merged with origin after resolving conflicts

revert-70aa11f8
ayyoob 8 years ago
commit 671d931d3e

@ -344,84 +344,8 @@ public interface CertificateManagementAdminService {
defaultValue = "12438035315552875930") defaultValue = "12438035315552875930")
@PathParam("serialNumber") String serialNumber); @PathParam("serialNumber") String serialNumber);
// /**
// * Verify IOS Certificate for the API security filter
// *
// * @param certificate to be verified as a String
// * @return Status of the certificate verification.
// */
// @POST
// @Path("/verify/ios")
// @ApiOperation(
// consumes = MediaType.APPLICATION_JSON,
// produces = MediaType.APPLICATION_JSON,
// httpMethod = "POST",
// value = "Verify IOS SSL certificate",
// notes = "Verify IOS Certificate for the API security filter.\n",
// tags = "Certificate Management")
// @ApiResponses(
// value = {
// @ApiResponse(
// code = 200,
// message = "Return the status of the IOS certificate verification.",
// responseHeaders = {
// @ResponseHeader(
// name = "Content-Type",
// description = "The content type of the body")}),
// @ApiResponse(
// code = 400,
// message = "Bad Request. \n Invalid request or validation error.",
// response = ErrorResponse.class)
// })
// Response verifyIOSCertificate(
// @ApiParam(
// name = "certificate",
// value = "The properties to verify certificate. It includes the following: \n" +
// "serial: The unique ID of the certificate. (optional) \n" +
// "pem: mdm-signature of the certificate",
// required = true) EnrollmentCertificate certificate);
//
// /**
// * Verify Android Certificate for the API security filter
// *
// * @param certificate to be verified as a String
// * @return Status of the certificate verification.
// */
// @POST
// @Path("/verify/android")
// @ApiOperation(
// consumes = MediaType.APPLICATION_JSON,
// produces = MediaType.APPLICATION_JSON,
// httpMethod = "POST",
// value = "Verify Android SSL certificate",
// notes = "Verify Android Certificate for the API security filter.\n",
// tags = "Certificate Management")
// @ApiResponses(
// value = {
// @ApiResponse(
// code = 200,
// message = "Return the status of the Android certificate verification.",
// responseHeaders = {
// @ResponseHeader(
// name = "Content-Type",
// description = "The content type of the body")}),
// @ApiResponse(
// code = 400,
// message = "Bad Request. \n Invalid request or validation error.",
// response = ErrorResponse.class)
// })
// Response verifyAndroidCertificate(
// @ApiParam(
// name = "certificate",
// value = "The properties to verify certificate. It includes the following: \n" +
// "serial: The unique ID of the certificate. (optional) \n" +
// "pem: pem String of the certificate",
// required = true) EnrollmentCertificate certificate);
//
/** /**
* Verify Android Certificate for the API security filter * Verify Certificate for the API security filter
* *
* @param certificate to be verified as a String * @param certificate to be verified as a String
* @return Status of the certificate verification. * @return Status of the certificate verification.
@ -432,19 +356,20 @@ public interface CertificateManagementAdminService {
consumes = MediaType.APPLICATION_JSON, consumes = MediaType.APPLICATION_JSON,
produces = MediaType.APPLICATION_JSON, produces = MediaType.APPLICATION_JSON,
httpMethod = "POST", httpMethod = "POST",
value = "Verify Android SSL certificate", value = "Verify SSL certificate",
notes = "Verify Android Certificate for the API security filter.\n", notes = "Verify Certificate for the API security filter.\n",
tags = "Certificate Management", tags = "Certificate Management",
extensions = { extensions = {
@Extension(properties = { @Extension(properties = {
@ExtensionProperty(name = SCOPE, value = "perm:admin:certificates:add") @ExtensionProperty(name = SCOPE, value = "perm:admin:certificates:verify")
})
}) })
}
)
@ApiResponses( @ApiResponses(
value = { value = {
@ApiResponse( @ApiResponse(
code = 200, code = 200,
message = "Return the status of the Android certificate verification.", message = "Return the status of the certificate verification.",
responseHeaders = { responseHeaders = {
@ResponseHeader( @ResponseHeader(
name = "Content-Type", name = "Content-Type",

@ -79,6 +79,12 @@ import javax.ws.rs.core.Response;
key = "perm:devices:details", key = "perm:devices:details",
permissions = {"/device-mgt/devices/owning-device/view"} permissions = {"/device-mgt/devices/owning-device/view"}
), ),
@Scope(
name = "Update the device specified by device id",
description = "Update the device specified by device id",
key = "perm:devices:update",
permissions = {"/device-mgt/devices/owning-device/view"}
),
@Scope( @Scope(
name = "Delete the device specified by device id", name = "Delete the device specified by device id",
description = "Delete the device specified by device id", description = "Delete the device specified by device id",

@ -18,27 +18,36 @@
*/ */
package org.wso2.carbon.device.mgt.jaxrs.service.api; package org.wso2.carbon.device.mgt.jaxrs.service.api;
import io.swagger.annotations.SwaggerDefinition;
import io.swagger.annotations.Info;
import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Extension;
import io.swagger.annotations.Tag;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.Extension;
import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Info;
import io.swagger.annotations.ResponseHeader; import io.swagger.annotations.ResponseHeader;
import io.swagger.annotations.SwaggerDefinition;
import io.swagger.annotations.Tag;
import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.apimgt.annotations.api.Scopes; import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.device.mgt.common.policy.mgt.Policy;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants; import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
import org.wso2.carbon.device.mgt.common.policy.mgt.Policy;
import javax.validation.Valid; import javax.validation.Valid;
import javax.ws.rs.*; import javax.validation.constraints.Size;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import java.util.List; import java.util.List;
@ -118,6 +127,12 @@ import java.util.List;
description = "Updating the Policy Priorities", description = "Updating the Policy Priorities",
key = "perm:policies:priorities", key = "perm:policies:priorities",
permissions = {"/device-mgt/policies/manage"} permissions = {"/device-mgt/policies/manage"}
),
@Scope(
name = "Fetching the Effective Policy",
description = "Fetching the Effective Policy",
key = "perm:policies:effective-policy",
permissions = {"/device-mgt/policies/view"}
) )
} }
) )
@ -605,6 +620,69 @@ public interface PolicyManagementService {
@GET @GET
@Path("/effective-policy/{deviceType}/{deviceId}") @Path("/effective-policy/{deviceType}/{deviceId}")
Response getEffectivePolicy(@PathParam("deviceId") String deviceId, @PathParam("deviceType") String deviceType); @ApiOperation(
consumes = MediaType.APPLICATION_JSON,
produces = MediaType.APPLICATION_JSON,
httpMethod = "GET",
value = "Getting the Effective Policy",
notes = "Retrieve the effective policy of a device using this API.",
tags = "Device Policy Management",
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "perm:policies:effective-policy")
})
}
)
@ApiResponses(
value = {
@ApiResponse(
code = 200,
message = "OK. \n Successfully fetched the policy.",
response = Policy.class,
responseHeaders = {
@ResponseHeader(
name = "Content-Type",
description = "The content type of the body"),
@ResponseHeader(
name = "ETag",
description = "Entity Tag of the response resource.\n" +
"Used by caches, or in conditional requests."),
@ResponseHeader(
name = "Last-Modified",
description = "Date and time the resource was last modified.\n" +
"Used by caches, or in conditional requests."),
}
),
@ApiResponse(
code = 304,
message = "Not Modified. \n Empty body because the client already has the latest version of the requested resource.\n"),
@ApiResponse(
code = 404,
message = "Not Found. \n A specified policy was not found.",
response = ErrorResponse.class),
@ApiResponse(
code = 406,
message = "Not Acceptable.\n The requested media type is not supported."),
@ApiResponse(
code = 500,
message = "Internal Server Error. \n Server error occurred while fetching the " +
"policy.",
response = ErrorResponse.class)
})
Response getEffectivePolicy(
@ApiParam(
name = "deviceType",
value = "The device type, such as ios, android or windows.",
required = true,
allowableValues = "android, ios, windows")
@PathParam("deviceType")
@Size(max = 45)
String deviceType,
@ApiParam(
name = "deviceId",
value = "The device identifier of the device you want ot get details.",
required = true)
@PathParam("deviceId")
@Size(max = 45)
String deviceId);
} }

@ -771,11 +771,10 @@ public interface UserManagementService {
value = "Sending Enrollment Invitations to email address", value = "Sending Enrollment Invitations to email address",
notes = "Send the a mail inviting recipients to enroll devices.", notes = "Send the a mail inviting recipients to enroll devices.",
tags = "User Management", tags = "User Management",
authorizations = { extensions = {
@Authorization( @Extension(properties = {
value = "permission", @ExtensionProperty(name = Constants.SCOPE, value = "perm:users:send-invitation")
scopes = {@AuthorizationScope(scope = "/device-mgt/users/invite", description = "Invite Users")} })
)
} }
) )
@ApiResponses(value = { @ApiResponses(value = {

@ -376,7 +376,7 @@ public class PolicyManagementServiceImpl implements PolicyManagementService {
@GET @GET
@Path("/effective-policy/{deviceType}/{deviceId}") @Path("/effective-policy/{deviceType}/{deviceId}")
@Override @Override
public Response getEffectivePolicy(@PathParam("deviceId") String deviceId, @PathParam("deviceType") String deviceType) { public Response getEffectivePolicy(@PathParam("deviceType") String deviceType, @PathParam("deviceId") String deviceId) {
PolicyManagerService policyManagementService = DeviceMgtAPIUtils.getPolicyManagementService(); PolicyManagerService policyManagementService = DeviceMgtAPIUtils.getPolicyManagementService();
final Policy policy; final Policy policy;
try { try {

@ -140,6 +140,7 @@
"perm:admin:certificates:details", "perm:admin:certificates:details",
"perm:admin:certificates:view", "perm:admin:certificates:view",
"perm:admin:certificates:add", "perm:admin:certificates:add",
"perm:admin:certificates:verify",
"perm:admin" "perm:admin"
], ],
"isOAuthEnabled" : true, "isOAuthEnabled" : true,

@ -28,6 +28,7 @@ var handlers = function () {
var tokenUtil = require("/app/modules/oauth/token-handler-utils.js")["utils"]; var tokenUtil = require("/app/modules/oauth/token-handler-utils.js")["utils"];
var constants = require("/app/modules/constants.js"); var constants = require("/app/modules/constants.js");
var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"]; var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"];
var utility = require("/app/modules/utility.js")["utility"];
var publicMethods = {}; var publicMethods = {};
var privateMethods = {}; var privateMethods = {};
@ -49,6 +50,7 @@ var handlers = function () {
var tokenData; var tokenData;
// tokenPair will include current access token as well as current refresh token // tokenPair will include current access token as well as current refresh token
var arrayOfScopes = devicemgtProps["scopes"]; var arrayOfScopes = devicemgtProps["scopes"];
arrayOfScopes = arrayOfScopes.concat(utility.getDeviceTypesScopesList());
var stringOfScopes = ""; var stringOfScopes = "";
arrayOfScopes.forEach(function (entry) { arrayOfScopes.forEach(function (entry) {
stringOfScopes += entry + " "; stringOfScopes += entry + " ";
@ -78,19 +80,20 @@ var handlers = function () {
publicMethods["setupTokenPairBySamlGrantType"] = function (username, samlToken) { publicMethods["setupTokenPairBySamlGrantType"] = function (username, samlToken) {
if (!username || !samlToken) { if (!username || !samlToken) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " +
"saml grant type. Either username of logged in user, samlToken or both are missing " + "saml grant type. Either username of logged in user, samlToken or both are missing " +
"as input - setupTokenPairByPasswordGrantType(x, y)"); "as input - setupTokenPairBySamlGrantType(x, y)");
} else { } else {
privateMethods.setUpEncodedTenantBasedClientAppCredentials(username); privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
privateMethods.setUpEncodedTenantBasedWebSocketClientAppCredentials(username); privateMethods.setUpEncodedTenantBasedWebSocketClientAppCredentials(username);
var encodedClientAppCredentials = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]); var encodedClientAppCredentials = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]);
if (!encodedClientAppCredentials) { if (!encodedClientAppCredentials) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair " + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair " +
"by saml grant type. Encoded client credentials are " + "by saml grant type. Encoded client credentials are " +
"missing - setupTokenPairByPasswordGrantType(x, y)"); "missing - setupTokenPairBySamlGrantType(x, y)");
} else { } else {
var tokenData; var tokenData;
var arrayOfScopes = devicemgtProps["scopes"]; var arrayOfScopes = devicemgtProps["scopes"];
arrayOfScopes = arrayOfScopes.concat(utility.getDeviceTypesScopesList());
var stringOfScopes = ""; var stringOfScopes = "";
arrayOfScopes.forEach(function (entry) { arrayOfScopes.forEach(function (entry) {
stringOfScopes += entry + " "; stringOfScopes += entry + " ";
@ -98,11 +101,11 @@ var handlers = function () {
// accessTokenPair will include current access token as well as current refresh token // accessTokenPair will include current access token as well as current refresh token
tokenData = tokenUtil. tokenData = tokenUtil.
getTokenPairAndScopesBySAMLGrantType(samlToken, encodedClientAppCredentials, stringOfScopes); getTokenPairAndScopesBySAMLGrantType(samlToken, encodedClientAppCredentials, stringOfScopes);
if (!tokenData) { if (!tokenData) {
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up token " + throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up token " +
"pair by password grant type. Error in token " + "pair by password grant type. Error in token " +
"retrieval - setupTokenPairByPasswordGrantType(x, y)"); "retrieval - setupTokenPairBySamlGrantType(x, y)");
} else { } else {
var tokenPair = {}; var tokenPair = {};
tokenPair["accessToken"] = tokenData["accessToken"]; tokenPair["accessToken"] = tokenData["accessToken"];

@ -125,5 +125,33 @@ utility = function () {
return null; return null;
}; };
publicMethods.getDeviceTypesScopesList = function () {
var dirs = new File("/app/units/").listFiles();
var scopesList = [];
for (var i = 0; i < dirs.length; i++) {
var unitName = dirs[i].getName();
if (unitName.match(/^cdmf\.unit\.device\.type\..*\.type-view$/g)) {
var deviceTypeConfigFile = new File("/app/units/" + unitName + "/private/config.json");
if (deviceTypeConfigFile.isExists()) {
try {
deviceTypeConfigFile.open("r");
var config = deviceTypeConfigFile.readAll();
config = config.replace("%https.ip%", server.address("https"));
config = config.replace("%http.ip%", server.address("http"));
var deviceTypeConfig = parse(config);
if (deviceTypeConfig.deviceType && deviceTypeConfig.deviceType.scopes) {
scopesList = scopesList.concat(deviceTypeConfig.deviceType.scopes);
}
} catch (err) {
log.error("Error while reading device config file for `" + deviceType + "`: " + err);
} finally {
deviceTypeConfigFile.close();
}
}
}
}
return scopesList;
};
return publicMethods; return publicMethods;
}(); }();

Loading…
Cancel
Save