Merge pull request #395 from Megala21/master

Fixing EMM-1752 and EMM-1755
8 years ago · 7666bbfd05
parent 6a55e1be83 3416ae78c4
commit 7666bbfd05
19 changed files with 227 additions and 90 deletions
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml
@ -175,7 +175,6 @@
        <dependency>
            <groupId>org.wso2.carbon</groupId>
            <artifactId>org.wso2.carbon.user.core</artifactId>
-            <version>4.4.3</version>
        </dependency>
        <dependency>
            <groupId>org.wso2.carbon.registry</groupId>
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java
@ -172,6 +172,11 @@ public interface RoleManagementService {
                    required = true,
                    defaultValue = "Engineer")
            @PathParam("roleName") String roleName,
+            @ApiParam(
+                    name = "user-store",
+                    value = "The name of the user store from which you wish to get the permission of role.",
+                    required = false)
+            @QueryParam("user-store") String userStoreName,
            @ApiParam(
                    name = "If-Modified-Since",
                    value = "Checks if the requested variant was modified, since the specified date-time." +
@ -237,6 +242,11 @@ public interface RoleManagementService {
                    required = true,
                    defaultValue = "admin")
            @PathParam("roleName") String roleName,
+            @ApiParam(
+                    name = "user-store",
+                    value = "The name of the user store which the particular of role resides in",
+                    required = false)
+            @QueryParam("user-store") String userStoreName,
            @ApiParam(
                    name = "If-Modified-Since",
                    value = "Checks if the requested variant was modified, since the specified date-time." +
@ -355,7 +365,12 @@ public interface RoleManagementService {
                    value = "The properties required to update a role.\n" +
                            "NOTE: Don't change the role and the permissions of the admin user. " +
                            "If you want to try out this API by updating all the properties, create a new role and update the properties accordingly.",
-                    required = true) RoleInfo role);
+                    required = true) RoleInfo role,
+            @ApiParam(
+                    name = "user-store",
+                    value = "The name of the user store which the particular role resides in.",
+                    required = false)
+            @QueryParam("user-store") String userStoreName);

    @DELETE
    @Path("/{roleName}")
@ -389,7 +404,12 @@ public interface RoleManagementService {
                    value = "The name of the role that needs to de deleted.\n" +
                            "NOTE: Don't delete the admin role",
                    required = true)
-            @PathParam("roleName") String roleName);
+            @PathParam("roleName") String roleName,
+            @ApiParam(
+                    name = "user-store",
+                    value = "The name of the user store which the particular role resides in.",
+                    required = false)
+            @QueryParam("user-store") String userStoreName);

    @PUT
    @Path("/{roleName}/users")
@ -449,6 +469,11 @@ public interface RoleManagementService {
                    required = true,
                    defaultValue = "admin")
            @PathParam("roleName") String roleName,
+            @ApiParam(
+                    name = "user-store",
+                    value = "The name of the user store which the particular role resides in.",
+                    required = false)
+            @QueryParam("user-store") String userStoreName,
            @ApiParam(
                    name = "users",
                    value = "Define the users that belong to the role.\n" +
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java
@ -457,6 +457,11 @@ public interface UserManagementService {
                    value = "Provide a character or a few character in the user name",
                    required = true)
            @QueryParam("filter") String filter,
+            @ApiParam(
+                    name = "domain",
+                    value = "The user store domain which the user names should be fetched from",
+                    required = false)
+            @QueryParam("domain") String domain,
            @ApiParam(
                    name = "If-Modified-Since",
                    value = "Checks if the requested variant was modified, since the specified date-time\n." +
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/RoleManagementServiceImpl.java
@ -22,17 +22,13 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.base.MultitenantConstants;
-import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementException;
-import org.wso2.carbon.device.mgt.common.scope.mgt.ScopeManagementService;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
 import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
 import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
-import org.wso2.carbon.device.mgt.jaxrs.beans.Scope;
 import org.wso2.carbon.device.mgt.jaxrs.service.api.RoleManagementService;
 import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.FilteringUtil;
 import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
 import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
-import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtUtil;
 import org.wso2.carbon.device.mgt.jaxrs.util.SetReferenceTransformer;
 import org.wso2.carbon.user.api.*;
 import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
@ -43,12 +39,16 @@ import org.wso2.carbon.user.mgt.common.UserAdminException;
 import javax.ws.rs.*;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
+import java.io.UnsupportedEncodingException;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.net.URLEncoder;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;

+import static org.wso2.carbon.device.mgt.jaxrs.util.Constants.PRIMARY_USER_STORE;
+
@Path("/roles")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ -56,7 +56,6 @@ public class RoleManagementServiceImpl implements RoleManagementService {

    private static final String API_BASE_PATH = "/roles";
    private static final Log log = LogFactory.getLog(RoleManagementServiceImpl.class);
-    private static final String PRIMARY_USER_STORE = "PRIMARY";

    @GET
    @Override
@ -94,9 +93,11 @@ public class RoleManagementServiceImpl implements RoleManagementService {
    @GET
    @Path("/{roleName}/permissions")
    @Override
-    public Response getPermissionsOfRole(
-            @PathParam("roleName") String roleName,
-            @HeaderParam("If-Modified-Since") String ifModifiedSince) {
+    public Response getPermissionsOfRole(@PathParam("roleName") String roleName,
+            @QueryParam("user-store") String userStoreName, @HeaderParam("If-Modified-Since") String ifModifiedSince) {
+        if (userStoreName != null && !userStoreName.isEmpty()) {
+            roleName = userStoreName + "/" + roleName;
+        }
        RequestValidationUtil.validateRoleName(roleName);
        try {
            final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
@ -164,11 +165,14 @@ public class RoleManagementServiceImpl implements RoleManagementService {
    @GET
    @Path("/{roleName}")
    @Override
-    public Response getRole(@PathParam("roleName") String roleName,
-                            @HeaderParam("If-Modified-Since") String ifModifiedSince) {
+    public Response getRole(@PathParam("roleName") String roleName, @QueryParam("user-store") String userStoreName,
+            @HeaderParam("If-Modified-Since") String ifModifiedSince) {
        if (log.isDebugEnabled()) {
            log.debug("Getting the list of user roles");
        }
+        if (userStoreName != null && !userStoreName.isEmpty()) {
+            roleName = userStoreName + "/" + roleName;
+        }
        RequestValidationUtil.validateRoleName(roleName);
        RoleInfo roleInfo = new RoleInfo();
        try {
@ -229,9 +233,9 @@ public class RoleManagementServiceImpl implements RoleManagementService {
            userStoreManager.addRole(roleInfo.getRoleName(), roleInfo.getUsers(), permissions);

            //TODO fix what's returned in the entity
-            return Response.created(new URI(API_BASE_PATH + "/" + roleInfo.getRoleName())).entity(
-                    "Role '" + roleInfo.getRoleName() + "' has " +
-                            "successfully been added").build();
+            return Response.created(new URI(API_BASE_PATH + "/" + URLEncoder.encode(roleInfo.getRoleName(), "UTF-8"))).
+                    entity("Role '" + roleInfo.getRoleName() + "' has " + "successfully been"
+                    + " added").build();
        } catch (UserStoreException e) {
            String msg = "Error occurred while adding role '" + roleInfo.getRoleName() + "'";
            log.error(msg, e);
@ -243,13 +247,22 @@ public class RoleManagementServiceImpl implements RoleManagementService {
            log.error(msg, e);
            return Response.serverError().entity(
                    new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
+        } catch (UnsupportedEncodingException e) {
+            String msg = "Error occurred while encoding role name";
+            log.error(msg, e);
+            return Response.serverError().entity(
+                    new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
        }
    }

    @PUT
    @Path("/{roleName}")
    @Override
-    public Response updateRole(@PathParam("roleName") String roleName, RoleInfo roleInfo) {
+    public Response updateRole(@PathParam("roleName") String roleName, RoleInfo roleInfo,
+            @QueryParam("user-store") String userStoreName) {
+        if (userStoreName != null && !userStoreName.isEmpty()) {
+            roleName = userStoreName + "/" + roleName;
+        }
        RequestValidationUtil.validateRoleName(roleName);
        RequestValidationUtil.validateRoleDetails(roleInfo);
        try {
@ -306,7 +319,10 @@ public class RoleManagementServiceImpl implements RoleManagementService {
    @DELETE
    @Path("/{roleName}")
    @Override
-    public Response deleteRole(@PathParam("roleName") String roleName) {
+    public Response deleteRole(@PathParam("roleName") String roleName, @QueryParam("user-store") String userStoreName) {
+        if (userStoreName != null && !userStoreName.isEmpty()) {
+            roleName = userStoreName + "/" + roleName;
+        }
        RequestValidationUtil.validateRoleName(roleName);
        try {
            final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
@ -337,7 +353,11 @@ public class RoleManagementServiceImpl implements RoleManagementService {
    @PUT
    @Path("/{roleName}/users")
    @Override
-    public Response updateUsersOfRole(@PathParam("roleName") String roleName, List<String> users) {
+    public Response updateUsersOfRole(@PathParam("roleName") String roleName,
+            @QueryParam("user-store") String userStoreName, List<String> users) {
+        if (userStoreName != null && !userStoreName.isEmpty()) {
+            roleName = userStoreName + "/" + roleName;
+        }
        RequestValidationUtil.validateRoleName(roleName);
        RequestValidationUtil.validateUsers(users);
        try {
@ -372,7 +392,11 @@ public class RoleManagementServiceImpl implements RoleManagementService {
        if (log.isDebugEnabled()) {
            log.debug("Getting the list of user roles");
        }
-        roles = userStoreManager.getRoleNames(userStore+"/*", -1, false, true, true);
+        if (userStore.equals("all")) {
+            roles = userStoreManager.getRoleNames("*", -1, false, true, true);
+        } else {
+            roles = userStoreManager.getRoleNames(userStore + "/*", -1, false, true, true);
+        }
        // removing all internal roles, roles created for Service-providers and application related roles.
        List<String> filteredRoles = new ArrayList<>();
        for (String role : roles) {
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java
@ -21,6 +21,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.impl;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.eclipse.wst.common.uriresolver.internal.util.URIEncoder;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
 import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
 import org.wso2.carbon.device.mgt.core.service.EmailMetaInfo;
@ -36,6 +37,7 @@ import org.wso2.carbon.user.api.UserStoreManager;
 import javax.ws.rs.*;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
+import java.io.UnsupportedEncodingException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.security.SecureRandom;
@ -85,7 +87,8 @@ public class UserManagementServiceImpl implements UserManagementService {
            if (log.isDebugEnabled()) {
                log.debug("User by username: " + userInfo.getUsername() + " was found.");
            }
-            return Response.created(new URI(API_BASE_PATH + "/" + userInfo.getUsername())).entity(
+            return Response.created(new URI(API_BASE_PATH + "/" + URIEncoder.encode(userInfo.getUsername(), "UTF-8")))
+                    .entity(
                    createdUserInfo).build();
        } catch (UserStoreException e) {
            String msg = "Error occurred while trying to add user '" + userInfo.getUsername() + "' to the " +
@ -99,6 +102,12 @@ public class UserManagementServiceImpl implements UserManagementService {
            log.error(msg, e);
            return Response.serverError().entity(
                    new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
+        } catch (UnsupportedEncodingException e) {
+            String msg = "Error occurred while encoding username in the URI for the newly created user " +
+                    userInfo.getUsername();
+            log.error(msg, e);
+            return Response.serverError().entity(
+                    new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
        }
    }

@ -353,28 +362,32 @@ public class UserManagementServiceImpl implements UserManagementService {
    @GET
    @Path("/search/usernames")
    @Override
-    public Response getUserNames(@QueryParam("filter") String filter, @HeaderParam("If-Modified-Since") String timestamp,
+    public Response getUserNames(@QueryParam("filter") String filter, @QueryParam("domain") String domain,
+            @HeaderParam("If-Modified-Since") String timestamp,
                                 @QueryParam("offset") int offset, @QueryParam("limit") int limit) {
        if (log.isDebugEnabled()) {
            log.debug("Getting the list of users with all user-related information using the filter : " + filter);
        }
+        String userStoreDomain = Constants.PRIMARY_USER_STORE;
+        if (domain != null && !domain.isEmpty()) {
+            userStoreDomain = domain;
+        }
        List<UserInfo> userList;
        try {
            UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
-            String[] users = userStoreManager.listUsers(filter + "*", -1);
-            userList = new ArrayList<>(users.length);
+            String[] users = userStoreManager.listUsers(userStoreDomain + "/*", -1);
+            userList = new ArrayList<>();
            UserInfo user;
            for (String username : users) {
-                user = new UserInfo();
-                user.setUsername(username);
-                user.setEmailAddress(getClaimValue(username, Constants.USER_CLAIM_EMAIL_ADDRESS));
-                user.setFirstname(getClaimValue(username, Constants.USER_CLAIM_FIRST_NAME));
-                user.setLastname(getClaimValue(username, Constants.USER_CLAIM_LAST_NAME));
-                userList.add(user);
+                if (username.contains(filter)) {
+                    user = new UserInfo();
+                    user.setUsername(username);
+                    user.setEmailAddress(getClaimValue(username, Constants.USER_CLAIM_EMAIL_ADDRESS));
+                    user.setFirstname(getClaimValue(username, Constants.USER_CLAIM_FIRST_NAME));
+                    user.setLastname(getClaimValue(username, Constants.USER_CLAIM_LAST_NAME));
+                    userList.add(user);
+                }
            }
-//            if (userList.size() <= 0) {
-//                return Response.status(Response.Status.NOT_FOUND).entity("No user is available to be retrieved").build();
-//            }
            return Response.status(Response.Status.OK).entity(userList).build();
        } catch (UserStoreException e) {
            String msg = "Error occurred while retrieving the list of users using the filter : " + filter;
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/Constants.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/Constants.java
@ -26,6 +26,7 @@ public class Constants {
 	public static final String USER_CLAIM_EMAIL_ADDRESS = "http://wso2.org/claims/emailaddress";
 	public static final String USER_CLAIM_FIRST_NAME = "http://wso2.org/claims/givenname";
 	public static final String USER_CLAIM_LAST_NAME = "http://wso2.org/claims/lastname";
+	public static final String PRIMARY_USER_STORE = "PRIMARY";

 	public final class ErrorMessages {
 		private ErrorMessages () { throw new AssertionError(); }
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/user.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/user.js
@ -187,7 +187,7 @@ var userModule = function () {
            var url = devicemgtProps["httpsURL"] + devicemgtProps["backendRestEndpoints"]["deviceMgt"] + "/users/" +
                encodeURIComponent(username);
            if (domain) {
-                url += '?domain=' + domain;
+                url += '?domain=' + encodeURIComponent(domain);
            }
            var response = privateMethods.callBackend(url, constants["HTTP_GET"]);
            response["content"] = parse(response.content);
@ -217,7 +217,7 @@ var userModule = function () {
            var url = devicemgtProps["httpsURL"] + devicemgtProps["backendRestEndpoints"]["deviceMgt"] + "/users/" +
                encodeURIComponent(username) + "/roles";
            if (domain) {
-                url += '?domain=' + domain;
+                url += '?domain=' + encodeURIComponent(domain);
            }
            var response = privateMethods.callBackend(url, constants["HTTP_GET"]);
            if (response.status == "success") {
@ -268,7 +268,7 @@ var userModule = function () {
        try {
            utility.startTenantFlow(carbonUser);
            var url = devicemgtProps["httpsURL"] + devicemgtProps["backendRestEndpoints"]["deviceMgt"] +
-                "/roles?offset=0&limit=100";
+                "/roles?offset=0&limit=100&user-store=all";
            var response = privateMethods.callBackend(url, constants["HTTP_GET"]);
            if (response.status == "success") {
                response.content = parse(response.content).roles;
@ -294,7 +294,7 @@ var userModule = function () {
        try {
            utility.startTenantFlow(carbonUser);
            var url = devicemgtProps["httpsURL"] + devicemgtProps["backendRestEndpoints"]["deviceMgt"] +
-                "/roles?offset=0&limit=1";
+                "/roles?offset=0&limit=1&user-store=all";
            return serviceInvokers.XMLHttp.get(
                url, function (responsePayload) {
                    return parse(responsePayload["responseText"])["count"];
@ -328,7 +328,7 @@ var userModule = function () {
        try {
            utility.startTenantFlow(carbonUser);
            var url = devicemgtProps["httpsURL"] + devicemgtProps["backendRestEndpoints"]["deviceMgt"] +
-                "/roles?user-store=" + userStore + "&limit=100";
+                "/roles?user-store=" + encodeURIComponent(userStore) + "&limit=100";
            var response = privateMethods.callBackend(url, constants["HTTP_GET"]);
            if (response.status == "success") {
                response.content = parse(response.content).roles;
@ -374,14 +374,22 @@ var userModule = function () {
    publicMethods.getRole = function (roleName) {
        var carbonUser = session.get(constants["USER_SESSION_KEY"]);
        var utility = require("/app/modules/utility.js")["utility"];
+        var userStore;
        if (!carbonUser) {
            log.error("User object was not found in the session");
            throw constants["ERRORS"]["USER_NOT_FOUND"];
        }
        try {
            utility.startTenantFlow(carbonUser);
+            if (roleName.indexOf('/') > 0) {
+                userStore = roleName.substr(0, roleName.indexOf('/'));
+                roleName = roleName.substr(roleName.indexOf('/') + 1);
+            }
            var url = devicemgtProps["httpsURL"] + devicemgtProps["backendRestEndpoints"]["deviceMgt"] +
                "/roles/" + encodeURIComponent(roleName);
+            if (userStore) {
+                url += "?user-store=" + encodeURIComponent(userStore);
+            }
            var response = privateMethods.callBackend(url, constants["HTTP_GET"]);
            if (response.status == "success") {
                response.content = parse(response.content);
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.create/create.hbs
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.create/create.hbs
@ -94,7 +94,8 @@
                                       data-error-msg="{{roleNameRegExViolationErrorMsg}}" class="form-control" />
                                <span class="roleNameError hidden glyphicon glyphicon-remove form-control-feedback"></span>
                                <label class="error roleNameEmpty hidden" for="summary">
-                                    Role name is required, should be in minimum 3 characters long and not include any whitespaces.
+                                    Role name is required, should be in minimum 3 characters long and not include any
+                                    whitespaces or "@" character or "/" character.
                                </label>
                            </div>
                            {{#if canViewUsers}}
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.create/public/js/bottomJs.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.create/public/js/bottomJs.js
@ -32,6 +32,7 @@ var validateInline = {};
 var clearInline = {};

 var apiBasePath = "/api/device-mgt/v1.0";
+var domain = $("#domain").val();

 var enableInlineError = function (inputField, errorMsg, errorSign) {
    var fieldIdentifier = "#" + inputField;
@ -82,7 +83,8 @@ clearInline["role-name"] = function () {
 */
 validateInline["role-name"] = function () {
    var roleNameInput = $("input#roleName");
-    if (inputIsValid( roleNameInput.data("regex"), roleNameInput.val())) {
+    var roleName = roleNameInput.val();
+    if (inputIsValid( roleNameInput.data("regex"), roleName) && roleName.indexOf("@") < 0 && roleName.indexOf("/") < 0) {
        disableInlineError("roleNameField", "roleNameEmpty", "roleNameError");
    } else {
        enableInlineError("roleNameField", "roleNameEmpty", "roleNameError");
@ -127,7 +129,8 @@ $(document).ready(function () {
            data: function (params) {
                var postData = {};
                postData.requestMethod = "GET";
-                postData.requestURL = "/api/device-mgt/v1.0/users/search/usernames?filter=" + params.term;
+                postData.requestURL = "/api/device-mgt/v1.0/users/search/usernames?filter=" + params.term +
+                    "&domain=" + encodeURIComponent(domain);
                postData.requestPayload = null;
                return JSON.stringify(postData);
            },
@ -170,7 +173,8 @@ $(document).ready(function () {
        if (!roleName) {
            $(errorMsg).text("Role name is a required field. It cannot be empty.");
            $(errorMsgWrapper).removeClass("hidden");
-        } else if (!inputIsValid(roleNameInput.data("regex"), roleName)) {
+        } else if (!inputIsValid(roleNameInput.data("regex"), roleName) || roleName.indexOf("@") >= 0 ||
+            roleName.indexOf("/") >= 0) {
            $(errorMsg).text(roleNameInput.data("error-msg"));
            $(errorMsgWrapper).removeClass("hidden");
        } else if (!domain) {
@ -201,7 +205,8 @@ $(document).ready(function () {
                        $("input#roleName").val("");
                        $("#domain").val("PRIMARY");
                        $("#users").val("");
-                        window.location.href = appContext + "/role/edit-permission/" + roleName;
+                        window.location.href = appContext + "/role/edit-permission/?rolename=" +
+                            encodeURIComponent(addRoleFormData.roleName);
                    }
                },
                function (jqXHR) {
@ -222,4 +227,12 @@ $(document).ready(function () {
    $(roleNameInputElement).blur(function() {
        validateInline["role-name"]();
    });
+
+    /* When the user store domain value is changed, the users who are assigned to that role should be removed, as
+       user and role can be mapped only if both are in same user store
+     */
+    $("#domain").change(function () {
+        $("#users").select2("val", "");
+        domain = $("#domain").val();
+    });
 });
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.edit.permission/permission.json
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.edit.permission/permission.json
@ -1,5 +1,5 @@
 {
    "version": "1.0.0",
-    "uri": "/role/edit-permission/{+any}",
+    "uri": "/role/edit-permission/",
    "layout": "cdmf.layout.default"
 }
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.edit/edit.json
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.edit/edit.json
@ -1,5 +1,5 @@
 {
    "version": "1.0.0",
-    "uri": "/role/edit/{+any}",
+    "uri": "/role/edit/",
    "layout": "cdmf.layout.default"
 }
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.roles/public/js/role-listing.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.roles/public/js/role-listing.js
@ -17,7 +17,7 @@
 */

 var loadRoleBasedActionURL = function (action, rolename) {
-    var href = $("#ast-container").data("app-context") + "role/" + action + "/" + rolename;
+    href = $("#ast-container").data("app-context") + "role/" + action + "/?rolename=" + encodeURIComponent(rolename);
    $(location).attr('href', href);
 };

@ -188,7 +188,7 @@ function loadRoles() {
        "sorting": false
    };

-    $('#role-grid').datatables_extended_serverside_paging(settings, '/api/device-mgt/v1.0/roles', dataFilter, columns, fnCreatedRow, null, options);
+    $('#role-grid').datatables_extended_serverside_paging(settings, '/api/device-mgt/v1.0/roles?user-store=all', dataFilter, columns, fnCreatedRow, null, options);
    loadingContent.hide();

 }
@ -201,8 +201,15 @@ function loadRoles() {
 */
 $("#role-grid").on("click", ".remove-role-link", function () {
    var role = $(this).data("role");
-    var removeRoleAPI = apiBasePath + "/roles/" + role;
-
+    var userStore;
+    if (role.indexOf('/') > 0) {
+        userStore = role.substr(0, role.indexOf('/'));
+        role = role.substr(role.indexOf('/') + 1);
+    }
+    var removeRoleAPI = apiBasePath + "/roles/" + encodeURIComponent(role);
+    if (userStore) {
+        removeRoleAPI += "?user-store=" + encodeURIComponent(userStore);
+    }
    $(modalPopupContent).html($('#remove-role-modal-content').html());
    showPopup();

@ -210,7 +217,10 @@ $("#role-grid").on("click", ".remove-role-link", function () {
        invokerUtil.delete(
            removeRoleAPI,
            function () {
-                $("#role-" + role).remove();
+                if (userStore) {
+                    role = userStore + '/' + role;
+                }
+                $('[id="role-' + role + '"]').remove();
                $(modalPopupContent).html($('#remove-role-success-content').html());
                $("a#remove-role-success-link").click(function () {
                    hidePopup();
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.create/public/js/bottomJs.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.create/public/js/bottomJs.js
@ -180,8 +180,7 @@ $("#userStore").change(
            str += $(this).text() + "";
        });
        if ($("#roles").length > 0) {
-            var getRolesAPI = deviceMgtAPIsBasePath + "/roles?user-store=" + str + "&limit=100";
-
+            var getRolesAPI = deviceMgtAPIsBasePath + "/roles?user-store=" + encodeURIComponent(str) + "&limit=100";
            invokerUtil.get(
                getRolesAPI,
                function (data) {
@ -189,10 +188,10 @@ $("#userStore").change(
                    if (data.errorMessage) {
                        $(errorMsg).text("Selected user store prompted an error : " + data.errorMessage);
                        $(errorMsgWrapper).removeClass("hidden");
-                    } else if (data["statusCode"] == 200) {
+                    } else {
                        $("#roles").empty();
-                        for (var i = 0; i < data.responseContent.length; i++) {
-                            var newOption = $('<option value="' + data.responseContent[i] + '">' + data.responseContent[i] + '</option>');
+                        for (var i = 0; i < data.roles.length; i++) {
+                            var newOption = $('<option value="' + data.roles[i] + '">' + data.roles[i] + '</option>');
                            $('#roles').append(newOption);
                        }
                    }
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.edit/public/js/bottomJs.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.edit/public/js/bottomJs.js
@ -236,7 +236,8 @@ $(document).ready(function () {
            }
            addUserFormData.roles = roles;
            username = username.substr(username.indexOf('/') + 1);
-            var addUserAPI = deviceMgtBasePath + "/users/" + username + "?domain=" + domain;
+            var addUserAPI = deviceMgtBasePath + "/users/" + encodeURIComponent(username) + "?domain=" +
+                encodeURIComponent(domain);

            invokerUtil.put(
                addUserAPI,
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.users/public/js/listing.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.users/public/js/listing.js
@ -158,7 +158,7 @@ function resetPassword(username) {
            }
            var resetPasswordServiceURL = apiBasePath + "/admin/users/" + username + "/credentials";
            if (domain) {
-                resetPasswordServiceURL += '?domain=' + domain;
+                resetPasswordServiceURL += '?domain=' + encodeURIComponent(domain);
            }
            invokerUtil.post(
                resetPasswordServiceURL,
@ -198,11 +198,10 @@ function removeUser(username) {
        domain = username.substr(0, username.indexOf('/'));
        username = username.substr(username.indexOf('/') + 1);
    }
-    var removeUserAPI = apiBasePath + "/users/" + username;
+    var removeUserAPI = apiBasePath + "/users/" + encodeURIComponent(username);
    if (domain) {
-        removeUserAPI += '?domain=' + domain;
+        removeUserAPI += '?domain=' + encodeURIComponent(domain);
    }
-
    modalDialog.header("Remove User");
    modalDialog.content("Do you really want to remove this user ?");
    modalDialog.footer('<div class="buttons"> <a href="#" id="remove-user-yes-link" class="btn-operations">Remove</a> ' +
@ -219,10 +218,9 @@ function removeUser(username) {
            function (data, textStatus, jqXHR) {
                if (jqXHR.status == 200) {
                    if (domain) {
-                        $("#user-" + domain + "\\/" + username).remove();
-                    } else {
-                        $("#user-" + username).remove();
+                        username = domain + '/' + username;
                    }
+                    $('[id="user-' + username + '"]').remove();
                    // update modal-content with success message
                    modalDialog.header("User Removed.");
                    modalDialog.content("Done. User was successfully removed.");
@ -338,7 +336,8 @@ function loadUsers() {
            class: "text-right content-fill text-left-on-grid-view no-wrap",
            data: null,
            render: function (data, type, row, meta) {
-                var editbtn = '<a data-toggle="tooltip" data-placement="bottom" title="Edit User"href="' + context + '/user/edit?username=' + data.filter + '" data-username="' + data.filter + '" ' +
+                var editbtn = '<a data-toggle="tooltip" data-placement="bottom" title="Edit User"href="' + context +
+                    '/user/edit?username=' + encodeURIComponent(data.filter) + '" data-username="' + data.filter + '" ' +
                    'data-click-event="edit-form" ' +
                    'class="btn padding-reduce-on-grid-view edit-user-link"> ' +
                    '<span class="fw-stack"> ' +
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit.permission/permission.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit.permission/permission.js
@ -24,14 +24,6 @@
 */
 function onRequest(context) {
    var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
-    var uri = request.getRequestURI();
-    var uriMatcher = new URIMatcher(String(uri));
-    var isMatched = uriMatcher.match("/{context}/role/edit-permission/{rolename}");
-
-    if (isMatched) {
-        var matchedElements = uriMatcher.elements();
-        var roleName = matchedElements.rolename;
-        context["roleName"] = roleName;
-    }
+    context["roleName"] = request.getParameter("rolename");
    return context;
 }
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit.permission/public/js/bottomJs.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit.permission/public/js/bottomJs.js
@ -103,7 +103,15 @@ $(document).ready(function () {
    var listPartialSrc = $("#list-partial").attr("src");
    var treeTemplateSrc = $("#tree-template").attr("src");
    var roleName = $("#permissionList").data("currentrole");
+    var userStore;
+    if (roleName.indexOf('/') > 0) {
+        userStore = roleName.substr(0, roleName.indexOf('/'));
+        roleName = roleName.substr(roleName.indexOf('/') + 1);
+    }
    var serviceUrl = apiBasePath + "/roles/" +encodeURIComponent(roleName)+"/permissions";
+    if (userStore) {
+        serviceUrl += "?user-store=" + encodeURIComponent(userStore);
+    }
    $.registerPartial("list", listPartialSrc, function(){
        $.template("treeTemplate", treeTemplateSrc, function (template) {
            invokerUtil.get(serviceUrl,
@ -146,13 +154,23 @@ $(document).ready(function () {
     */
    $("button#update-permissions-btn").click(function() {
        var roleName = $("#permissionList").data("currentrole");
-        var updateRolePermissionAPI = apiBasePath + "/roles/" + roleName;
+        var userStore;
+        if (roleName.indexOf('/') > 0) {
+            userStore = roleName.substr(0, roleName.indexOf('/'));
+            roleName = roleName.substr(roleName.indexOf('/') + 1);
+        }
+        var updateRolePermissionAPI = apiBasePath + "/roles/" + encodeURIComponent(roleName);
        var updateRolePermissionData = {};
        var perms = [];
        $("#permissionList li input:checked").each(function(){
            perms.push($(this).data("resourcepath"));
        });
-        updateRolePermissionData.roleName = roleName;
+        if (userStore) {
+            updateRolePermissionAPI += "?user-store=" + encodeURIComponent(userStore);
+            updateRolePermissionData.roleName = userStore + "/" + roleName;
+        } else {
+            updateRolePermissionData.roleName = roleName;
+        }
        updateRolePermissionData.permissions = perms;
        invokerUtil.put(
            updateRolePermissionAPI,
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit/edit.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit/edit.js
@ -25,28 +25,29 @@
 function onRequest(context) {
    var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
    var deviceMgtProps = require("/app/modules/conf-reader/main.js")["conf"];
-
    var uri = request.getRequestURI();
-    var uriMatcher = new URIMatcher(String(uri));
-    var isMatched = uriMatcher.match("/{context}/role/edit/{roleName}");
+    var roleName = request.getParameter("rolename");
+    var response;
+    var userStore;

-    if (isMatched) {
-        var matchedElements = uriMatcher.elements();
-        var roleName = matchedElements["roleName"];
-        var response = userModule.getRole(roleName);
-        if (response["status"] == "success") {
-            context["role"] = response["content"];
-        }
-        var userStore;
+    if (roleName) {
        if (roleName.indexOf("/") > -1) {
-            userStore = roleName.substring(0, roleName.indexOf("/"));
+            userStore = roleName.substr(0, roleName.indexOf("/"));
        } else {
            userStore = "PRIMARY";
        }
+        response = userModule.getRole(roleName);
+        if (response["status"] == "success") {
+            context["role"] = response["content"];
+        }
        context["userStore"] = userStore;
        context["roleNameJSRegEx"] = deviceMgtProps["roleValidationConfig"]["roleNameJSRegEx"];
        context["roleNameHelpText"] = deviceMgtProps["roleValidationConfig"]["roleNameHelpMsg"];
        context["roleNameRegExViolationErrorMsg"] = deviceMgtProps["roleValidationConfig"]["roleNameRegExViolationErrorMsg"];
+        roleName = context["role"]["roleName"];
+        if (roleName.indexOf("/") > -1) {
+            context["role"]["roleName"] = roleName.substr(roleName.indexOf("/") + 1);
+        }
        return context;
    } else {
        //TODO: handle error scenario
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit/public/js/bottomJs.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit/public/js/bottomJs.js
@ -1,3 +1,21 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
 /**
 * Checks if provided input is valid against RegEx input.
 *
@ -12,6 +30,7 @@ function inputIsValid(regExp, inputString) {

 var validateInline = {};
 var clearInline = {};
+var domain = $("#domain").val();

 var apiBasePath = "/api/device-mgt/v1.0";

@ -112,7 +131,8 @@ $(document).ready(function () {
            data: function (params) {
                var postData = {};
                postData.actionMethod = "GET";
-                postData.actionUrl = apiBasePath + "/users/search/usernames?filter=" + params.term;
+                postData.actionUrl = apiBasePath + "/users/search/usernames?filter=" + params.term + "&domain=" +
+                    encodeURIComponent(domain);
                postData.actionPayload = null;
                return JSON.stringify(postData);
            },
@ -163,11 +183,11 @@ $(document).ready(function () {
        } else {
            var addRoleFormData = {};
            addRoleFormData.roleName = roleName;
+            var addRoleAPI = apiBasePath + "/roles/" + encodeURIComponent(currentRoleName);
            if (domain != "PRIMARY"){
                addRoleFormData.roleName = domain + "/" + roleName;
+                addRoleAPI = addRoleAPI + "?user-store=" + encodeURIComponent(domain);
            }
-
-            var addRoleAPI = apiBasePath + "/roles/" + currentRoleName;
            invokerUtil.put(
                addRoleAPI,
                addRoleFormData,
@ -196,4 +216,12 @@ $(document).ready(function () {
    $("#rolename").blur(function() {
        validateInline["role-name"]();
    });
+
+    /* When the user store domain value is changed, the users who are assigned to that role should be removed, as
+     user and role can be mapped only if both are in same user store
+     */
+    $("#domain").change(function () {
+        $("#users").select2("val", "");
+        domain = $("#domain").val();
+    });
 });