @@
 			<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.OAuthAuthenticator</ClassName>
            <Parameters>
                <Parameter Name="IsRemote">false</Parameter>
-                <Parameter Name="TokenValidationEndpointUrl">https://localhost:9443</Parameter>
+                <Parameter Name="TokenValidationEndpointUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</Parameter>
                <Parameter Name="Username">admin</Parameter>
                <Parameter Name="Password">admin</Parameter>
                <Parameter Name="MaxTotalConnections">100</Parameter>
@ -23,6 +23,7 @@
 				<!--Issuers list and corresponding cert alias-->
                <Parameter Name="wso2.org/products/am">wso2carbon</Parameter>
 				<Parameter Name="wso2.org/products/iot">wso2carbon</Parameter>
+				<Parameter Name="wso2.org/products/analytics">wso2carbon</Parameter>
            </Parameters>
        </Authenticator>
        <Authenticator>
@ -34,7 +35,7 @@
            <ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.BSTAuthenticator</ClassName>
            <Parameters>
                <Parameter Name="IsRemote">false</Parameter>
-                <Parameter Name="TokenValidationEndpointUrl">https://localhost:9443</Parameter>
+                <Parameter Name="TokenValidationEndpointUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</Parameter>
                <Parameter Name="Username">admin</Parameter>
                <Parameter Name="Password">admin</Parameter>
                <Parameter Name="MaxTotalConnections">100</Parameter>