diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml
index a48a6ef2e8..2ec55c44aa 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml
@@ -173,6 +173,11 @@
org.wso2.carbon.device.mgt.common
provided
+
+ org.wso2.carbon
+ org.wso2.carbon.registry.core
+ provided
+
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java
index 9c1dfac4bd..5f05dfb337 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java
@@ -56,6 +56,9 @@ public class ApiPermissionFilter implements Filter {
PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
unmarshaller.unmarshal(permissionStream);
permissions = permissionConfiguration.getPermissions();
+ for (Permission permission : permissions) {
+ APIUtil.putPermission(PERMISSION_PREFIX + permission.getPath());
+ }
} catch (JAXBException e) {
log.error("invalid permissions.xml", e);
}
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java
index a3830019a5..cdce160c54 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java
@@ -21,12 +21,18 @@ package org.wso2.carbon.apimgt.application.extension.api.util;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService;
+import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
+import org.wso2.carbon.registry.api.Resource;
+import org.wso2.carbon.registry.core.Registry;
+import org.wso2.carbon.registry.core.exceptions.RegistryException;
+import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.core.service.RealmService;
import java.util.List;
+import java.util.StringTokenizer;
/**
* This class provides utility functions used by REST-API.
@@ -35,6 +41,8 @@ public class APIUtil {
private static Log log = LogFactory.getLog(APIUtil.class);
private static final String DEFAULT_CDMF_API_TAG = "device_management";
+ private static final String DEFAULT_CERT_API_TAG = "scep_management";
+ public static final String PERMISSION_PROPERTY_NAME = "name";
public static String getAuthenticatedUser() {
PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
@@ -48,8 +56,7 @@ public class APIUtil {
public static String getTenantDomainOftheUser() {
PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
- String tenantDomain = threadLocalCarbonContext.getTenantDomain();
- return tenantDomain;
+ return threadLocalCarbonContext.getTenantDomain();
}
public static APIManagementProviderService getAPIManagementProviderService() {
@@ -92,6 +99,55 @@ public class APIUtil {
//Todo get allowed cdmf service tags from config.
List allowedApisTags = getDeviceManagementProviderService().getAvailableDeviceTypes();
allowedApisTags.add(DEFAULT_CDMF_API_TAG);
+ allowedApisTags.add(DEFAULT_CERT_API_TAG);
return allowedApisTags;
}
+
+ public static void putPermission(String permission) {
+ try {
+ StringTokenizer tokenizer = new StringTokenizer(permission, "/");
+ String lastToken = "", currentToken, tempPath;
+ while (tokenizer.hasMoreTokens()) {
+ currentToken = tokenizer.nextToken();
+ tempPath = lastToken + "/" + currentToken;
+ if (!checkResourceExists(tempPath)) {
+ createRegistryCollection(tempPath, currentToken);
+
+ }
+ lastToken = tempPath;
+ }
+ } catch (org.wso2.carbon.registry.api.RegistryException e) {
+ log.error("Failed to creation permission in registry" + permission, e);
+ }
+ }
+
+ public static void createRegistryCollection(String path, String resourceName)
+ throws org.wso2.carbon.registry.api.RegistryException {
+ Resource resource = getGovernanceRegistry().newCollection();
+ resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
+ getGovernanceRegistry().beginTransaction();
+ getGovernanceRegistry().put(path, resource);
+ getGovernanceRegistry().commitTransaction();
+ }
+
+ public static boolean checkResourceExists(String path)
+ throws RegistryException {
+ return getGovernanceRegistry().resourceExists(path);
+ }
+
+ public static Registry getGovernanceRegistry() throws RegistryException {
+ return getRegistryService().getGovernanceSystemRegistry(MultitenantConstants.SUPER_TENANT_ID);
+ }
+
+ public static RegistryService getRegistryService() {
+ PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ RegistryService registryService =
+ (RegistryService) ctx.getOSGiService(RegistryService.class, null);
+ if (registryService == null) {
+ String msg = "registry service has not initialized.";
+ log.error(msg);
+ throw new IllegalStateException(msg);
+ }
+ return registryService;
+ }
}
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/META-INF/permissions.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/META-INF/permissions.xml
index 0124990741..591725fa12 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/META-INF/permissions.xml
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/META-INF/permissions.xml
@@ -37,14 +37,14 @@
Register application
- /device-mgt/user/api/application
+ /device-mgt/api/application
/register
POST
application_user
Delete application
- /device-mgt/user/api/application
+ /device-mgt/api/application
/unregister
DELETE
application_user
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml
index e771ee6c09..9850eb5da5 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml
@@ -35,10 +35,6 @@
CXFServlet
/*
-
- isAdminService
- false
-
doAuthentication
true
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java
index a8e872b991..2c2f21f19c 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java
@@ -74,6 +74,7 @@ public class AnnotationProcessor {
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_VALUE = "value";
private static final String ANNOTATIONS_SCOPES = "scopes";
private static final String ANNOTATIONS_SCOPE = "scope";
+ private static final String DEFAULT_SCOPE_NAME = "default admin scope";
private static final String DEFAULT_SCOPE_KEY = "perm:admin";
private static final String DEFAULT_SCOPE_PERMISSION = "/permision/device-mgt";
@@ -283,6 +284,8 @@ public class AnnotationProcessor {
log.warn("Scope is not defined for '" + makeContextURLReady(resourceRootContext) +
makeContextURLReady(subCtx) + "' endpoint, hence assigning the default scope");
scope = new Scope();
+ scope.setName(DEFAULT_SCOPE_NAME);
+ scope.setDescription(DEFAULT_SCOPE_NAME);
scope.setKey(DEFAULT_SCOPE_KEY);
scope.setRoles(DEFAULT_SCOPE_PERMISSION);
resource.setScope(scope);
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/WEB-INF/web.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/WEB-INF/web.xml
index 93933546b5..62a814568e 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/WEB-INF/web.xml
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/WEB-INF/web.xml
@@ -33,11 +33,6 @@
60
-
-
- isAdminService
- false
-
doAuthentication
true
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java
index 6376470834..a2b90633ea 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java
@@ -66,10 +66,10 @@ import javax.ws.rs.core.Response;
permissions = {"/device-mgt/admin/certificates/delete"}
),
@Scope(
- name = "Verifying an SSL Certificate",
- description = "Verifying an SSL Certificate",
+ name = "Verify SSL certificate",
+ description = "Verify SSL certificate",
key = "perm:admin:certificates:verify",
- permissions = {"/device-mgt/admin/certificates/details"}
+ permissions = {"/device-mgt/admin/certificates/verify"}
)
}
)
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/web.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/web.xml
index 0efd4bc25a..72020e147e 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/web.xml
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/web.xml
@@ -38,11 +38,6 @@
60
-
-
- isAdminService
- false
-
doAuthentication
true
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java
index 4087822376..2938b7bb96 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java
@@ -29,7 +29,6 @@ import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader;
-import org.json.JSONObject;
import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.common.Device;
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java
index bea9ebedd5..8a46b9b194 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java
@@ -22,9 +22,17 @@ import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
+import io.swagger.annotations.Extension;
+import io.swagger.annotations.ExtensionProperty;
+import io.swagger.annotations.Info;
+import io.swagger.annotations.SwaggerDefinition;
+import io.swagger.annotations.Tag;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
+import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult;
import org.wso2.carbon.device.mgt.jaxrs.beans.AuthorizationRequest;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
+import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
@@ -37,6 +45,32 @@ import javax.ws.rs.core.Response;
@Api(value = "Device Authorization Administrative Service", description = "This an API intended to be used by " +
"'internal' components to log in as an admin user and validate whether the user/device are trusted entity." +
"Further, this is strictly restricted to admin users only ")
+
+@SwaggerDefinition(
+ info = @Info(
+ version = "1.0.0",
+ title = "",
+ extensions = {
+ @Extension(properties = {
+ @ExtensionProperty(name = "name", value = "DeviceAccessAuthorizationAdminService"),
+ @ExtensionProperty(name = "context", value = "/api/device-mgt/v1.0/admin/authorization"),
+ })
+ }
+ ),
+ tags = {
+ @Tag(name = "device_management", description = "")
+ }
+)
+@Scopes(
+ scopes = {
+ @Scope(
+ name = "Verify device authorization",
+ description = "Verify device authorization",
+ key = "perm:authorization:verify",
+ permissions = {"/device-mgt/authorization/verify"}
+ )
+ }
+)
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
/**
@@ -52,7 +86,13 @@ public interface DeviceAccessAuthorizationAdminService {
value = "Check for device access authorization\n",
notes = "This is an internal API that can be used to check for authorization.",
response = DeviceAuthorizationResult.class,
- tags = "Authorization Administrative Service")
+ tags = "Authorization Administrative Service",
+ extensions = {
+ @Extension(properties = {
+ @ExtensionProperty(name = Constants.SCOPE, value = "perm:authorization:verify")
+ })
+ })
+
@ApiResponses(value = {
@ApiResponse(
code = 200,
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml
index 1f3c59562b..dc7eda629b 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml
@@ -40,30 +40,10 @@
60
-
- isAdminService
- false
-
doAuthentication
true
-
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java
index ec4c944243..52c59d753f 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java
@@ -71,7 +71,8 @@ public class AnnotationProcessor {
private static final String SWAGGER_ANNOTATIONS_PROPERTIES_PERMISSIONS = "permissions";
private static final String ANNOTATIONS_SCOPES = "scopes";
private static final String ANNOTATIONS_SCOPE = "scope";
-
+ private static final String DEFAULT_PERM_NAME = "default";
+ private static final String DEFAULT_PERM = "/device-mgt";
private static final String PERMISSION_PREFIX = "/permission/admin";
private StandardContext context;
@@ -252,7 +253,12 @@ public class AnnotationProcessor {
this.setPermission(annotations[i], permission);
}
}
- permissions.add(permission);
+ if (permission.getName() == null || permission.getPath() == null) {
+ log.warn("Permission not assigned to the resource url - " + permission.getMethod() + ":"
+ + permission.getUrl());
+ } else {
+ permissions.add(permission);
+ }
}
}
return permissions;
@@ -392,9 +398,15 @@ public class AnnotationProcessor {
.getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_VALUE, null), null);
if (!scopeKey.isEmpty()) {
scope = apiScopes.get(scopeKey);
- permission.setName(scope.getName());
- //TODO: currently permission tree supports only adding one permission per API point.
- permission.setPath(scope.getRoles().split(" ")[0]);
+ if (scope != null) {
+ permission.setName(scope.getName());
+ //TODO: currently permission tree supports only adding one permission per API point.
+ permission.setPath(scope.getRoles().split(" ")[0]);
+ } else {
+ log.warn("No Scope mapping is done for scope key: " + scopeKey);
+ permission.setName(DEFAULT_PERM_NAME);
+ permission.setPath(DEFAULT_PERM);
+ }
}
}
}
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json
index b944b2fa45..573d973b3a 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json
@@ -1,7 +1,7 @@
{
"appContext": "/devicemgt/",
- "httpsURL" : "https://localhost:8243",
- "httpURL" : "http://localhost:8280",
+ "httpsURL" : "https://%server.ip%:8243",
+ "httpURL" : "http://%server.ip%:8280",
"wssURL" : "https://localhost:9445",
"wsURL" : "%http.ip%",
"portalURL": "https://%server.ip%:9445",
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.url.printer/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.url.printer/pom.xml
index 83c552cb52..3a8e2a3b4c 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.url.printer/pom.xml
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.url.printer/pom.xml
@@ -59,7 +59,7 @@
${project.artifactId}
${carbon.device.mgt.version}
IoT Server Impl Bundle
- org.wso2.carbon.device.mgt.iot.url.printer.internal
+ org.wso2.carbon.device.mgt.url.printer.internal
org.osgi.framework,
org.osgi.service.component,
@@ -69,8 +69,8 @@
org.wso2.carbon.utils.*,
- !org.wso2.carbon.device.mgt.iot.url.printer.internal,
- org.wso2.carbon.device.mgt.iot.url.printer.*;version="${project.version}"
+ !org.wso2.carbon.device.mgt.url.printer.internal,
+ org.wso2.carbon.device.mgt.url.printer.*;version="${project.version}"
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java
index ac0130a39f..b139fa9e89 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java
@@ -35,6 +35,8 @@ import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
import java.util.Properties;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
public class Utils {
@@ -86,4 +88,18 @@ public class Utils {
}
}
+ public static String replaceSystemProperty(String urlWithPlaceholders) {
+ String regex = "\\$\\{(.*?)\\}";
+ Pattern pattern = Pattern.compile(regex);
+ Matcher matchPattern = pattern.matcher(urlWithPlaceholders);
+ while (matchPattern.find()) {
+ String sysPropertyName = matchPattern.group(1);
+ String sysPropertyValue = System.getProperty(sysPropertyName);
+ if (sysPropertyValue != null && !sysPropertyName.isEmpty()) {
+ urlWithPlaceholders = urlWithPlaceholders.replaceAll("\\$\\{(" + sysPropertyName + ")\\}", sysPropertyValue);
+ }
+ }
+ return urlWithPlaceholders;
+ }
+
}
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java
index 36d1da87cb..5a357a3ab5 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java
@@ -41,7 +41,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
@Override
public void invoke(Request request, Response response, CompositeValve compositeValve) {
- if (this.isContextSkipped(request) || (!this.isAdminService(request) && this.skipAuthentication(request))) {
+ if (this.isContextSkipped(request) || this.skipAuthentication(request)) {
this.getNext().invoke(request, response, compositeValve);
return;
}
@@ -74,11 +74,6 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
}
}
- private boolean isAdminService(Request request) {
- String param = request.getContext().findParameter("isAdminService");
- return (param != null && Boolean.parseBoolean(param));
- }
-
private boolean skipAuthentication(Request request) {
String param = request.getContext().findParameter("doAuthentication");
return (param == null || !Boolean.parseBoolean(param) || isNonSecuredEndPoint(request));
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java
index 51e92a139b..ceb78d8a34 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java
@@ -66,7 +66,7 @@ public class BSTAuthenticator implements WebappAuthenticator {
"are not provided");
}
- String url = this.properties.getProperty("TokenValidationEndpointUrl");
+ String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl"));
if ((url == null) || (url.isEmpty())) {
throw new IllegalArgumentException("OAuth token validation endpoint url is not provided");
}
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java
index b269f7c285..81f885cd36 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java
@@ -62,7 +62,7 @@ public class JWTAuthenticator implements WebappAuthenticator {
private static final String DEFAULT_TRUST_STORE_LOCATION = "Security.TrustStore.Location";
private static final String DEFAULT_TRUST_STORE_PASSWORD = "Security.TrustStore.Password";
- private static final Map publicKeyHolder = new HashMap<>();
+ private static final Map publicKeyHolder = new HashMap<>();
private Properties properties;
private static void loadTenantRegistry(int tenantId) throws RegistryException {
@@ -106,46 +106,37 @@ public class JWTAuthenticator implements WebappAuthenticator {
String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME);
String tenantDomain = MultitenantUtils.getTenantDomain(username);
int tenantId = Integer.parseInt(jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_TENANT_ID));
+ String issuer = jwsObject.getJWTClaimsSet().getIssuer();
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId);
- PublicKey publicKey = publicKeyHolder.get(tenantDomain);
+ IssuerAlias issuerAlias = new IssuerAlias(issuer, tenantDomain);
+ PublicKey publicKey = publicKeyHolder.get(issuerAlias);
if (publicKey == null) {
loadTenantRegistry(tenantId);
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
- String defaultPublicKey = properties.getProperty("DefaultPublicKey");
- if (defaultPublicKey != null && !defaultPublicKey.isEmpty()) {
- boolean isDefaultPublicKey = Boolean.parseBoolean(defaultPublicKey);
- if (isDefaultPublicKey) {
- publicKey = keyStoreManager.getDefaultPublicKey();
- } else {
- String alias = properties.getProperty("KeyAlias");
- if (alias != null && !alias.isEmpty()) {
- ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
- KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
- String trustStorePath = serverConfig.getFirstProperty(DEFAULT_TRUST_STORE_LOCATION);
- String trustStorePassword = serverConfig.getFirstProperty(
- DEFAULT_TRUST_STORE_PASSWORD);
- keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());
- publicKey = keyStore.getCertificate(alias).getPublicKey();
- } else {
- authenticationInfo.setStatus(Status.FAILURE);
- return authenticationInfo;
- }
- }
-
+ String alias = properties.getProperty(issuer);
+ if (alias != null && !alias.isEmpty()) {
+ ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
+ KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+ String trustStorePath = serverConfig.getFirstProperty(DEFAULT_TRUST_STORE_LOCATION);
+ String trustStorePassword = serverConfig.getFirstProperty(
+ DEFAULT_TRUST_STORE_PASSWORD);
+ keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());
+ publicKey = keyStore.getCertificate(alias).getPublicKey();
} else {
- publicKey = keyStoreManager.getDefaultPublicKey();
+ authenticationInfo.setStatus(Status.FAILURE);
+ return authenticationInfo;
}
-
} else {
String ksName = tenantDomain.trim().replace('.', '-');
String jksName = ksName + ".jks";
publicKey = keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain).getPublicKey();
}
if (publicKey != null) {
- publicKeyHolder.put(tenantDomain, publicKey);
+ issuerAlias = new IssuerAlias(tenantDomain);
+ publicKeyHolder.put(issuerAlias, publicKey);
}
}
@@ -205,4 +196,34 @@ public class JWTAuthenticator implements WebappAuthenticator {
}
return this.properties.getProperty(name);
}
+
+ private class IssuerAlias {
+
+ private String issuer;
+ private String tenantDomain;
+ private final String DEFAULT_ISSUER = "default";
+
+ public IssuerAlias(String tenantDomain) {
+ this.issuer = DEFAULT_ISSUER;
+ this.tenantDomain = tenantDomain;
+ }
+
+ public IssuerAlias(String issuer, String tenantDomain) {
+ this.issuer = issuer;
+ this.tenantDomain = tenantDomain;
+ }
+
+ @Override
+ public int hashCode() {
+ int result = this.issuer.hashCode();
+ result = 31 * result + ("@" + this.tenantDomain).hashCode();
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ return (obj instanceof IssuerAlias) && issuer.equals(
+ ((IssuerAlias) obj).issuer) && tenantDomain == ((IssuerAlias) obj).tenantDomain;
+ }
+ }
}
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
index 797a4f5afd..0033e54dd8 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java
@@ -55,7 +55,7 @@ public class OAuthAuthenticator implements WebappAuthenticator {
"are not provided");
}
- String url = this.properties.getProperty("TokenValidationEndpointUrl");
+ String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl"));
if ((url == null) || (url.isEmpty())) {
throw new IllegalArgumentException("OAuth token validation endpoint url is not provided");
}
diff --git a/features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/src/main/resources/conf/webapp-publisher-config.xml b/features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/src/main/resources/conf/webapp-publisher-config.xml
index 214e5aa38d..067a6af7f8 100644
--- a/features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/src/main/resources/conf/webapp-publisher-config.xml
+++ b/features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/src/main/resources/conf/webapp-publisher-config.xml
@@ -24,7 +24,7 @@
- https://localhost:${carbon.https.port}
+ https://${iot.core.host}:${iot.core.https.port}
true
diff --git a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/pom.xml b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/pom.xml
index ba37ab67c8..a18ed81000 100644
--- a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/pom.xml
+++ b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/pom.xml
@@ -122,6 +122,9 @@
org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.common:${carbon.device.mgt.version}
+
+ org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.url.printer:${carbon.device.mgt.version}
+
diff --git a/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties b/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties
index 9e4021a913..3c38465581 100644
--- a/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties
+++ b/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties
@@ -17,13 +17,13 @@
#
#issuer of the JWT
-iss=iot_default
+iss=wso2.org/products/iot
-TokenEndpoint=https://localhost:${carbon.https.port}/oauth2/token
+TokenEndpoint=https://${iot.keymanager.host}:${iot.keymanager.https.port}/oauth2/token
#audience of JWT claim
#comma seperated values
-aud=wso2.org/products/iot
+aud=devicemgt
#expiration time of JWT (number of minutes from the current time)
exp=1000
diff --git a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml
index 115442d9df..b3a4f47c17 100644
--- a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml
+++ b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml
@@ -5,7 +5,7 @@
org.wso2.carbon.webapp.authenticator.framework.authenticator.OAuthAuthenticator
false
- https://localhost:9443
+ https://${iot.keymanager.host}:${iot.keymanager.https.port}
admin
admin
100
@@ -20,9 +20,10 @@
JWT
org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator
- true
-
-
+
+ wso2carbon
+ wso2carbon
+ wso2carbon
@@ -34,7 +35,7 @@
org.wso2.carbon.webapp.authenticator.framework.authenticator.BSTAuthenticator
false
- https://localhost:9443
+ https://${iot.keymanager.host}:${iot.keymanager.https.port}
admin
admin
100