diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/impl/CertificateManagementAdminServiceImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/impl/CertificateManagementAdminServiceImpl.java index 6d98253f83..d9d074c70b 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/impl/CertificateManagementAdminServiceImpl.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/impl/CertificateManagementAdminServiceImpl.java @@ -3,7 +3,6 @@ package org.wso2.carbon.certificate.mgt.cert.jaxrs.api.impl; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.CertificateManagementAdminService; -import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.UnexpectedServerErrorException; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.CertificateList; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificate; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ErrorResponse; @@ -53,8 +52,8 @@ public class CertificateManagementAdminServiceImpl implements CertificateManagem } catch (KeystoreException e) { String msg = "Error occurred while converting PEM file to X509Certificate."; log.error(msg, e); - throw new UnexpectedServerErrorException( - new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()); + return Response.serverError().entity( + new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()).build(); } } @@ -79,8 +78,8 @@ public class CertificateManagementAdminServiceImpl implements CertificateManagem } catch (CertificateManagementException e) { String msg = "Error occurred while converting PEM file to X509Certificate"; log.error(msg, e); - throw new UnexpectedServerErrorException( - new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()); + return Response.serverError().entity( + new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()).build(); } } @@ -109,8 +108,8 @@ public class CertificateManagementAdminServiceImpl implements CertificateManagem } catch (CertificateManagementException e) { String msg = "Error occurred while fetching all certificates."; log.error(msg, e); - throw new UnexpectedServerErrorException( - new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()); + return Response.serverError().entity( + new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); } } @@ -131,8 +130,9 @@ public class CertificateManagementAdminServiceImpl implements CertificateManagem } catch (CertificateManagementException e) { String msg = "Error occurred while converting PEM file to X509Certificate"; log.error(msg, e); - throw new UnexpectedServerErrorException( - new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()); + return Response.serverError().entity( + new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); } } + } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateManagementDAOFactory.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateManagementDAOFactory.java index 02345c127b..b87a4af218 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateManagementDAOFactory.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/CertificateManagementDAOFactory.java @@ -38,11 +38,16 @@ public class CertificateManagementDAOFactory { private static DataSource dataSource; private static String databaseEngine; private static final Log log = LogFactory.getLog(CertificateManagementDAOFactory.class); - private static ThreadLocal currentConnection = new ThreadLocal(); + private static ThreadLocal currentConnection = new ThreadLocal<>(); + private static ThreadLocal currentTxState = new ThreadLocal<>(); + + private enum TxState { + CONNECTION_NOT_BORROWED, CONNECTION_BORROWED, CONNECTION_CLOSED + } public static CertificateDAO getCertificateDAO() { - return new GenericCertificateDAOImpl(); + return new GenericCertificateDAOImpl(); } public static void init(DataSourceConfig config) { @@ -50,7 +55,7 @@ public class CertificateManagementDAOFactory { try { databaseEngine = dataSource.getConnection().getMetaData().getDatabaseProductName(); } catch (SQLException e) { - log.error( "Error occurred while retrieving config.datasource connection", e); + log.error("Error occurred while retrieving config.datasource connection", e); } } @@ -85,9 +90,11 @@ public class CertificateManagementDAOFactory { log.warn("Error occurred while closing the borrowed connection. " + "Transaction has ended pre-maturely", e1); } + currentTxState.set(TxState.CONNECTION_CLOSED); throw new TransactionManagementException("Error occurred while setting auto-commit to false", e); } currentConnection.set(conn); + currentTxState.set(TxState.CONNECTION_BORROWED); } public static void openConnection() throws SQLException { @@ -97,8 +104,14 @@ public class CertificateManagementDAOFactory { "this particular thread. Therefore, calling 'beginTransaction/openConnection' while another " + "transaction is already active is a sign of improper transaction handling"); } - conn = dataSource.getConnection(); + try { + conn = dataSource.getConnection(); + } catch (SQLException e) { + currentTxState.set(TxState.CONNECTION_NOT_BORROWED); + throw e; + } currentConnection.set(conn); + currentTxState.set(TxState.CONNECTION_BORROWED); } public static Connection getConnection() throws SQLException { @@ -144,6 +157,17 @@ public class CertificateManagementDAOFactory { } public static void closeConnection() { + TxState txState = currentTxState.get(); + if (TxState.CONNECTION_NOT_BORROWED == txState) { + if (log.isDebugEnabled()) { + log.debug("No successful connection appears to have been borrowed to perform the underlying " + + "transaction even though the 'openConnection' method has been called. Therefore, " + + "'closeConnection' method is returning silently"); + } + currentTxState.remove(); + return; + } + Connection conn = currentConnection.get(); if (conn == null) { throw new IllegalTransactionStateException("No connection is associated with the current transaction. " + @@ -156,6 +180,7 @@ public class CertificateManagementDAOFactory { log.warn("Error occurred while close the connection", e); } currentConnection.remove(); + currentTxState.remove(); } @@ -170,14 +195,14 @@ public class CertificateManagementDAOFactory { if (config == null) { throw new RuntimeException( "Device Management Repository data source configuration " + "is null and " + - "thus, is not initialized" + "thus, is not initialized" ); } JNDILookupDefinition jndiConfig = config.getJndiLookupDefinition(); if (jndiConfig != null) { if (log.isDebugEnabled()) { log.debug("Initializing Device Management Repository data source using the JNDI " + - "Lookup Definition"); + "Lookup Definition"); } List jndiPropertyList = jndiConfig.getJndiProperties(); diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/GenericCertificateDAOImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/GenericCertificateDAOImpl.java index 9d1129d067..13543d66b6 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/GenericCertificateDAOImpl.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/GenericCertificateDAOImpl.java @@ -45,6 +45,7 @@ import java.util.ArrayList; import java.util.List; public class GenericCertificateDAOImpl implements CertificateDAO { + private static final Log log = LogFactory.getLog(GenericCertificateDAOImpl.class); @Override @@ -103,7 +104,7 @@ public class GenericCertificateDAOImpl implements CertificateDAO { if (resultSet.next()) { certificateResponse = new CertificateResponse(); - byte [] certificateBytes = resultSet.getBytes("CERTIFICATE"); + byte[] certificateBytes = resultSet.getBytes("CERTIFICATE"); certificateResponse.setCertificate(certificateBytes); certificateResponse.setSerialNumber(resultSet.getString("SERIAL_NUMBER")); certificateResponse.setTenantId(resultSet.getInt("TENANT_ID")); @@ -142,7 +143,7 @@ public class GenericCertificateDAOImpl implements CertificateDAO { while (resultSet.next()) { certificateResponse = new CertificateResponse(); - byte [] certificateBytes = resultSet.getBytes("CERTIFICATE"); + byte[] certificateBytes = resultSet.getBytes("CERTIFICATE"); certificateResponse.setSerialNumber(resultSet.getString("SERIAL_NUMBER")); certificateResponse.setTenantId(resultSet.getInt("TENANT_ID")); certificateResponse.setUsername(resultSet.getString("USERNAME")); @@ -181,7 +182,7 @@ public class GenericCertificateDAOImpl implements CertificateDAO { int resultCount = 0; while (resultSet.next()) { certificateResponse = new CertificateResponse(); - byte [] certificateBytes = resultSet.getBytes("CERTIFICATE"); + byte[] certificateBytes = resultSet.getBytes("CERTIFICATE"); certificateResponse.setSerialNumber(resultSet.getString("SERIAL_NUMBER")); certificateResponse.setTenantId(resultSet.getInt("TENANT_ID")); certificateResponse.setUsername(resultSet.getString("USERNAME")); @@ -193,11 +194,11 @@ public class GenericCertificateDAOImpl implements CertificateDAO { paginationResult.setData(certificates); paginationResult.setRecordsTotal(resultCount); } catch (SQLException e) { - String errorMsg = "SQL error occurred while retrieving the certificates."; + String errorMsg = "SQL error occurred while retrieving the certificates."; log.error(errorMsg, e); throw new CertificateManagementDAOException(errorMsg, e); } finally { - OperationManagementDAOUtil.cleanupResources(stmt, resultSet); + CertificateManagementDAOUtil.cleanupResources(stmt, resultSet); } return paginationResult; } @@ -219,7 +220,7 @@ public class GenericCertificateDAOImpl implements CertificateDAO { while (resultSet.next()) { certificateResponse = new CertificateResponse(); - byte [] certificateBytes = resultSet.getBytes("CERTIFICATE"); + byte[] certificateBytes = resultSet.getBytes("CERTIFICATE"); certificateResponse.setSerialNumber(resultSet.getString("SERIAL_NUMBER")); certificateResponse.setTenantId(resultSet.getInt("TENANT_ID")); certificateResponse.setUsername(resultSet.getString("USERNAME")); @@ -227,11 +228,11 @@ public class GenericCertificateDAOImpl implements CertificateDAO { certificates.add(certificateResponse); } } catch (SQLException e) { - String errorMsg = "SQL error occurred while retrieving the certificates."; + String errorMsg = "SQL error occurred while retrieving the certificates."; log.error(errorMsg, e); throw new CertificateManagementDAOException(errorMsg, e); } finally { - OperationManagementDAOUtil.cleanupResources(stmt, resultSet); + CertificateManagementDAOUtil.cleanupResources(stmt, resultSet); } return certificates; } @@ -246,17 +247,16 @@ public class GenericCertificateDAOImpl implements CertificateDAO { conn = this.getConnection(); String query = "DELETE FROM DM_DEVICE_CERTIFICATE WHERE SERIAL_NUMBER = ?" + - " AND TENANT_ID = ? "; + " AND TENANT_ID = ? "; stmt = conn.prepareStatement(query); stmt.setString(1, serialNumber); stmt.setInt(2, tenantId); return stmt.executeUpdate() > 0; } catch (SQLException e) { - String errorMsg = - "Unable to get the read the certificate with serial" + serialNumber; - log.error(errorMsg, e); - throw new CertificateManagementDAOException(errorMsg, e); + String msg = "Unable to get the read the certificate with serial" + serialNumber; + log.error(msg, e); + throw new CertificateManagementDAOException(msg, e); } finally { CertificateManagementDAOUtil.cleanupResources(stmt, resultSet); } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java index e4332c599f..92bf568dba 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java @@ -308,6 +308,10 @@ public class CertificateGenerator { } public CertificateResponse verifyPEMSignature(X509Certificate requestCertificate) throws KeystoreException { + if (requestCertificate == null) { + throw new IllegalArgumentException("Certificate of which the signature needs to be validated cannot " + + "be null"); + } KeyStoreReader keyStoreReader = new KeyStoreReader(); CertificateResponse lookUpCertificate; diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/test/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGeneratorTests.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/test/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGeneratorTests.java new file mode 100644 index 0000000000..b7e8283ce4 --- /dev/null +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/test/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGeneratorTests.java @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.wso2.carbon.certificate.mgt.core.impl; + +import junit.framework.Assert; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.testng.annotations.Test; +import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException; + +public class CertificateGeneratorTests { + + private static final Log log = LogFactory.getLog(CertificateGeneratorTests.class); + + @Test(expectedExceptions = IllegalArgumentException.class) + public void testVerifyNullPEMSignature() { + CertificateGenerator certGenerator = new CertificateGenerator(); + try { + certGenerator.verifyPEMSignature(null); + } catch (KeystoreException e) { + log.error("Error occurred while verifying PEM signature", e); + Assert.fail(); + } + } + +} diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/test/java/org/wso2/carbon/certificate/mgt/core/impl/KeyGeneratorTests.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/test/java/org/wso2/carbon/certificate/mgt/core/impl/KeyGeneratorTests.java new file mode 100644 index 0000000000..c23043d38f --- /dev/null +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/test/java/org/wso2/carbon/certificate/mgt/core/impl/KeyGeneratorTests.java @@ -0,0 +1,25 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.wso2.carbon.certificate.mgt.core.impl; + +public class KeyGeneratorTests { + + + +} diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/test/resources/testng.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/test/resources/testng.xml index 8d91ced59f..d05fefdb8a 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/test/resources/testng.xml +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/test/resources/testng.xml @@ -5,6 +5,8 @@ + + \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java index dc10c5c776..c9f3d083dc 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java @@ -202,18 +202,13 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori throws DeviceAccessAuthorizationException { //Check for device ownership. If the user is the owner of the device we allow the access. try { - Device device = DeviceManagementDataHolder.getInstance().getDeviceManagementProvider(). - getDevice(deviceIdentifier); - EnrolmentInfo enrolmentInfo = device.getEnrolmentInfo(); - if (enrolmentInfo != null && username.equalsIgnoreCase(enrolmentInfo.getOwner())) { - return true; - } + return DeviceManagementDataHolder.getInstance().getDeviceManagementProvider(). + isEnrolled(deviceIdentifier, username); } catch (DeviceManagementException e) { throw new DeviceAccessAuthorizationException("Unable to authorize the access to device : " + deviceIdentifier.getId() + " for the user : " + username, e); } - return false; } private boolean isAdminUser(String username, int tenantId) throws UserStoreException { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/AbstractDeviceDAOImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/AbstractDeviceDAOImpl.java index 30d177efc2..44bdd5ba45 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/AbstractDeviceDAOImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/AbstractDeviceDAOImpl.java @@ -748,7 +748,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO { ResultSet rs = null; try { conn = this.getConnection(); - String sql = "SELECT ID AS ENROLMENT_ID FROM DM_ENROLMENT WHERE DEVICE_ID = (SELECT d.ID " + + String sql = "SELECT ID AS ENROLMENT_ID FROM DM_ENROLMENT WHERE DEVICE_ID = (SELECT DISTINCT d.ID " + "FROM DM_DEVICE d, DM_DEVICE_TYPE t WHERE d.DEVICE_TYPE_ID = t.ID " + "AND d.DEVICE_IDENTIFICATION = ? AND t.NAME = ? AND d.TENANT_ID = ?) " + "AND STATUS = ? AND TENANT_ID = ?"; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/device/details/mgt/impl/DeviceInformationManagerImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/device/details/mgt/impl/DeviceInformationManagerImpl.java index 62fcd3bf82..127216f27b 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/device/details/mgt/impl/DeviceInformationManagerImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/device/details/mgt/impl/DeviceInformationManagerImpl.java @@ -162,7 +162,6 @@ public class DeviceInformationManagerImpl implements DeviceInformationManager { deviceDetailsDAO.addDeviceLocation(deviceLocation); DeviceManagementDAOFactory.commitTransaction(); } catch (TransactionManagementException e) { - DeviceManagementDAOFactory.rollbackTransaction(); throw new DeviceDetailsMgtException("Transactional error occurred while adding the device location " + "information.", e); } catch (DeviceDetailsMgtDAOException e) { @@ -172,6 +171,7 @@ public class DeviceInformationManagerImpl implements DeviceInformationManager { DeviceManagementDAOFactory.rollbackTransaction(); throw new DeviceDetailsMgtException("Error occurred while getting the device information.", e); } catch (DeviceManagementDAOException e) { + DeviceManagementDAOFactory.rollbackTransaction(); throw new DeviceDetailsMgtException("Error occurred while updating the last updated timestamp of " + "the device", e); } finally { @@ -225,6 +225,8 @@ public class DeviceInformationManagerImpl implements DeviceInformationManager { throw new DeviceDetailsMgtException("SQL error occurred while retrieving device from database.", e); } catch (DeviceDetailsMgtDAOException e) { throw new DeviceDetailsMgtException("Exception occurred while retrieving device locations.", e); + } finally{ + DeviceManagementDAOFactory.closeConnection(); } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/operation/mgt/OperationManagerImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/operation/mgt/OperationManagerImpl.java index d7dd0e5a70..5dbe2870b2 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/operation/mgt/OperationManagerImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/operation/mgt/OperationManagerImpl.java @@ -141,7 +141,6 @@ public class OperationManagerImpl implements OperationManager { } finally { OperationManagementDAOFactory.closeConnection(); } - } private List getAuthorizedDevices( @@ -161,26 +160,6 @@ public class OperationManagerImpl implements OperationManager { return authorizedDeviceList; } - private List getEnrollmentsByStatus( - List deviceIds) throws OperationManagementException { - List enrolments; - int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - try { - DeviceManagementDAOFactory.openConnection(); - enrolments = deviceDAO.getEnrolmentsByStatus(deviceIds, EnrolmentInfo.Status.ACTIVE, tenantId); - } catch (SQLException e) { - throw new OperationManagementException("Error occurred while opening a connection the data " + - "source", e); - } catch (DeviceManagementDAOException e) { - OperationManagementDAOFactory.rollbackTransaction(); - throw new OperationManagementException( - "Error occurred while retrieving enrollments by status", e); - } finally { - DeviceManagementDAOFactory.closeConnection(); - } - return enrolments; - } - private Device getDevice(DeviceIdentifier deviceId) throws OperationManagementException { int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); try { @@ -200,39 +179,19 @@ public class OperationManagerImpl implements OperationManager { @Override public List getOperations(DeviceIdentifier deviceId) throws OperationManagementException { - int enrolmentId; List operations = null; - try { - boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); - if (!isUserAuthorized) { - throw new UnauthorizedDeviceAccessException("User '" + getUser() + "' is not authorized to " + - "fetch operations on device '" + deviceId.getId() + "'"); - } - } catch (DeviceAccessAuthorizationException e) { - throw new OperationManagementException("Error occurred while authorizing access to the devices for user : " + - this.getUser(), e); + + if (!isActionAuthorized(deviceId)) { + throw new OperationManagementException("User '" + getUser() + "' is not authorized to access the '" + + deviceId.getType() + "' device, which carries the identifier '" + deviceId.getId() + "'"); } - try { - DeviceManagementDAOFactory.openConnection(); - int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - enrolmentId = deviceDAO.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE, tenantId); - } catch (DeviceManagementDAOException e) { - throw new OperationManagementException("Error occurred while retrieving metadata of '" + - deviceId.getType() + "' device carrying the identifier '" + - deviceId.getId() + "'"); - } catch (SQLException e) { - throw new OperationManagementException( - "Error occurred while opening a connection to the data source", e); - } finally { - DeviceManagementDAOFactory.closeConnection(); + int enrolmentId = this.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE); + if (enrolmentId < 0) { + return null; } try { - if (enrolmentId < 0) { - return null; - } OperationManagementDAOFactory.openConnection(); List operationList = operationDAO.getOperationsForDevice(enrolmentId); @@ -259,42 +218,22 @@ public class OperationManagerImpl implements OperationManager { public PaginationResult getOperations(DeviceIdentifier deviceId, PaginationRequest request) throws OperationManagementException { PaginationResult paginationResult = null; - int enrolmentId; List operations = new ArrayList<>(); - try { - boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); - if (!isUserAuthorized) { - log.error("User : " + getUser() + " is not authorized to fetch operations on device : " + - deviceId.getId()); - } - } catch (DeviceAccessAuthorizationException e) { - throw new OperationManagementException("Error occurred while authorizing access to the devices for user : " + - this.getUser(), e); + + if (!isActionAuthorized(deviceId)) { + throw new OperationManagementException("User '" + getUser() + "' is not authorized to access the '" + + deviceId.getType() + "' device, which carries the identifier '" + deviceId.getId() + "'"); } - try { - DeviceManagementDAOFactory.openConnection(); - int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - enrolmentId = deviceDAO.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE, tenantId); - } catch (SQLException e) { - throw new OperationManagementException( - "Error occurred while opening a connection to the data source", e); - } catch (DeviceManagementDAOException e) { - throw new OperationManagementException("Error occurred while retrieving metadata of '" + - deviceId.getType() + "' device carrying the identifier '" + - deviceId.getId() + "'"); - } finally { - DeviceManagementDAOFactory.closeConnection(); + int enrolmentId = this.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE); + if (enrolmentId < 0) { + throw new OperationManagementException("Device not found for given device " + + "Identifier:" + deviceId.getId() + " and given type" + + deviceId.getType()); } try { OperationManagementDAOFactory.openConnection(); - if (enrolmentId < 0) { - throw new OperationManagementException("Device not found for given device " + - "Identifier:" + deviceId.getId() + " and given type" + - deviceId.getType()); - } List operationList = operationDAO.getOperationsForDevice(enrolmentId, request); for (org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation dtoOperation : operationList) { @@ -326,43 +265,23 @@ public class OperationManagerImpl implements OperationManager { if (log.isDebugEnabled()) { log.debug("Device identifier id:[" + deviceId.getId() + "] type:[" + deviceId.getType() + "]"); } - int enrolmentId; List operations = new ArrayList<>(); List dtoOperationList = new ArrayList<>(); - try { - boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); - if (!isUserAuthorized) { - log.error("User : " + getUser() + " is not authorized to fetch operations on device : " - + deviceId.getId()); - } - } catch (DeviceAccessAuthorizationException e) { - throw new OperationManagementException("Error occurred while authorizing access to the devices for user :" + - this.getUser(), e); + + if (!isActionAuthorized(deviceId)) { + throw new OperationManagementException("User '" + getUser() + "' is not authorized to access the '" + + deviceId.getType() + "' device, which carries the identifier '" + deviceId.getId() + "'"); } - try { - DeviceManagementDAOFactory.openConnection(); - int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - enrolmentId = deviceDAO.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE, tenantId); - } catch (SQLException e) { - throw new OperationManagementException( - "Error occurred while opening a connection to the data source", e); - } catch (DeviceManagementDAOException e) { - throw new OperationManagementException("Error occurred while retrieving the device " + - "for device Identifier type -'" + deviceId.getType() + - "' and device Id '" + deviceId.getId() + "'", e); - } finally { - DeviceManagementDAOFactory.closeConnection(); + int enrolmentId = this.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE); + if (enrolmentId < 0) { + throw new OperationManagementException("Device not found for the given device Identifier:" + + deviceId.getId() + " and given type:" + + deviceId.getType()); } try { OperationManagementDAOFactory.openConnection(); - if (enrolmentId < 0) { - throw new OperationManagementException("Device not found for the given device Identifier:" + - deviceId.getId() + " and given type:" + - deviceId.getType()); - } dtoOperationList.addAll(commandOperationDAO.getOperationsByDeviceAndStatus( enrolmentId, org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation.Status.PENDING)); dtoOperationList.addAll(configOperationDAO.getOperationsByDeviceAndStatus( @@ -396,41 +315,21 @@ public class OperationManagerImpl implements OperationManager { log.debug("device identifier id:[" + deviceId.getId() + "] type:[" + deviceId.getType() + "]"); } Operation operation = null; - int enrolmentId; - try { - boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); - if (!isUserAuthorized) { - log.error("User : " + getUser() + " is not authorized to fetch operations on device : " - + deviceId.getId()); - } - } catch (DeviceAccessAuthorizationException e) { - throw new OperationManagementException("Error occurred while authorizing access to the devices for user : " + - this.getUser(), e); + + if (!isActionAuthorized(deviceId)) { + throw new OperationManagementException("User '" + getUser() + "' is not authorized to access the '" + + deviceId.getType() + "' device, which carries the identifier '" + deviceId.getId() + "'"); } - try { - DeviceManagementDAOFactory.openConnection(); - int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - enrolmentId = deviceDAO.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE, tenantId); - } catch (DeviceManagementDAOException e) { - throw new OperationManagementException("Error occurred while retrieving the device " + - "for device Identifier type -'" + deviceId.getType() + - "' and device Id '" + deviceId.getId(), e); - } catch (SQLException e) { - throw new OperationManagementException( - "Error occurred while opening a connection to the data source", e); - } finally { - DeviceManagementDAOFactory.closeConnection(); + int enrolmentId = this.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE); + if (enrolmentId < 0) { + throw new OperationManagementException("Device not found for given device " + + "Identifier:" + deviceId.getId() + " and given type" + + deviceId.getType()); } try { OperationManagementDAOFactory.openConnection(); - if (enrolmentId < 0) { - throw new OperationManagementException("Device not found for given device " + - "Identifier:" + deviceId.getId() + " and given type" + - deviceId.getType()); - } org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation dtoOperation = operationDAO. getNextOperation(enrolmentId); if (dtoOperation != null) { @@ -470,35 +369,14 @@ public class OperationManagerImpl implements OperationManager { if (log.isDebugEnabled()) { log.debug("operation Id:" + operationId + " status:" + operation.getStatus()); } - int enrolmentId; - try { - boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); - if (!isUserAuthorized) { - log.error("User : " + getUser() + " is not authorized to update operations on device : " - + deviceId.getId()); - } - } catch (DeviceAccessAuthorizationException e) { - throw new OperationManagementException("Error occurred while authorizing access to the devices for user :" + - this.getUser(), e); - } - try { - DeviceManagementDAOFactory.openConnection(); - int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - enrolmentId = deviceDAO.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE, tenantId); - } catch (SQLException e) { - throw new OperationManagementException("Error occurred while opening a connection to the" + - " data source", e); - } catch (DeviceManagementDAOException e) { - OperationManagementDAOFactory.rollbackTransaction(); - throw new OperationManagementException( - "Error occurred while fetching the device for device identifier: " + deviceId.getId() + - "type:" + deviceId.getType(), e); - } finally { - DeviceManagementDAOFactory.closeConnection(); + if (!isActionAuthorized(deviceId)) { + throw new OperationManagementException("User '" + getUser() + "' is not authorized to access the '" + + deviceId.getType() + "' device, which carries the identifier '" + deviceId.getId() + "'"); } + int enrolmentId = this.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE); + try { OperationManagementDAOFactory.beginTransaction(); boolean isUpdated = false; @@ -547,45 +425,25 @@ public class OperationManagerImpl implements OperationManager { @Override public Operation getOperationByDeviceAndOperationId(DeviceIdentifier deviceId, int operationId) throws OperationManagementException { - int enrolmentId; Operation operation = null; if (log.isDebugEnabled()) { log.debug("Operation Id: " + operationId + " Device Type: " + deviceId.getType() + " Device Identifier: " + deviceId.getId()); } - try { - boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); - if (!isUserAuthorized) { - log.error("User : " + getUser() + " is not authorized to fetch operations on device : " - + deviceId.getId()); - } - } catch (DeviceAccessAuthorizationException e) { - throw new OperationManagementException("Error occurred while authorizing access to the devices for user :" + - this.getUser(), e); + + if (!isActionAuthorized(deviceId)) { + throw new OperationManagementException("User '" + getUser() + "' is not authorized to access the '" + + deviceId.getType() + "' device, which carries the identifier '" + deviceId.getId() + "'"); } - try { - DeviceManagementDAOFactory.openConnection(); - int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - enrolmentId = deviceDAO.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE, tenantId); - } catch (DeviceManagementDAOException e) { - throw new OperationManagementException("Error occurred while retrieving the device " + - "for device Identifier type -'" + deviceId.getType() + - "' and device Id '" + deviceId.getId() + "'", e); - } catch (SQLException e) { - throw new OperationManagementException("Error occurred while opening connection to the data source", - e); - } finally { - DeviceManagementDAOFactory.closeConnection(); + int enrolmentId = this.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE); + if (enrolmentId < 0) { + throw new OperationManagementException("Device not found for given device identifier: " + + deviceId.getId() + " type: " + deviceId.getType()); } try { OperationManagementDAOFactory.openConnection(); - if (enrolmentId < 0) { - throw new OperationManagementException("Device not found for given device identifier: " + - deviceId.getId() + " type: " + deviceId.getType()); - } org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation dtoOperation = operationDAO. getOperationByDeviceAndId(enrolmentId, operationId); if (dtoOperation.getType(). @@ -630,43 +488,21 @@ public class OperationManagerImpl implements OperationManager { DeviceIdentifier deviceId, Operation.Status status) throws OperationManagementException { List operations = new ArrayList<>(); List dtoOperationList = new ArrayList<>(); - int enrolmentId; - try { - boolean isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). - isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); - if (!isUserAuthorized) { - log.info("User : " + getUser() + " is not authorized to fetch operations on device : " - + deviceId.getId()); - } - } catch (DeviceAccessAuthorizationException e) { - throw new OperationManagementException("Error occurred while authorizing access to the devices for user :" + - this.getUser(), e); + + if (!isActionAuthorized(deviceId)) { + throw new OperationManagementException("User '" + getUser() + "' is not authorized to access the '" + + deviceId.getType() + "' device, which carries the identifier '" + deviceId.getId() + "'"); } - try { - DeviceManagementDAOFactory.openConnection(); - int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - enrolmentId = deviceDAO.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE, tenantId); - } catch (DeviceManagementDAOException e) { - throw new OperationManagementException("Error occurred while retrieving the device " + - "for device Identifier type -'" + deviceId.getType() + - "' and device Id '" + deviceId.getId(), e); - } catch (SQLException e) { + int enrolmentId = this.getEnrolmentByStatus(deviceId, EnrolmentInfo.Status.ACTIVE); + if (enrolmentId < 0) { throw new OperationManagementException( - "Error occurred while opening a connection to the data source", e); - } finally { - DeviceManagementDAOFactory.closeConnection(); + "Device not found for device id:" + deviceId.getId() + " " + "type:" + + deviceId.getType()); } try { OperationManagementDAOFactory.openConnection(); - - if (enrolmentId < 0) { - throw new OperationManagementException( - "Device not found for device id:" + deviceId.getId() + " " + "type:" + - deviceId.getType()); - } - org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation.Status dtoOpStatus = org.wso2.carbon.device.mgt.core.dto.operation.mgt.Operation.Status.valueOf(status.toString()); dtoOperationList.addAll(commandOperationDAO.getOperationsByDeviceAndStatus(enrolmentId, dtoOpStatus)); @@ -920,4 +756,36 @@ public class OperationManagerImpl implements OperationManager { return status; } + private boolean isActionAuthorized(DeviceIdentifier deviceId) { + boolean isUserAuthorized; + try { + isUserAuthorized = DeviceManagementDataHolder.getInstance().getDeviceAccessAuthorizationService(). + isUserAuthorized(deviceId, DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS); + } catch (DeviceAccessAuthorizationException e) { + log.error("Error occurred while trying to authorize current user upon the invoked operation", e); + return false; + } + return isUserAuthorized; + } + + private int getEnrolmentByStatus(DeviceIdentifier deviceId, + EnrolmentInfo.Status status) throws OperationManagementException { + int enrolmentId; + try { + DeviceManagementDAOFactory.openConnection(); + int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); + enrolmentId = deviceDAO.getEnrolmentByStatus(deviceId, status, tenantId); + } catch (DeviceManagementDAOException e) { + throw new OperationManagementException("Error occurred while retrieving metadata of '" + + deviceId.getType() + "' device carrying the identifier '" + + deviceId.getId() + "'", e); + } catch (SQLException e) { + throw new OperationManagementException( + "Error occurred while opening a connection to the data source", e); + } finally { + DeviceManagementDAOFactory.closeConnection(); + } + return enrolmentId; + } + } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/data-tables-invoker-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/data-tables-invoker-api.jag index 16aa1a7ed9..e52746e9df 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/data-tables-invoker-api.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/data-tables-invoker-api.jag @@ -23,7 +23,7 @@ var uri = request.getRequestURI(); var uriMatcher = new URIMatcher(String(uri)); var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; -var serviceInvokers = require("/app/modules/backend-service-invoker.js")["backendServiceInvoker"]; +var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; function appendQueryParam (url, queryParam , value) { if (url.indexOf("?") > 0) { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag index 8b1d42b393..1a163d76e4 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag @@ -26,7 +26,7 @@ var deviceModule = require("/app/modules/device.js").deviceModule; var utility = require("/app/modules/utility.js").utility; var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var userModule = require("/app/modules/user.js").userModule; -var serviceInvokers = require("/app/modules/backend-service-invoker.js").backendServiceInvoker; +var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; var user = session.get(constants.USER_SESSION_KEY); var result; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/group-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/group-api.jag index d36efad7e5..d5f9bb2628 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/group-api.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/group-api.jag @@ -24,7 +24,7 @@ var log = new Log("api/device-api.jag"); var constants = require("/app/modules/constants.js"); var utility = require("/app/modules/utility.js").utility; var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; -var serviceInvokers = require("/app/modules/backend-service-invoker.js").backendServiceInvoker; +var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; var user = session.get(constants.USER_SESSION_KEY); var result; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag index fbbaad8d90..6fa133523e 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag @@ -24,7 +24,7 @@ var uriMatcher = new URIMatcher(String(uri)); var constants = require("/app/modules/constants.js"); var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; -var serviceInvokers = require("/app/modules/backend-service-invoker.js")["backendServiceInvoker"]; +var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; if (uriMatcher.match("/{context}/api/invoker/execute/")) { var restAPIRequestDetails = request.getContent(); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/operation-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/operation-api.jag index b961df21a6..46b4595b66 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/operation-api.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/operation-api.jag @@ -22,7 +22,7 @@ var uriMatcher = new URIMatcher(String(uri)); var log = new Log("api/operation-api.jag"); -var serviceInvokers = require("/app/modules/backend-service-invoker.js")["backendServiceInvoker"]; +var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; if (uriMatcher.match("/{context}/api/operation/paginate")) { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/token.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/token.jag index b3302a6659..45210346bb 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/token.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/token.jag @@ -21,7 +21,7 @@ @Deprecated - new */ -// var apiWrapperUtil = require("/app/modules/api-wrapper-util.js").apiWrapperUtil; +// var apiWrapperUtil = require("/app/modules/api-wrapper-util.js")["handlers"]; // var tokenCookie = apiWrapperUtil.refreshToken(); // print(tokenCookie); %> \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag index d472fad051..cab3d3a32f 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag @@ -27,7 +27,7 @@ var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var userModule = require("/app/modules/user.js").userModule; var deviceModule = require("/app/modules/device.js").deviceModule; var utility = require("/app/modules/utility.js").utility; -var apiWrapperUtil = require("/app/modules/api-wrapper-util.js").apiWrapperUtil; +var apiWrapperUtil = require("/app/modules/api-wrapper-util.js")["handlers"]; var util = require("/app/modules/util.js").util; var responseProcessor = require('utils').response; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js index 0db3225031..02df5fb3a1 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js @@ -16,8 +16,15 @@ * under the License. */ -var apiWrapperUtil = function () { - var log = new Log("/app/modules/api-wrapper-util.js"); +/** + * ---------------------------------------------------------------------------- + * Following module includes invokers + * at Jaggery Layer for calling Backend Services, protected by OAuth Tokens. + * These Services include both REST and SOAP Services. + * ---------------------------------------------------------------------------- + */ +var handlers = function () { + var log = new Log("/app/modules/token-handlers.js"); var tokenUtil = require("/app/modules/util.js")["util"]; var constants = require("/app/modules/constants.js"); @@ -28,23 +35,27 @@ var apiWrapperUtil = function () { privateMethods.setUpEncodedTenantBasedClientCredentials = function (username) { if (!username) { - log.error("Could not set up encoded tenant based client credentials " + - "to session context. No username is found as input."); + throw new Error("{/app/modules/token-handlers.js} Could not set up encoded tenant based " + + "client credentials to session context. No username is found as " + + "input - setUpEncodedTenantBasedClientCredentials(x)"); } else { - var dynamicClientCredentials = tokenUtil.getDyanmicClientCredentials(); + var dynamicClientCredentials = tokenUtil.getDynamicClientCredentials(); if (!dynamicClientCredentials) { - log.error("Could not set up encoded tenant based client credentials " + - "to session context as the server is unable to obtain dynamic client credentials."); + throw new Error("{/app/modules/token-handlers.js} Could not set up encoded tenant based " + + "client credentials to session context as the server is unable to obtain " + + "dynamic client credentials - setUpEncodedTenantBasedClientCredentials(x)"); } else { var jwtToken = tokenUtil.getTokenWithJWTGrantType(dynamicClientCredentials); if (!jwtToken) { - log.error("Could not set up encoded tenant based client credentials " + - "to session context as the server is unable to obtain a jwt token."); + throw new Error("{/app/modules/token-handlers.js} Could not set up encoded tenant based " + + "client credentials to session context as the server is unable to obtain " + + "a jwt token - setUpEncodedTenantBasedClientCredentials(x)"); } else { var tenantBasedClientCredentials = tokenUtil.getTenantBasedAppCredentials(username, jwtToken); if (!tenantBasedClientCredentials) { - log.error("Could not set up encoded tenant based client credentials " + - "to session context as the server is unable to obtain such credentials."); + throw new Error("{/app/modules/token-handlers.js} Could not set up encoded tenant " + + "based client credentials to session context as the server is unable " + + "to obtain such credentials - setUpEncodedTenantBasedClientCredentials(x)"); } else { var encodedTenantBasedClientCredentials = tokenUtil.encode(tenantBasedClientCredentials["clientId"] + ":" + @@ -57,34 +68,18 @@ var apiWrapperUtil = function () { } }; - publicMethods.refreshToken = function () { - var accessTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"])); - // accessTokenPair includes current access token as well as current refresh token - var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]); - if (!accessTokenPair || !encodedClientCredentials) { - log.error("Error in refreshing tokens. Either the access token pair, " + - "encoded client credentials or both input are not found under session context."); - } else { - var newAccessTokenPair = tokenUtil.refreshToken(accessTokenPair, encodedClientCredentials); - if (!newAccessTokenPair) { - log.error("Error in refreshing tokens. Unable to update " + - "session context with new access token pair."); - } else { - session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(newAccessTokenPair)); - } - } - }; - publicMethods.setupAccessTokenPairByPasswordGrantType = function (username, password) { if (!username || !password) { - log.error("Could not set up access token pair by password grant type. " + - "Either username, password or both are missing as input."); + throw new Error("{/app/modules/token-handlers.js} Could not set up access token pair by " + + "password grant type. Either username, password or both are missing as " + + "input - setupAccessTokenPairByPasswordGrantType(x, y)"); } else { privateMethods.setUpEncodedTenantBasedClientCredentials(username); var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]); if (!encodedClientCredentials) { - log.error("Could not set up access token pair by password grant type. " + - "Encoded client credentials are missing."); + throw new Error("{/app/modules/token-handlers.js} Could not set up access token pair by " + + "password grant type. Encoded client credentials are " + + "missing - setupAccessTokenPairByPasswordGrantType(x, y)"); } else { var accessTokenPair; // accessTokenPair will include current access token as well as current refresh token @@ -97,7 +92,9 @@ var apiWrapperUtil = function () { getTokenWithPasswordGrantType(username, encodeURIComponent(password), encodedClientCredentials, stringOfScopes); if (!accessTokenPair) { - log.error("Could not set up access token pair by password grant type. Error in token retrieval."); + throw new Error("{/app/modules/token-handlers.js} Could not set up access " + + "token pair by password grant type. Error in token " + + "retrieval - setupAccessTokenPairByPasswordGrantType(x, y)"); } else { // setting up access token pair into session context as a string session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(accessTokenPair)); @@ -108,21 +105,25 @@ var apiWrapperUtil = function () { publicMethods.setupAccessTokenPairBySamlGrantType = function (username, samlToken) { if (!username || !samlToken) { - log.error("Could not set up access token pair by saml grant type. " + - "Either username, samlToken or both are missing as input."); + throw new Error("{/app/modules/token-handlers.js} Could not set up access token pair by " + + "saml grant type. Either username, samlToken or both are missing as " + + "input - setupAccessTokenPairByPasswordGrantType(x, y)"); } else { privateMethods.setUpEncodedTenantBasedClientCredentials(username); var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]); if (!encodedClientCredentials) { - log.error("Could not set up access token pair by saml grant type. " + - "Encoded client credentials are missing."); + throw new Error("{/app/modules/token-handlers.js} Could not set up access token pair " + + "by saml grant type. Encoded client credentials are " + + "missing - setupAccessTokenPairByPasswordGrantType(x, y)"); } else { var accessTokenPair; // accessTokenPair will include current access token as well as current refresh token accessTokenPair = tokenUtil. getTokenWithSAMLGrantType(samlToken, encodedClientCredentials, "PRODUCTION"); if (!accessTokenPair) { - log.error("Could not set up access token pair by password grant type. Error in token retrieval."); + throw new Error("{/app/modules/token-handlers.js} Could not set up access token " + + "pair by password grant type. Error in token " + + "retrieval - setupAccessTokenPairByPasswordGrantType(x, y)"); } else { // setting up access token pair into session context as a string session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(accessTokenPair)); @@ -131,5 +132,24 @@ var apiWrapperUtil = function () { } }; + publicMethods.refreshToken = function () { + var accessTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"])); + // accessTokenPair includes current access token as well as current refresh token + var encodedClientCredentials = session.get(constants["ENCODED_CLIENT_KEYS_IDENTIFIER"]); + if (!accessTokenPair || !encodedClientCredentials) { + throw new Error("{/app/modules/token-handlers.js} Error in refreshing tokens. Either the access " + + "token pair, encoded client credentials or both input are not found under " + + "session context - refreshToken()"); + } else { + var newAccessTokenPair = tokenUtil.refreshToken(accessTokenPair, encodedClientCredentials); + if (!newAccessTokenPair) { + log.error("{/app/modules/token-handlers.js} Error in refreshing tokens. Unable to update " + + "session context with new access token pair - refreshToken()"); + } else { + session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"], stringify(newAccessTokenPair)); + } + } + }; + return publicMethods; }(); \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/backend-service-invoker.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/backend-service-invoker.js index e93fe88aaa..5fd0277d5d 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/backend-service-invoker.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/backend-service-invoker.js @@ -17,9 +17,13 @@ */ /** - * This backendServiceInvoker contains the wrappers for back end jaggery calls. + * ---------------------------------------------------------------------------- + * Following module includes invokers + * at Jaggery Layer for calling Backend Services, protected by OAuth Tokens. + * These Services include both REST and SOAP Services. + * ---------------------------------------------------------------------------- */ -var backendServiceInvoker = function () { +var invokers = function () { var log = new Log("/app/modules/backend-service-invoker.js"); var publicXMLHTTPInvokers = {}; @@ -34,7 +38,7 @@ var backendServiceInvoker = function () { var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var constants = require("/app/modules/constants.js"); var userModule = require("/app/modules/user.js")["userModule"]; - var tokenUtil = require("/app/modules/api-wrapper-util.js")["apiWrapperUtil"]; + var tokenUtil = require("/app/modules/api-wrapper-util.js")["handlers"]; /** * This method reads the token pair from the session and return the access token. @@ -43,7 +47,7 @@ var backendServiceInvoker = function () { privateMethods.getAccessToken = function () { var tokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER"])); if (tokenPair) { - return tokenPair.accessToken; + return tokenPair["accessToken"]; } else { return null; } @@ -78,7 +82,7 @@ var backendServiceInvoker = function () { }); } else { xmlHttpRequest. - setRequestHeader(constants["AUTHORIZATION_HEADER"], constants["BEARER_PREFIX"] + accessToken); + setRequestHeader(constants["AUTHORIZATION_HEADER"], constants["BEARER_PREFIX"] + accessToken); } } @@ -307,7 +311,7 @@ var backendServiceInvoker = function () { publicHTTPClientInvokers.get = function (url, successCallback, errorCallback) { var requestPayload = null; return privateMethods. - initiateHTTPClientRequest(constants["HTTP_GET"], url, successCallback, errorCallback, requestPayload); + initiateHTTPClientRequest(constants["HTTP_GET"], url, successCallback, errorCallback, requestPayload); }; /** @@ -319,7 +323,7 @@ var backendServiceInvoker = function () { */ publicHTTPClientInvokers.post = function (url, payload, successCallback, errorCallback) { return privateMethods. - initiateHTTPClientRequest(constants["HTTP_POST"], url, successCallback, errorCallback, payload); + initiateHTTPClientRequest(constants["HTTP_POST"], url, successCallback, errorCallback, payload); }; /** @@ -331,7 +335,7 @@ var backendServiceInvoker = function () { */ publicHTTPClientInvokers.put = function (url, payload, successCallback, errorCallback) { return privateMethods. - initiateHTTPClientRequest(constants["HTTP_PUT"], url, successCallback, errorCallback, payload); + initiateHTTPClientRequest(constants["HTTP_PUT"], url, successCallback, errorCallback, payload); }; /** @@ -343,7 +347,7 @@ var backendServiceInvoker = function () { publicHTTPClientInvokers.delete = function (url, successCallback, errorCallback) { var requestPayload = null; return privateMethods. - initiateHTTPClientRequest(constants["HTTP_DELETE"], url, successCallback, errorCallback, requestPayload); + initiateHTTPClientRequest(constants["HTTP_DELETE"], url, successCallback, errorCallback, requestPayload); }; var publicMethods = {}; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/device.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/device.js index 1cd0c5e445..464093343d 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/device.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/device.js @@ -23,7 +23,7 @@ deviceModule = function () { var utility = require('/app/modules/utility.js').utility; var constants = require('/app/modules/constants.js'); var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; - var serviceInvokers = require("/app/modules/backend-service-invoker.js").backendServiceInvoker; + var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; var ArrayList = Packages.java.util.ArrayList; var Properties = Packages.java.util.Properties; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/group.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/group.js index da664859b5..61bfe9f4b7 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/group.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/group.js @@ -24,7 +24,7 @@ var groupModule = {}; var constants = require('/app/modules/constants.js'); var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; var utility = require("/app/modules/utility.js").utility; - var serviceInvokers = require("/app/modules/backend-service-invoker.js").backendServiceInvoker; + var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; var groupServiceEndpoint = devicemgtProps["httpsURL"] + constants.ADMIN_SERVICE_CONTEXT + "/groups"; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js index eeeb81ba5e..429a6b9c1c 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js @@ -24,7 +24,7 @@ var onFail; var constants = require("/app/modules/constants.js"); onSuccess = function (context) { var utility = require("/app/modules/utility.js").utility; - var apiWrapperUtil = require("/app/modules/api-wrapper-util.js").apiWrapperUtil; + var apiWrapperUtil = require("/app/modules/api-wrapper-util.js")["handlers"]; if (context.input.samlToken) { apiWrapperUtil.setupAccessTokenPairBySamlGrantType(context.input.username, context.input.samlToken); } else { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/operation.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/operation.js index 447c386812..981a58f5ce 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/operation.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/operation.js @@ -21,7 +21,7 @@ var operationModule = function () { var utility = require('/app/modules/utility.js').utility; var constants = require('/app/modules/constants.js'); var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; - var serviceInvokers = require("/app/modules/backend-service-invoker.js").backendServiceInvoker; + var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];; var publicMethods = {}; var privateMethods = {}; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/policy.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/policy.js index e4b143dee3..a46ce90b7c 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/policy.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/policy.js @@ -26,7 +26,7 @@ policyModule = function () { var constants = require('/app/modules/constants.js'); var utility = require("/app/modules/utility.js")["utility"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; - var serviceInvokers = require("/app/modules/backend-service-invoker.js").backendServiceInvoker; + var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; var publicMethods = {}; var privateMethods = {}; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/serverAddress.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/serverAddress.js index f7969dc2f7..7f8ec0aa76 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/serverAddress.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/serverAddress.js @@ -16,55 +16,59 @@ * under the License. */ -var serverAddress = function () { - var log = new Log("serverAddress.js"); - var process = require("process"), - host = process.getProperty('server.host'), - ip = process.getProperty('carbon.local.ip'); - var publicMethods = {}; - publicMethods.getHTTPSAddress = function () { - var port = process.getProperty('mgt.transport.https.proxyPort'); - if (!port) { - port = process.getProperty('mgt.transport.https.port'); - } - if (host === "localhost") { - return "https://" + ip + ":" + port; - } else { - return "https://" + host + ":" + port; - } - }; - publicMethods.getHPPTAddress = function () { - var port = process.getProperty('mgt.transport.http.proxyPort'); - if (!port) { - port = process.getProperty('mgt.transport.http.port'); - } - if (host === "localhost") { - return "http://" + ip + ":" + port; - } else { - return "http://" + host + ":" + port; - } - }; - publicMethods.getWSSAddress = function () { - var port = process.getProperty('mgt.transport.https.proxyPort'); - if (!port) { - port = process.getProperty('mgt.transport.https.port'); - } - if (host === "localhost") { - return "wss://" + ip + ":" + port; - } else { - return "wss://" + host + ":" + port; - } - }; - publicMethods.getWSAddress = function () { - var port = process.getProperty('mgt.transport.http.proxyPort'); - if (!port) { - port = process.getProperty('mgt.transport.http.port'); - } - if (host === "localhost") { - return "ws://" + ip + ":" + port; - } else { - return "ws://" + host + ":" + port; - } - }; - return publicMethods; -}(); \ No newline at end of file +/* + @Deprecated - new + */ + +//var serverAddress = function () { +// var log = new Log("serverAddress.js"); +// var process = require("process"), +// host = process.getProperty('server.host'), +// ip = process.getProperty('carbon.local.ip'); +// var publicMethods = {}; +// publicMethods.getHTTPSAddress = function () { +// var port = process.getProperty('mgt.transport.https.proxyPort'); +// if (!port) { +// port = process.getProperty('mgt.transport.https.port'); +// } +// if (host === "localhost") { +// return "https://" + ip + ":" + port; +// } else { +// return "https://" + host + ":" + port; +// } +// }; +// publicMethods.getHPPTAddress = function () { +// var port = process.getProperty('mgt.transport.http.proxyPort'); +// if (!port) { +// port = process.getProperty('mgt.transport.http.port'); +// } +// if (host === "localhost") { +// return "http://" + ip + ":" + port; +// } else { +// return "http://" + host + ":" + port; +// } +// }; +// publicMethods.getWSSAddress = function () { +// var port = process.getProperty('mgt.transport.https.proxyPort'); +// if (!port) { +// port = process.getProperty('mgt.transport.https.port'); +// } +// if (host === "localhost") { +// return "wss://" + ip + ":" + port; +// } else { +// return "wss://" + host + ":" + port; +// } +// }; +// publicMethods.getWSAddress = function () { +// var port = process.getProperty('mgt.transport.http.proxyPort'); +// if (!port) { +// port = process.getProperty('mgt.transport.http.port'); +// } +// if (host === "localhost") { +// return "ws://" + ip + ":" + port; +// } else { +// return "ws://" + host + ":" + port; +// } +// }; +// return publicMethods; +//}(); \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/user.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/user.js index cea0e38c40..b2c840aae8 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/user.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/user.js @@ -25,7 +25,7 @@ var userModule = function () { var constants = require("/app/modules/constants.js"); var utility = require("/app/modules/utility.js")["utility"]; var devicemgtProps = require("/app/conf/reader/main.js")["conf"]; - var serviceInvokers = require("/app/modules/backend-service-invoker.js")["backendServiceInvoker"]; + var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"]; /* Initializing user manager */ var carbon = require("carbon"); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/util.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/util.js index 921850ca64..d1afc795d3 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/util.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/util.js @@ -27,7 +27,7 @@ var util = function () { var adminUser = devicemgtProps["adminUser"]; var clientName = devicemgtProps["clientName"]; - module.getDyanmicCredentials = function (owner) { + module.getDynamicClientCredentials = function () { var payload = { "callbackUrl": devicemgtProps.callBackUrl, "clientName": clientName, diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.dashboard/dashboard.hbs b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.dashboard/dashboard.hbs index 012b6df8c0..07f970ec6e 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.dashboard/dashboard.hbs +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.dashboard/dashboard.hbs @@ -16,12 +16,11 @@ under the License. }} {{unit "cdmf.unit.ui.title" pageTitle="Dashboard"}} -{{unit "cdmf.unit.ui.content.title" pageHeader="Dashboard"}} {{#zone "breadcrumbs"}}
  • - + Dashboard
    • {{/zone}} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.lib.qrcode/qrcode.hbs b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.lib.qrcode/qrcode.hbs index 4a5b9a3cb9..30912b71d4 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.lib.qrcode/qrcode.hbs +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.lib.qrcode/qrcode.hbs @@ -16,8 +16,8 @@ under the License. }} {{#zone "bottomJs"}} - {{js "js/jquery.qrcode.min.js"}} - + + {{/zone}} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/nav-menu.hbs b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/nav-menu.hbs index 181056757f..4aa6a9fdb0 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/nav-menu.hbs +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/nav-menu.hbs @@ -30,13 +30,22 @@ {{/if}} - {{#if permissions.LIST_OWN_DEVICES}} + {{#if permissions.LIST_DEVICES_ADMIN}}
  • Device Management
    • + {{else}} + {{#if permissions.LIST_OWN_DEVICES}} +
  • + + + Device Management + +
    • + {{/if}} {{/if}} {{#if permissions.LIST_GROUPS}}
  • @@ -46,35 +55,63 @@
    • {{/if}} - {{#if permissions.ADD_USER}} -
  • - - - User Management - -
    • - {{/if}} - {{#if permissions.ADD_ROLE}} -
  • - - - Role Management - -
    • - {{/if}} - {{#if permissions.ADD_POLICY}} -
  • - - - Policy Management - -
    • +
  • User Management +
      + {{#if permissions.LIST_USERS}} +
    • Users
      • + {{/if}} + + {{#if permissions.LIST_ROLES}} +
    • Roles
      • + {{/if}} +
    +
    • + {{#if permissions.LIST_POLICIES}} +
  • Policy Management
    • {{/if}} - {{#if permissions.TENANT_CONFIGURATION}} -
  • - - Platform Configurations +
  • Configuration Management + +
    • +{{/zone}} + +{{#zone "navbarCollapsableRightItems"}} + +{{/zone}} +{{#zone "sidePanes"}} + +{{/zone}} +{{#zone "bottomJs"}} + + {{js "js/nav-menu.js"}} +{{/zone}} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/nav-menu.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/nav-menu.js index 9252003263..89213cf587 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/nav-menu.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/nav-menu.js @@ -1,28 +1,56 @@ /* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ function onRequest(context) { - var userModule = require("/app/modules/user.js").userModule; + context.handlebars.registerHelper('equal', function (lvalue, rvalue, options) { + if (arguments.length < 3) { + throw new Error("Handlebars Helper equal needs 2 parameters"); + } + if (lvalue != rvalue) { + return options.inverse(this); + } else { + return options.fn(this); + } + }); + var userModule = require("/app/modules/user.js")["userModule"]; + var mdmProps = require('/app/conf/reader/main.js')["conf"]; var constants = require("/app/modules/constants.js"); - var carbonUser = session.get(constants.USER_SESSION_KEY); - var page_data = {}; - if (carbonUser){ - page_data.permissions = userModule.getUIPermissions(); - } - return page_data; + var uiPermissions = userModule.getUIPermissions(); + context["permissions"] = uiPermissions; + + var links = { + "user-mgt": [], + "role-mgt": [], + "policy-mgt": [], + "device-mgt": [] + }; + + // following context.link value comes here based on the value passed at the point + // where units are attached to a page zone. + // eg: {{unit "appbar" pageLink="users" title="User Management"}} + context["currentActions"] = links[context["pageLink"]]; + context["enrollmentURL"] = mdmProps["generalConfig"]["host"] + mdmProps["enrollmentDir"]; + var isAuthorizedForNotifications = + userModule.isAuthorized("/permission/admin/device-mgt/emm-admin/notifications/view"); + var currentUser = session.get(constants["USER_SESSION_KEY"]); + context["isAuthorizedForNotifications"] = isAuthorizedForNotifications; + context["currentUser"] = currentUser; + context["appContext"] = mdmProps["appContext"]; + + return context; } \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/public/js/jquery.qrcode.min.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/public/js/jquery.qrcode.min.js new file mode 100755 index 0000000000..2a169909b2 --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/public/js/jquery.qrcode.min.js @@ -0,0 +1,47 @@ +//--------------------------------------------------------------------- +// QRCode for JavaScript +// +// Copyright (c) 2009 Kazuhiko Arase +// +// URL: http://www.d-project.com/ +// +// Licensed under the MIT license: +// http://www.opensource.org/licenses/mit-license.php +// +// The word "QR Code" is registered trademark of +// DENSO WAVE INCORPORATED +// http://www.denso-wave.com/qrcode/faqpatent-e.html +// +//--------------------------------------------------------------------- + +//--------------------------------------------------------------------- +// QR8bitByte +//--------------------------------------------------------------------- +(function(r){r.fn.qrcode=function(h){var s;function u(a){this.mode=s;this.data=a}function o(a,c){this.typeNumber=a;this.errorCorrectLevel=c;this.modules=null;this.moduleCount=0;this.dataCache=null;this.dataList=[]}function q(a,c){if(void 0==a.length)throw Error(a.length+"/"+c);for(var d=0;da||this.moduleCount<=a||0>c||this.moduleCount<=c)throw Error(a+","+c);return this.modules[a][c]},getModuleCount:function(){return this.moduleCount},make:function(){if(1>this.typeNumber){for(var a=1,a=1;40>a;a++){for(var c=p.getRSBlocks(a,this.errorCorrectLevel),d=new t,b=0,e=0;e=d;d++)if(!(-1>=a+d||this.moduleCount<=a+d))for(var b=-1;7>=b;b++)-1>=c+b||this.moduleCount<=c+b||(this.modules[a+d][c+b]= + 0<=d&&6>=d&&(0==b||6==b)||0<=b&&6>=b&&(0==d||6==d)||2<=d&&4>=d&&2<=b&&4>=b?!0:!1)},getBestMaskPattern:function(){for(var a=0,c=0,d=0;8>d;d++){this.makeImpl(!0,d);var b=j.getLostPoint(this);if(0==d||a>b)a=b,c=d}return c},createMovieClip:function(a,c,d){a=a.createEmptyMovieClip(c,d);this.make();for(c=0;c=f;f++)for(var i=-2;2>=i;i++)this.modules[b+f][e+i]=-2==f||2==f||-2==i||2==i||0==f&&0==i?!0:!1}},setupTypeNumber:function(a){for(var c= + j.getBCHTypeNumber(this.typeNumber),d=0;18>d;d++){var b=!a&&1==(c>>d&1);this.modules[Math.floor(d/3)][d%3+this.moduleCount-8-3]=b}for(d=0;18>d;d++)b=!a&&1==(c>>d&1),this.modules[d%3+this.moduleCount-8-3][Math.floor(d/3)]=b},setupTypeInfo:function(a,c){for(var d=j.getBCHTypeInfo(this.errorCorrectLevel<<3|c),b=0;15>b;b++){var e=!a&&1==(d>>b&1);6>b?this.modules[b][8]=e:8>b?this.modules[b+1][8]=e:this.modules[this.moduleCount-15+b][8]=e}for(b=0;15>b;b++)e=!a&&1==(d>>b&1),8>b?this.modules[8][this.moduleCount- + b-1]=e:9>b?this.modules[8][15-b-1+1]=e:this.modules[8][15-b-1]=e;this.modules[this.moduleCount-8][8]=!a},mapData:function(a,c){for(var d=-1,b=this.moduleCount-1,e=7,f=0,i=this.moduleCount-1;0g;g++)if(null==this.modules[b][i-g]){var n=!1;f>>e&1));j.getMask(c,b,i-g)&&(n=!n);this.modules[b][i-g]=n;e--; -1==e&&(f++,e=7)}b+=d;if(0>b||this.moduleCount<=b){b-=d;d=-d;break}}}};o.PAD0=236;o.PAD1=17;o.createData=function(a,c,d){for(var c=p.getRSBlocks(a, + c),b=new t,e=0;e8*a)throw Error("code length overflow. ("+b.getLengthInBits()+">"+8*a+")");for(b.getLengthInBits()+4<=8*a&&b.put(0,4);0!=b.getLengthInBits()%8;)b.putBit(!1);for(;!(b.getLengthInBits()>=8*a);){b.put(o.PAD0,8);if(b.getLengthInBits()>=8*a)break;b.put(o.PAD1,8)}return o.createBytes(b,c)};o.createBytes=function(a,c){for(var d= + 0,b=0,e=0,f=Array(c.length),i=Array(c.length),g=0;g>>=1;return c},getPatternPosition:function(a){return j.PATTERN_POSITION_TABLE[a-1]},getMask:function(a,c,d){switch(a){case 0:return 0==(c+d)%2;case 1:return 0==c%2;case 2:return 0==d%3;case 3:return 0==(c+d)%3;case 4:return 0==(Math.floor(c/2)+Math.floor(d/3))%2;case 5:return 0==c*d%2+c*d%3;case 6:return 0==(c*d%2+c*d%3)%2;case 7:return 0==(c*d%3+(c+d)%2)%2;default:throw Error("bad maskPattern:"+ +a);}},getErrorCorrectPolynomial:function(a){for(var c=new q([1],0),d=0;dc)switch(a){case 1:return 10;case 2:return 9;case s:return 8;case 8:return 8;default:throw Error("mode:"+a);}else if(27>c)switch(a){case 1:return 12;case 2:return 11;case s:return 16;case 8:return 10;default:throw Error("mode:"+a);}else if(41>c)switch(a){case 1:return 14;case 2:return 13;case s:return 16;case 8:return 12;default:throw Error("mode:"+ +a);}else throw Error("type:"+c);},getLostPoint:function(a){for(var c=a.getModuleCount(),d=0,b=0;b=g;g++)if(!(0>b+g||c<=b+g))for(var h=-1;1>=h;h++)0>e+h||c<=e+h||0==g&&0==h||i==a.isDark(b+g,e+h)&&f++;5a)throw Error("glog("+a+")");return l.LOG_TABLE[a]},gexp:function(a){for(;0>a;)a+=255;for(;256<=a;)a-=255;return l.EXP_TABLE[a]},EXP_TABLE:Array(256), + LOG_TABLE:Array(256)},m=0;8>m;m++)l.EXP_TABLE[m]=1<m;m++)l.EXP_TABLE[m]=l.EXP_TABLE[m-4]^l.EXP_TABLE[m-5]^l.EXP_TABLE[m-6]^l.EXP_TABLE[m-8];for(m=0;255>m;m++)l.LOG_TABLE[l.EXP_TABLE[m]]=m;q.prototype={get:function(a){return this.num[a]},getLength:function(){return this.num.length},multiply:function(a){for(var c=Array(this.getLength()+a.getLength()-1),d=0;d + this.getLength()-a.getLength())return this;for(var c=l.glog(this.get(0))-l.glog(a.get(0)),d=Array(this.getLength()),b=0;b>>7-a%8&1)},put:function(a,c){for(var d=0;d>>c-d-1&1))},getLengthInBits:function(){return this.length},putBit:function(a){var c=Math.floor(this.length/8);this.buffer.length<=c&&this.buffer.push(0);a&&(this.buffer[c]|=128>>>this.length%8);this.length++}};"string"===typeof h&&(h={text:h});h=r.extend({},{render:"canvas",width:256,height:256,typeNumber:-1, + correctLevel:2,background:"#ffffff",foreground:"#000000"},h);return this.each(function(){var a;if("canvas"==h.render){a=new o(h.typeNumber,h.correctLevel);a.addData(h.text);a.make();var c=document.createElement("canvas");c.width=h.width;c.height=h.height;for(var d=c.getContext("2d"),b=h.width/a.getModuleCount(),e=h.height/a.getModuleCount(),f=0;f").css("width",h.width+"px").css("height",h.height+"px").css("border","0px").css("border-collapse","collapse").css("background-color",h.background);d=h.width/a.getModuleCount();b=h.height/a.getModuleCount();for(e=0;e").css("height",b+"px").appendTo(c);for(i=0;i").css("width", + d+"px").css("background-color",a.isDark(e,i)?h.foreground:h.background).appendTo(f)}}a=c;jQuery(a).appendTo(this)})}})(jQuery); \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/public/js/nav-menu.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/public/js/nav-menu.js new file mode 100644 index 0000000000..c15f80b268 --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/public/js/nav-menu.js @@ -0,0 +1,351 @@ +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +var modalPopup = ".wr-modalpopup", + modalPopupContainer = modalPopup + " .modalpopup-container", + modalPopupContent = modalPopup + " .modalpopup-content"; + +var emmAdminBasePath = "/api/device-mgt/v1.0"; + +/* + * set popup maximum height function. + */ +function setPopupMaxHeight() { + var maxHeight = "max-height"; + var marginTop = "margin-top"; + var body = "body"; + $(modalPopupContent).css(maxHeight, ($(body).height() - ($(body).height() / 100 * 30))); + $(modalPopupContainer).css(marginTop, (-($(modalPopupContainer).height() / 2))); +} + +/* + * show popup function. + */ +function showPopup() { + $(modalPopup).show(); + setPopupMaxHeight(); +} + +/* + * hide popup function. + */ +function hidePopup() { + $(modalPopupContent).html(""); + $(modalPopupContent).removeClass("operation-data"); + $(modalPopup).hide(); +} + +var updateNotificationCount = function (data, textStatus, jqXHR) { + if (jqXHR.status == 200 && data) { + var responsePayload = JSON.parse(data); + var newNotificationsCount = responsePayload.count; + if (newNotificationsCount > 0) { + $("#notification-bubble").html(newNotificationsCount); + } +// } else { +// $("#notification-bubble").html("Error"); +// } + } +}; + +function loadNotificationsPanel() { + if ("true" == $("#right-sidebar").attr("is-authorized")) { + var serviceURL = emmAdminBasePath + "/notifications?status=NEW"; + invokerUtil.get(serviceURL, updateNotificationCount, hideNotificationCount); + loadNewNotifications(); + } else { + $("#notification-bubble-wrapper").remove(); + } +} + +function hideNotificationCount(jqXHR) { + if (jqXHR.status == 404) { + // this means "no new notifications to show" + $("#notification-bubble").hide(); + } else { + $("#notification-bubble").html("Error"); + } +} + +function loadNewNotifications() { + var messageSideBar = ".sidebar-messages"; + if ($("#right-sidebar").attr("is-authorized") == "true") { + var notifications = $("#notifications"); + var currentUser = notifications.data("currentUser"); + + $.template("notification-listing", notifications.attr("src"), function (template) { + var serviceURL = emmAdminBasePath + "/notifications?status=NEW"; + + var successCallback = function (data, textStatus, jqXHR) { + if (jqXHR.status == 200 && data) { + var viewModel = {}; + var responsePayload = JSON.parse(data); + + if (responsePayload.notifications) { + viewModel.notifications = responsePayload.notifications; + if (responsePayload.count > 0) { + $(messageSideBar).html(template(viewModel)); + } else { + $(messageSideBar).html("

    No new notifications found...

    "); + } + } else { + $(messageSideBar).html("

    Unexpected error occurred while loading new notifications.

    "); + } + } + }; + var errorCallback = function (jqXHR) { + if (jqXHR.status = 500) { + $(messageSideBar).html("

    Unexpected error occurred while trying " + + "to retrieve any new notifications.

    "); + } + }; + invokerUtil.get(serviceURL, successCallback, errorCallback); + }); + } else { + $(messageSideBar).html("

    You are not authorized to view notifications

    "); + } +} + +/** + * Toggle function for + * notification listing sidebar. + * @return {Null} + */ +$.sidebar_toggle = function (action, target, container) { + var elem = '[data-toggle=sidebar]', + button, + containerOffsetLeft, + containerOffsetRight, + targetOffsetLeft, + targetOffsetRight, + targetWidth, + targetSide, + relationship, + pushType, + buttonParent; + + var sidebar_window = { + update: function (target, container, button) { + containerOffsetLeft = $(container).data('offset-left') ? $(container).data('offset-left') : 0; + containerOffsetRight = $(container).data('offset-right') ? $(container).data('offset-right') : 0; + targetOffsetLeft = $(target).data('offset-left') ? $(target).data('offset-left') : 0; + targetOffsetRight = $(target).data('offset-right') ? $(target).data('offset-right') : 0; + targetWidth = $(target).data('width'); + targetSide = $(target).data("side"); + pushType = $(container).parent().is('body') == true ? 'padding' : 'margin'; + + if (button !== undefined) { + relationship = button.attr('rel') ? button.attr('rel') : ''; + buttonParent = $(button).parent(); + } + }, + + show: function () { + if ($(target).data('sidebar-fixed') == true) { + $(target).height($(window).height() - $(target).data('fixed-offset')); + } + $(target).trigger('show.sidebar'); + if (targetWidth !== undefined) { + $(target).css('width', targetWidth); + } + $(target).addClass('toggled'); + if (button !== undefined) { + if (relationship !== '') { + // Removing active class from all relative buttons + $(elem + '[rel=' + relationship + ']:not([data-handle=close])').removeClass("active"); + $(elem + '[rel=' + relationship + ']:not([data-handle=close])').attr('aria-expanded', 'false'); + } + // Adding active class to button + if (button.attr('data-handle') !== 'close') { + button.addClass("active"); + button.attr('aria-expanded', 'true'); + } + if (buttonParent.is('li')) { + if (relationship !== '') { + $(elem + '[rel=' + relationship + ']:not([data-handle=close])').parent().removeClass("active"); + $(elem + '[rel=' + relationship + ']:not([data-handle=close])').parent(). + attr('aria-expanded', 'false'); + } + buttonParent.addClass("active"); + buttonParent.attr('aria-expanded', 'true'); + } + } + // Sidebar open function + if (targetSide == 'left') { + if ((button !== undefined) && (button.attr('data-container-divide'))) { + $(container).css(pushType + '-' + targetSide, targetWidth + targetOffsetLeft); + } + $(target).css(targetSide, targetOffsetLeft); + } else if (targetSide == 'right') { + if ((button !== undefined) && (button.attr('data-container-divide'))) { + $(container).css(pushType + '-' + targetSide, targetWidth + targetOffsetRight); + } + $(target).css(targetSide, targetOffsetRight); + } + $(target).trigger('shown.sidebar'); + }, + + hide: function () { + $(target).trigger('hide.sidebar'); + $(target).removeClass('toggled'); + if (button !== undefined) { + if (relationship !== '') { + // Removing active class from all relative buttons + $(elem + '[rel=' + relationship + ']:not([data-handle=close])').removeClass("active"); + $(elem + '[rel=' + relationship + ']:not([data-handle=close])').attr('aria-expanded', 'false'); + } + // Removing active class from button + if (button.attr('data-handle') !== 'close') { + button.removeClass("active"); + button.attr('aria-expanded', 'false'); + } + if ($(button).parent().is('li')) { + if (relationship !== '') { + $(elem + '[rel=' + relationship + ']:not([data-handle=close])').parent().removeClass("active"); + $(elem + '[rel=' + relationship + ']:not([data-handle=close])').parent(). + attr('aria-expanded', 'false'); + } + } + } + // Sidebar close function + if (targetSide == 'left') { + if ((button !== undefined) && (button.attr('data-container-divide'))) { + $(container).css(pushType + '-' + targetSide, targetOffsetLeft); + } + $(target).css(targetSide, -Math.abs(targetWidth + targetOffsetLeft)); + } else if (targetSide == 'right') { + if ((button !== undefined) && (button.attr('data-container-divide'))) { + $(container).css(pushType + '-' + targetSide, targetOffsetRight); + } + $(target).css(targetSide, -Math.abs(targetWidth + targetOffsetRight)); + } + $(target).trigger('hidden.sidebar'); + } + }; + if (action === 'show') { + sidebar_window.update(target, container); + sidebar_window.show(); + } + if (action === 'hide') { + sidebar_window.update(target, container); + sidebar_window.hide(); + } + // binding click function + var body = 'body'; + $(body).off('click', elem); + $(body).on('click', elem, function (e) { + e.preventDefault(); + button = $(this); + container = button.data('container'); + target = button.data('target'); + sidebar_window.update(target, container, button); + /** + * Sidebar function on data container divide + * @return {Null} + */ + if (button.attr('aria-expanded') == 'false') { + sidebar_window.show(); + } else if (button.attr('aria-expanded') == 'true') { + sidebar_window.hide(); + } + }); +}; + +$.fn.collapse_nav_sub = function () { + var navSelector = 'ul.nav'; + + if (!$(navSelector).hasClass('collapse-nav-sub')) { + $(navSelector + ' > li', this).each(function () { + var position = $(this).offset().left - $(this).parent().scrollLeft(); + $(this).attr('data-absolute-position', (position + 5)); + }); + + $(navSelector + ' li', this).each(function () { + if ($('ul', this).length !== 0) { + $(this).addClass('has-sub'); + } + }); + + $(navSelector + ' > li', this).each(function () { + $(this).css({ + 'left': $(this).data('absolute-position'), + 'position': 'absolute' + }); + }); + + $(navSelector + ' li.has-sub', this).on('click', function () { + var elem = $(this); + if (elem.attr('aria-expanded') !== 'true') { + elem.siblings().fadeOut(100, function () { + elem.animate({'left': '15'}, 200, function () { + $(elem).first().children('ul').fadeIn(200); + }); + }); + elem.siblings().attr('aria-expanded', 'false'); + elem.attr('aria-expanded', 'true'); + } else { + $(elem).first().children('ul').fadeOut(100, function () { + elem.animate({'left': $(elem).data('absolute-position')}, 200, function () { + elem.siblings().fadeIn(100); + }); + }); + elem.siblings().attr('aria-expanded', 'false'); + elem.attr('aria-expanded', 'false'); + } + }); + + $(navSelector + ' > li.has-sub ul', this).on('click', function (e) { + e.stopPropagation(); + }); + $(navSelector).addClass('collapse-nav-sub'); + } +}; + +$(document).ready(function () { + loadNotificationsPanel(); + $.sidebar_toggle(); + + $("#right-sidebar").on("click", ".new-notification", function () { + var notificationId = $(this).data("id"); + var redirectUrl = $(this).data("url"); + var markAsReadNotificationsAPI = "/mdm-admin/notifications/" + notificationId + "/CHECKED"; + var messageSideBar = ".sidebar-messages"; + + invokerUtil.put( + markAsReadNotificationsAPI, + null, + function (data) { + data = JSON.parse(data); + if (data.statusCode == responseCodes["ACCEPTED"]) { + location.href = redirectUrl; + } + }, function () { + var content = "

  • Warning

    " + + "

    Unexpected error occurred while loading notification. Please refresh the page and" + + " try again

    • "; + $(messageSideBar).html(content); + } + ); + }); + + if (typeof $.fn.collapse == 'function') { + $('.navbar-collapse.tiles').on('shown.bs.collapse', function () { + $(this).collapse_nav_sub(); + }); + } +}); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/public/templates/notifications.hbs b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/public/templates/notifications.hbs new file mode 100644 index 0000000000..82edfc498f --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.navbar.nav-menu/public/templates/notifications.hbs @@ -0,0 +1,14 @@ +{{#each notifications}} +
  • +

    + + + Device Type : {{deviceIdentifier.type}} + +

    +

    {{description}}

    +
    • +{{/each}} \ No newline at end of file diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml index 74f6d9bcf3..0463e37cbb 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/pom.xml @@ -50,6 +50,10 @@ org.wso2.carbon.apimgt org.wso2.carbon.apimgt.impl + + org.wso2.carbon.apimgt + org.wso2.carbon.apimgt.keymgt + com.googlecode.json-simple.wso2 json-simple @@ -95,40 +99,41 @@ org.wso2.carbon.device.mgt.*, org.wso2.carbon.identity.application.common.model, org.wso2.carbon.identity.oauth.callback, - org.wso2.carbon.identity.oauth.common, org.wso2.carbon.identity.oauth2, org.wso2.carbon.identity.oauth2.model, org.wso2.carbon.identity.oauth2.validators, org.wso2.carbon.user.api, org.wso2.carbon.user.core.service, - org.wso2.carbon.identity.application.common.model, - org.wso2.carbon.identity.application.authentication.framework.model, org.wso2.carbon.user.core.tenant, org.json.simple, javax.cache, - javax.xml.namespace, - org.apache.axiom.om, org.wso2.carbon.apimgt.api, org.wso2.carbon.apimgt.impl, org.wso2.carbon.apimgt.impl.dao, org.wso2.carbon.apimgt.impl.utils, - org.wso2.carbon.identity.application.common.cache, org.wso2.carbon.identity.core.util, org.wso2.carbon.identity.oauth2.dto, org.wso2.carbon.identity.oauth2.token, - org.wso2.carbon.identity.oauth2.token.handlers.grant, - org.wso2.carbon.user.core, - org.wso2.carbon.user.core.config, - org.wso2.carbon.user.core.util, + org.apache.oltu.oauth2.common.validators, org.wso2.carbon.utils, org.wso2.carbon.context, org.wso2.carbon.identity.oauth.cache, org.wso2.carbon.identity.oauth.config, org.wso2.carbon.identity.oauth2.dao, org.wso2.carbon.utils.multitenancy, - org.wso2.carbon.base, org.wso2.carbon.identity.oauth2.grant.jwt.*, - org.wso2.carbon.device.mgt.core.* + org.wso2.carbon.device.mgt.core.*, + javax.xml.bind, + javax.xml.bind.annotation, + javax.xml.parsers, + org.w3c.dom, + org.wso2.carbon.apimgt.keymgt, + org.wso2.carbon.apimgt.keymgt.handlers, + com.google.gson, + org.apache.commons.codec.binary, + org.wso2.carbon.identity.application.authentication.framework.model, + org.apache.oltu.oauth2.common, + org.wso2.carbon.base diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/DeviceRequestDTO.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/DeviceRequestDTO.java new file mode 100644 index 0000000000..75c4b35b3a --- /dev/null +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/DeviceRequestDTO.java @@ -0,0 +1,30 @@ +package org.wso2.carbon.device.mgt.oauth.extensions; + +import org.wso2.carbon.device.mgt.common.DeviceIdentifier; + +import java.util.List; + +/** + * This class holds the request format for device for grant type. + */ +public class DeviceRequestDTO { + + private List deviceIdentifiers; + private String scope; + + public List getDeviceIdentifiers() { + return deviceIdentifiers; + } + + public void setDeviceIdentifiers(List deviceIdentifiers) { + this.deviceIdentifiers = deviceIdentifiers; + } + + public String getScope() { + return scope; + } + + public void setScope(String scope) { + this.scope = scope; + } +} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthConstants.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthConstants.java new file mode 100644 index 0000000000..eff890831d --- /dev/null +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthConstants.java @@ -0,0 +1,13 @@ +package org.wso2.carbon.device.mgt.oauth.extensions; + + +/** + * This hold the OAuthConstants related oauth extensions. + */ +public class OAuthConstants { + + public static final String DEFAULT_DEVICE_ASSERTION = "device"; + public static final String DEFAULT_USERNAME_IDENTIFIER = "username"; + public static final String DEFAULT_PASSWORD_IDENTIFIER = "password"; + +} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java index 97d7e5f5cf..b52d94b657 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java @@ -18,17 +18,25 @@ package org.wso2.carbon.device.mgt.oauth.extensions; +import com.google.gson.Gson; +import org.apache.commons.codec.binary.Base64; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.w3c.dom.Document; import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.impl.APIConstants; import org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO; import org.wso2.carbon.apimgt.impl.utils.APIUtil; +import org.wso2.carbon.apimgt.keymgt.ScopesIssuer; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.device.mgt.common.DeviceIdentifier; -import org.wso2.carbon.device.mgt.common.DeviceManagementException; +import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; +import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; +import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfig; +import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfigurationFailedException; import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; +import org.wso2.carbon.identity.oauth2.model.RequestParameter; import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; import org.wso2.carbon.user.api.TenantManager; import org.wso2.carbon.user.api.UserRealm; @@ -36,6 +44,9 @@ import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.core.service.RealmService; import javax.cache.Caching; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import java.io.File; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -51,7 +62,8 @@ public class OAuthExtUtils { private static final String UI_EXECUTE = "ui.execute"; private static final String REST_API_SCOPE_CACHE = "REST_API_SCOPE_CACHE"; private static final int START_INDEX = 0; - private static final String CDMF_SCOPE_SEPERATOR = "/"; + private static final String DEFAULT_SCOPE_TAG = "device-mgt"; + /** * This method is used to get the tenant id when given tenant domain. * @@ -114,7 +126,7 @@ public class OAuthExtUtils { restAPIScopesOfCurrentTenant = APIUtil. getRESTAPIScopesFromConfig(APIUtil.getTenantRESTAPIScopesConfig(tenantDomain)); - //call load tenant config for rest API. + //call load tenant org.wso2.carbon.device.mgt.iot.output.adapter.ui.config for rest API. //then put cache appScopes.putAll(restAPIScopesOfCurrentTenant); Caching.getCacheManager(APIConstants.API_MANAGER_CACHE_MANAGER) @@ -166,20 +178,6 @@ public class OAuthExtUtils { return false; } - /** - * Determines if the scope is specified with CDMF device scope prefix. - * - * @param scope - The scope key to check - * @return - 'true' if the scope has the prefix. 'false' if not. - */ - private static boolean isCDMFDeviceSpecificScope(String scope) { - // load white listed scopes - if (scope.startsWith(OAuthExtensionsDataHolder.getInstance().getDeviceScope())) { - return true; - } - return false; - } - /** * Get the set of default scopes. If a requested scope is matches with the patterns specified in the white list, * then such scopes will be issued without further validation. If the scope list is empty, @@ -275,27 +273,6 @@ public class OAuthExtUtils { else if (appScopes.containsKey(scope) || isWhiteListedScope(scope)) { authorizedScopes.add(scope); } - - //check whether is device specific scope (CDMF) - else if (isCDMFDeviceSpecificScope(scope)) { - PrivilegedCarbonContext.startTenantFlow(); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId, true); - try { - String deviceId[] = scope.split(CDMF_SCOPE_SEPERATOR); - DeviceIdentifier deviceIdentifier = new DeviceIdentifier(deviceId[2], deviceId[1]); - boolean enrolled = OAuthExtensionsDataHolder.getInstance().getDeviceManagementService().isEnrolled( - deviceIdentifier, tokReqMsgCtx.getAuthorizedUser().getUserName()); - if (enrolled) { - authorizedScopes.add(scope); - } - } catch (DeviceManagementException e) { - log.error("Error occurred while checking device scope with CDMF", e); - } catch (ArrayIndexOutOfBoundsException e) { - log.error("Invalid scope format, have to adhere [prefix/devicetype/deviceId]", e); - }finally { - PrivilegedCarbonContext.endTenantFlow(); - } - } } } catch (UserStoreException e) { log.error("Error occurred while initializing user store.", e); @@ -311,4 +288,82 @@ public class OAuthExtUtils { return trimmedName.substring(START_INDEX, trimmedName.lastIndexOf('@')); } + public static boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) { + boolean isScopesSet = ScopesIssuer.getInstance().setScopes(tokReqMsgCtx); + if (isScopesSet) { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain( + tokReqMsgCtx.getAuthorizedUser().getTenantDomain(), true); + String username = tokReqMsgCtx.getAuthorizedUser().getUserName(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username); + try { + + DeviceRequestDTO deviceRequestDTO = null; + RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters(); + for (RequestParameter parameter : parameters) { + if (OAuthConstants.DEFAULT_DEVICE_ASSERTION.equals(parameter.getKey())) { + String deviceJson = parameter.getValue()[0]; + Gson gson = new Gson(); + deviceRequestDTO = gson.fromJson(new String(Base64.decodeBase64(deviceJson)), + DeviceRequestDTO.class); + } + } + if (deviceRequestDTO != null) { + String requestScopes = deviceRequestDTO.getScope(); + String scopeNames[] = requestScopes.split(" "); + for (String scopeName : scopeNames) { + List deviceIdentifiers = deviceRequestDTO.getDeviceIdentifiers(); + DeviceAuthorizationResult deviceAuthorizationResult = OAuthExtensionsDataHolder.getInstance() + .getDeviceAccessAuthorizationService() + .isUserAuthorized(deviceIdentifiers, username, getPermissions(scopeName)); + if (deviceAuthorizationResult != null && + deviceAuthorizationResult.getAuthorizedDevices() != null) { + String scopes[] = tokReqMsgCtx.getScope(); + String authorizedScopes[] = new String[scopes.length + deviceAuthorizationResult + .getAuthorizedDevices().size()]; + int scopeIndex = 0; + for (String scope : scopes) { + authorizedScopes[scopeIndex] = scope; + scopeIndex++; + } + for (DeviceIdentifier deviceIdentifier : deviceAuthorizationResult.getAuthorizedDevices()) { + authorizedScopes[scopeIndex] = + DEFAULT_SCOPE_TAG + ":" + deviceIdentifier.getType() + ":" + + deviceIdentifier.getId() + ":" + scopeName; + scopeIndex++; + } + tokReqMsgCtx.setScope(authorizedScopes); + } + } + } + } catch (DeviceAccessAuthorizationException e) { + log.error("Error occurred while checking authorization for the user " + username, e); + } finally { + PrivilegedCarbonContext.endTenantFlow(); + } + } + return isScopesSet; + } + + /** + * retrieve the permission related to given scope. + * @param scopeName requested scope action + * @return set of permission associated with the given scope. + */ + private static String[] getPermissions(String scopeName) { + return DeviceMgtScopesConfig.getInstance().getDeviceMgtScopePermissionMap().get(scopeName); + } + + public static Document convertToDocument(File file) throws DeviceMgtScopesConfigurationFailedException { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + try { + DocumentBuilder docBuilder = factory.newDocumentBuilder(); + return docBuilder.parse(file); + } catch (Exception e) { + throw new DeviceMgtScopesConfigurationFailedException("Error occurred while parsing file, while converting " + + "to a org.w3c.dom.Document", e); + } + } + } diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Action.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Action.java new file mode 100644 index 0000000000..4f71e30801 --- /dev/null +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Action.java @@ -0,0 +1,90 @@ + +package org.wso2.carbon.device.mgt.oauth.extensions.config; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + +/** + *

    Java class for Action complex type. + * + *

    The following schema fragment specifies the expected content contained within this class. + * + * 

    + * <complexType name="Action">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="Permissions" type="{}Permissions"/>
+ *       </sequence>
+ *       <attribute name="name" type="{http://www.w3.org/2001/XMLSchema}string" />
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
    + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "Action", propOrder = { + "permissions" +}) +public class Action { + + @XmlElement(name = "Permissions", required = true) + protected Permissions permissions; + @XmlAttribute(name = "name") + protected String name; + + /** + * Gets the value of the permissions property. + * + * @return + * possible object is + * {@link Permissions } + * + */ + public Permissions getPermissions() { + return permissions; + } + + /** + * Sets the value of the permissions property. + * + * @param value + * allowed object is + * {@link Permissions } + * + */ + public void setPermissions(Permissions value) { + this.permissions = value; + } + + /** + * Gets the value of the name property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getName() { + return name; + } + + /** + * Sets the value of the name property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setName(String value) { + this.name = value; + } + +} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopes.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopes.java new file mode 100644 index 0000000000..07a46b2130 --- /dev/null +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopes.java @@ -0,0 +1,67 @@ + +package org.wso2.carbon.device.mgt.oauth.extensions.config; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlType; + + +/** + *

    Java class for DeviceMgtScopes complex type. + * + *

    The following schema fragment specifies the expected content contained within this class. + * + * 

    + * <complexType name="DeviceMgtScopes">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="Action" type="{}Action" maxOccurs="unbounded" minOccurs="0"/>
+ *       </sequence>
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
    + * + * + */ +@XmlRootElement(name = "DeviceMgtScopes") +public class DeviceMgtScopes { + + @XmlElement(name = "Action") + protected List action; + + /** + * Gets the value of the action property. + * + *

    + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a set method for the action property. + * + *

    + * For example, to add a new item, do as follows: + * 

    +     *    getAction().add(newItem);
+     *
    + * + * + *

    + * Objects of the following type(s) are allowed in the list + * {@link Action } + * + * + */ + public List getAction() { + if (action == null) { + action = new ArrayList(); + } + return this.action; + } + +} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfig.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfig.java new file mode 100644 index 0000000000..9f8d05760b --- /dev/null +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfig.java @@ -0,0 +1,67 @@ + +package org.wso2.carbon.device.mgt.oauth.extensions.config; + +import org.w3c.dom.Document; +import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils; +import org.wso2.carbon.utils.CarbonUtils; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; +import java.io.File; +import java.util.HashMap; +import java.util.Map; + +/** + * This class represents the configuration that are needed for scopes to permission map. + */ +public class DeviceMgtScopesConfig { + + private static DeviceMgtScopesConfig config = new DeviceMgtScopesConfig(); + private static Map actionPermissionMap = new HashMap<>(); + + private static final String DEVICE_MGT_SCOPES_CONFIG_PATH = + CarbonUtils.getEtcCarbonConfigDirPath() + File.separator + "device-mgt-scopes.xml"; + + private DeviceMgtScopesConfig() { + } + + public static DeviceMgtScopesConfig getInstance() { + return config; + } + + public static void init() throws DeviceMgtScopesConfigurationFailedException { + try { + File deviceMgtConfig = new File(DEVICE_MGT_SCOPES_CONFIG_PATH); + Document doc = OAuthExtUtils.convertToDocument(deviceMgtConfig); + + /* Un-marshaling DeviceMGtScope configuration */ + JAXBContext ctx = JAXBContext.newInstance(DeviceMgtScopes.class); + Unmarshaller unmarshaller = ctx.createUnmarshaller(); + //unmarshaller.setSchema(getSchema()); + DeviceMgtScopes deviceMgtScopes = (DeviceMgtScopes) unmarshaller.unmarshal(doc); + if (deviceMgtScopes != null) { + for (Action action : deviceMgtScopes.getAction()) { + Permissions permissions = action.getPermissions(); + if (permissions != null) { + String permission[] = new String[permissions.getPermission().size()]; + int i = 0; + for (String perm : permissions.getPermission()) { + permission[i] = perm; + i++; + } + actionPermissionMap.put(action.getName(), permission); + } + } + } + } catch (JAXBException e) { + throw new DeviceMgtScopesConfigurationFailedException("Error occurred while un-marshalling Device Scope" + + " Config", e); + } + } + + public Map getDeviceMgtScopePermissionMap() { + return actionPermissionMap; + } + +} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfigurationFailedException.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfigurationFailedException.java new file mode 100644 index 0000000000..7a16382c18 --- /dev/null +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/DeviceMgtScopesConfigurationFailedException.java @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.device.mgt.oauth.extensions.config; + +public class DeviceMgtScopesConfigurationFailedException extends Exception { + + private static final long serialVersionUID = -3151279312929070398L; + + public DeviceMgtScopesConfigurationFailedException(String msg, Exception nestedEx) { + super(msg, nestedEx); + } + + public DeviceMgtScopesConfigurationFailedException(String message, Throwable cause) { + super(message, cause); + } + + public DeviceMgtScopesConfigurationFailedException(String msg) { + super(msg); + } + + public DeviceMgtScopesConfigurationFailedException() { + super(); + } + + public DeviceMgtScopesConfigurationFailedException(Throwable cause) { + super(cause); + } +} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java new file mode 100644 index 0000000000..dd20c772af --- /dev/null +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java @@ -0,0 +1,78 @@ + +package org.wso2.carbon.device.mgt.oauth.extensions.config; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + +/** + *

    Java class for Permissions complex type. + * + *

    The following schema fragment specifies the expected content contained within this class. + * + * 

    + * <complexType name="Permissions">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="Permission" maxOccurs="unbounded" minOccurs="0">
+ *           <simpleType>
+ *             <restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ *               <enumeration value="/permission/device-mgt/user/groups/device_operation"/>
+ *               <enumeration value="/permission/device-mgt/admin/groups"/>
+ *               <enumeration value="/permission/device-mgt/user/groups"/>
+ *               <enumeration value="/permission/device-mgt/user/groups/device_monitor"/>
+ *             </restriction>
+ *           </simpleType>
+ *         </element>
+ *       </sequence>
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
    + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "Permissions", propOrder = { + "permission" +}) +public class Permissions { + + @XmlElement(name = "Permission") + protected List permission; + + /** + * Gets the value of the permission property. + * + *

    + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a set method for the permission property. + * + *

    + * For example, to add a new item, do as follows: + * 

    +     *    getPermission().add(newItem);
+     *
    + * + * + *

    + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List getPermission() { + if (permission == null) { + permission = new ArrayList(); + } + return this.permission; + } + +} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedJWTBearerGrantHandler.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtJWTBearerGrantHandler.java similarity index 77% rename from components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedJWTBearerGrantHandler.java rename to components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtJWTBearerGrantHandler.java index cb7fcdef19..b90ba6f715 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedJWTBearerGrantHandler.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtJWTBearerGrantHandler.java @@ -5,10 +5,10 @@ import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; import org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler; import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; -public class ExtendedJWTBearerGrantHandler extends JWTBearerGrantHandler { +public class ExtendedDeviceMgtJWTBearerGrantHandler extends JWTBearerGrantHandler { @Override public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception { - return OAuthExtUtils.setScopes(tokReqMsgCtx); + return OAuthExtUtils.validateScope(tokReqMsgCtx); } } diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java new file mode 100644 index 0000000000..04418991ee --- /dev/null +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler; +import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants; +import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils; +import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; +import org.wso2.carbon.identity.oauth2.model.RequestParameter; +import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; + +@SuppressWarnings("unused") +public class ExtendedDeviceMgtPasswordGrantHandler extends ExtendedPasswordGrantHandler { + + private static Log log = LogFactory.getLog(ExtendedDeviceMgtPasswordGrantHandler.class); + + @Override + public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception { + RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters(); + for (RequestParameter parameter : parameters) { + switch (parameter.getKey()) { + case OAuthConstants.DEFAULT_USERNAME_IDENTIFIER: + String username = parameter.getValue()[0]; + tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(username); + break; + + case OAuthConstants.DEFAULT_PASSWORD_IDENTIFIER: + String password = parameter.getValue()[0]; + tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerPassword(password); + break; + } + } + return super.validateGrant(tokReqMsgCtx); + } + + @Override + public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) { + return OAuthExtUtils.validateScope(tokReqMsgCtx); + } + +} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedPasswordGrantHandler.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedPasswordGrantHandler.java deleted file mode 100644 index d39ea69f0c..0000000000 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedPasswordGrantHandler.java +++ /dev/null @@ -1,328 +0,0 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant; - -import org.apache.axiom.om.OMElement; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils; -import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder; -import org.wso2.carbon.identity.application.common.cache.BaseCache; -import org.wso2.carbon.identity.core.util.IdentityConfigParser; -import org.wso2.carbon.identity.core.util.IdentityCoreConstants; -import org.wso2.carbon.identity.core.util.IdentityTenantUtil; -import org.wso2.carbon.identity.oauth.common.OAuthConstants; -import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; -import org.wso2.carbon.identity.oauth2.ResponseHeader; -import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO; -import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; -import org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler; -import org.wso2.carbon.user.api.Claim; -import org.wso2.carbon.user.api.UserStoreException; -import org.wso2.carbon.user.api.UserStoreManager; -import org.wso2.carbon.user.core.UserRealm; -import org.wso2.carbon.user.core.config.RealmConfiguration; -import org.wso2.carbon.user.core.service.RealmService; -import org.wso2.carbon.user.core.util.UserCoreUtil; - -import javax.xml.namespace.QName; -import java.util.*; -import java.util.concurrent.ConcurrentHashMap; - -@SuppressWarnings("unused") -public class ExtendedPasswordGrantHandler extends PasswordGrantHandler { - - private static Log log = LogFactory.getLog(ExtendedPasswordGrantHandler.class); - - private static final String CONFIG_ELEM_OAUTH = "OAuth"; - - // Claims that are set as response headers of access token response - private static final String REQUIRED_CLAIM_URIS = "RequiredRespHeaderClaimUris"; - private BaseCache userClaimsCache; - - // Primary/Secondary Login configuration - private static final String CLAIM_URI = "ClaimUri"; - private static final String LOGIN_CONFIG = "LoginConfig"; - private static final String USERID_LOGIN = "UserIdLogin"; - private static final String EMAIL_LOGIN = "EmailLogin"; - private static final String PRIMARY_LOGIN = "primary"; - - private Map> loginConfiguration = new ConcurrentHashMap<>(); - - private List requiredHeaderClaimUris = new ArrayList<>(); - - public void init() throws IdentityOAuth2Exception { - - super.init(); - - IdentityConfigParser configParser; - configParser = IdentityConfigParser.getInstance(); - OMElement oauthElem = configParser.getConfigElement(CONFIG_ELEM_OAUTH); - - // Get the required claim uris that needs to be included in the response. - parseRequiredHeaderClaimUris(oauthElem.getFirstChildWithName(getQNameWithIdentityNS(REQUIRED_CLAIM_URIS))); - - // read login config - parseLoginConfig(oauthElem); - - userClaimsCache = new BaseCache<>("UserClaimsCache"); - if (log.isDebugEnabled()) { - log.debug("Successfully created UserClaimsCache under " + OAuthConstants.OAUTH_CACHE_MANAGER); - } - } - - @Override - public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) - throws IdentityOAuth2Exception { - - OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO(); - String username = oAuth2AccessTokenReqDTO.getResourceOwnerUsername(); - String loginUserName = getLoginUserName(username); - tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(loginUserName); - - boolean isValidated = super.validateGrant(tokReqMsgCtx); - - if (isValidated) { - - int tenantId; - tenantId = IdentityTenantUtil.getTenantIdOfUser(username); - - RealmService realmService = OAuthExtensionsDataHolder.getInstance().getRealmService(); - UserStoreManager userStoreManager; - try { - userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager(); - } catch (UserStoreException e) { - log.error("Error when getting the tenant's UserStoreManager", e); - return false; - } - - List respHeaders = new ArrayList<>(); - - if (oAuth2AccessTokenReqDTO.getResourceOwnerUsername() != null) { - try { - if (requiredHeaderClaimUris != null && !requiredHeaderClaimUris.isEmpty()) { - // Get user's claim values from the default profile. - String userStoreDomain = tokReqMsgCtx.getAuthorizedUser().getUserStoreDomain(); - - String endUsernameWithDomain = UserCoreUtil. - addDomainToName(oAuth2AccessTokenReqDTO.getResourceOwnerUsername(), userStoreDomain); - - Claim[] mapClaimValues = getUserClaimValues(endUsernameWithDomain, userStoreManager); - - if (mapClaimValues != null && mapClaimValues.length > 0) { - ResponseHeader header; - for (String claimUri : requiredHeaderClaimUris) { - for (Claim claim : mapClaimValues) { - if (claimUri.equals(claim.getClaimUri())) { - header = new ResponseHeader(); - header.setKey(claim.getDisplayTag()); - header.setValue(claim.getValue()); - respHeaders.add(header); - break; - } - } - } - } else if (log.isDebugEnabled()) { - log.debug("No claim values for user : " + endUsernameWithDomain); - } - } - } catch (Exception e) { - throw new IdentityOAuth2Exception("Error occurred while retrieving user claims", e); - } - } - tokReqMsgCtx.addProperty("RESPONSE_HEADERS", respHeaders.toArray(new ResponseHeader[respHeaders.size()])); - } - - return isValidated; - } - - @Override - public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) { - return OAuthExtUtils.setScopes(tokReqMsgCtx); - } - - private String getLoginUserName(String userID) { - String loginUserName = userID; - if (isSecondaryLogin(userID)) { - loginUserName = getPrimaryFromSecondary(userID); - } - return loginUserName; - } - - /** - * Identify whether the logged in user used his Primary Login name or - * Secondary login name - * - * @param userId - The username used to login. - * @return true if secondary login name is used, - * false if primary login name has been used - */ - private boolean isSecondaryLogin(String userId) { - - if (loginConfiguration.get(EMAIL_LOGIN) != null) { - Map emailConf = loginConfiguration.get(EMAIL_LOGIN); - if ("true".equalsIgnoreCase(emailConf.get(PRIMARY_LOGIN))) { - return !isUserLoggedInEmail(userId); - } else if ("false".equalsIgnoreCase(emailConf.get(PRIMARY_LOGIN))) { - return isUserLoggedInEmail(userId); - } - } else if (loginConfiguration.get(USERID_LOGIN) != null) { - Map userIdConf = loginConfiguration.get(USERID_LOGIN); - if ("true".equalsIgnoreCase(userIdConf.get(PRIMARY_LOGIN))) { - return isUserLoggedInEmail(userId); - } else if ("false".equalsIgnoreCase(userIdConf.get(PRIMARY_LOGIN))) { - return !isUserLoggedInEmail(userId); - } - } - return false; - } - - /** - * Identify whether the logged in user used his ordinal username or email - * - * @param userId - username used to login. - * @return - true if userId contains '@'. false otherwise - */ - private boolean isUserLoggedInEmail(String userId) { - return userId.contains("@"); - } - - /** - * Get the primaryLogin name using secondary login name. Primary secondary - * Configuration is provided in the identitiy.xml. In the userstore, it is - * users responsibility TO MAINTAIN THE SECONDARY LOGIN NAME AS UNIQUE for - * each and every users. If it is not unique, we will pick the very first - * entry from the userlist. - * - * @param login - username used to login. - * @return - - */ - private String getPrimaryFromSecondary(String login) { - - String claimURI, username = null; - if (isUserLoggedInEmail(login)) { - Map emailConf = loginConfiguration.get(EMAIL_LOGIN); - claimURI = emailConf.get(CLAIM_URI); - } else { - Map userIdConf = loginConfiguration.get(USERID_LOGIN); - claimURI = userIdConf.get(CLAIM_URI); - } - - try { - RealmService realmSvc = OAuthExtensionsDataHolder.getInstance().getRealmService(); - RealmConfiguration config = new RealmConfiguration(); - UserRealm realm = realmSvc.getUserRealm(config); - org.wso2.carbon.user.core.UserStoreManager storeManager = realm.getUserStoreManager(); - String[] user = storeManager.getUserList(claimURI, login, null); - if (user.length > 0) { - username = user[0]; - } - } catch (UserStoreException e) { - log.error("Error while retrieving the primaryLogin name using secondary login name : " + login, e); - } - return username; - } - - private Claim[] getUserClaimValues(String authorizedUser, UserStoreManager userStoreManager) - throws - UserStoreException { - Claim[] userClaims = userClaimsCache.getValueFromCache(authorizedUser); - if (userClaims != null) { - return userClaims; - } else { - if (log.isDebugEnabled()) { - log.debug("Cache miss for user claims. Username :" + authorizedUser); - } - userClaims = userStoreManager.getUserClaimValues( - authorizedUser, null); - userClaimsCache.addToCache(authorizedUser, userClaims); - return userClaims; - } - } - - /** - * Read the required claim configuration from identity.xml - */ - private void parseRequiredHeaderClaimUris(OMElement requiredClaimUrisElem) { - if (requiredClaimUrisElem == null) { - return; - } - - Iterator claimUris = requiredClaimUrisElem.getChildrenWithLocalName(CLAIM_URI); - if (claimUris != null) { - while (claimUris.hasNext()) { - OMElement claimUri = (OMElement) claimUris.next(); - if (claimUri != null) { - requiredHeaderClaimUris.add(claimUri.getText()); - } - } - } - } - - /** - * Read the primary/secondary login configuration - * - * .... - * - * - * - * - * - * http://wso2.org/claims/emailaddress - * - * - * ..... - * - * - * @param oauthConfigElem - The '' xml configuration element in the api-manager.xml - */ - private void parseLoginConfig(OMElement oauthConfigElem) { - OMElement loginConfigElem = oauthConfigElem.getFirstChildWithName(getQNameWithIdentityNS(LOGIN_CONFIG)); - if (loginConfigElem != null) { - if (log.isDebugEnabled()) { - log.debug("Login configuration is set "); - } - // Primary/Secondary supported login mechanisms - OMElement emailConfigElem = loginConfigElem.getFirstChildWithName(getQNameWithIdentityNS(EMAIL_LOGIN)); - - OMElement userIdConfigElem = loginConfigElem.getFirstChildWithName(getQNameWithIdentityNS(USERID_LOGIN)); - - Map emailConf = new HashMap(2); - emailConf.put(PRIMARY_LOGIN, - emailConfigElem.getAttributeValue(new QName(PRIMARY_LOGIN))); - emailConf.put(CLAIM_URI, - emailConfigElem.getFirstChildWithName(getQNameWithIdentityNS(CLAIM_URI)) - .getText()); - - Map userIdConf = new HashMap(2); - userIdConf.put(PRIMARY_LOGIN, - userIdConfigElem.getAttributeValue(new QName(PRIMARY_LOGIN))); - userIdConf.put(CLAIM_URI, - userIdConfigElem.getFirstChildWithName(getQNameWithIdentityNS(CLAIM_URI)) - .getText()); - - loginConfiguration.put(EMAIL_LOGIN, emailConf); - loginConfiguration.put(USERID_LOGIN, userIdConf); - } - } - - private QName getQNameWithIdentityNS(String localPart) { - return new QName(IdentityCoreConstants.IDENTITY_DEFAULT_NAMESPACE, localPart); - } -} diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionServiceComponent.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionServiceComponent.java index 350de887a4..8e483bd1a4 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionServiceComponent.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionServiceComponent.java @@ -24,8 +24,12 @@ import org.osgi.service.component.ComponentContext; import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.impl.APIConstants; import org.wso2.carbon.apimgt.impl.APIManagerConfiguration; +import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; +import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; +import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfig; +import org.wso2.carbon.device.mgt.oauth.extensions.config.DeviceMgtScopesConfigurationFailedException; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.utils.CarbonUtils; @@ -54,12 +58,12 @@ import java.util.List; * policy="dynamic" * bind="setPermissionManagerService" * unbind="unsetPermissionManagerService" - * @scr.reference name="org.wso2.carbon.device.manager" - * interface="org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService" + * @scr.reference name="org.wso2.carbon.device.authorization" + * interface="org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService" * cardinality="1..1" * policy="dynamic" - * bind="setDeviceManagementService" - * unbind="unsetDeviceManagementService" + * bind="setDeviceAccessAuthorizationService" + * unbind="unsetDeviceAccessAuthorizationService" */ public class OAuthExtensionServiceComponent { @@ -67,8 +71,6 @@ public class OAuthExtensionServiceComponent { private static final String REPOSITORY = "repository"; private static final String CONFIGURATION = "conf"; private static final String APIM_CONF_FILE = "api-manager.xml"; - private static final String API_KEY_MANGER_DEVICE_SCOPE = "APIKeyValidator.DeviceScope"; - private static final String CDMF_DEVICE_SCOPE_PREFIX = "cdmf_"; @SuppressWarnings("unused") @@ -77,6 +79,8 @@ public class OAuthExtensionServiceComponent { log.debug("Starting OAuthExtensionBundle"); } try { + DeviceMgtScopesConfig.init(); + APIManagerConfiguration configuration = new APIManagerConfiguration(); String filePath = new StringBuilder(). append(CarbonUtils.getCarbonHome()). @@ -102,18 +106,10 @@ public class OAuthExtensionServiceComponent { } OAuthExtensionsDataHolder.getInstance().setWhitelistedScopes(whiteList); - - // Read device scope(Specific to CDMF) from Configuration. - String deviceScope = configuration.getFirstProperty(API_KEY_MANGER_DEVICE_SCOPE); - - if (deviceScope == null) { - deviceScope = CDMF_DEVICE_SCOPE_PREFIX; - } - - OAuthExtensionsDataHolder.getInstance().setDeviceScope(deviceScope); - } catch (APIManagementException e) { - log.error("Error occurred while loading APIM configurations", e); + log.error("Error occurred while loading DeviceMgtConfig configurations", e); + } catch (DeviceMgtScopesConfigurationFailedException e) { + log.error("Failed to initialize device scope configuration.", e); } } @@ -198,24 +194,24 @@ public class OAuthExtensionServiceComponent { /** * Set DeviceManagementProviderService - * @param deviceManagerService An instance of PermissionManagerService + * @param deviceAccessAuthorizationService An instance of deviceAccessAuthorizationService */ - protected void setDeviceManagementService(DeviceManagementProviderService deviceManagerService) { + protected void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) { if (log.isDebugEnabled()) { log.debug("Setting Device Management Service"); } - OAuthExtensionsDataHolder.getInstance().setDeviceManagementService(deviceManagerService); + OAuthExtensionsDataHolder.getInstance().setDeviceAccessAuthorizationService(deviceAccessAuthorizationService); } /** * unset DeviceManagementProviderService - * @param deviceManagementService An instance of PermissionManagerService + * @param deviceAccessAuthorizationService An instance of deviceAccessAuthorizationService */ - protected void unsetDeviceManagementService(DeviceManagementProviderService deviceManagementService) { + protected void unsetDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) { if (log.isDebugEnabled()) { log.debug("Removing Device Management Service"); } - OAuthExtensionsDataHolder.getInstance().setDeviceManagementService(null); + OAuthExtensionsDataHolder.getInstance().setDeviceAccessAuthorizationService(null); } } diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java index 2f052094d7..5e4d953fc4 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/OAuthExtensionsDataHolder.java @@ -18,6 +18,7 @@ package org.wso2.carbon.device.mgt.oauth.extensions.internal; +import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; @@ -35,7 +36,7 @@ public class OAuthExtensionsDataHolder { private PermissionManagerService permissionManagerService; private List whitelistedScopes; private String deviceScope; - private DeviceManagementProviderService deviceManagementService; + private DeviceAccessAuthorizationService deviceAccessAuthorizationService; private static OAuthExtensionsDataHolder thisInstance = new OAuthExtensionsDataHolder(); @@ -87,19 +88,15 @@ public class OAuthExtensionsDataHolder { this.whitelistedScopes = whitelistedScopes; } - public void setDeviceScope(String deviceScope) { - this.deviceScope = deviceScope; - } - public String getDeviceScope() { return deviceScope; } - public DeviceManagementProviderService getDeviceManagementService() { - return deviceManagementService; + public DeviceAccessAuthorizationService getDeviceAccessAuthorizationService() { + return deviceAccessAuthorizationService; } - public void setDeviceManagementService(DeviceManagementProviderService deviceManagementService) { - this.deviceManagementService = deviceManagementService; + public void setDeviceAccessAuthorizationService(DeviceAccessAuthorizationService deviceAccessAuthorizationService) { + this.deviceAccessAuthorizationService = deviceAccessAuthorizationService; } } diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java new file mode 100644 index 0000000000..903c3997d4 --- /dev/null +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License + */ + +package org.wso2.carbon.device.mgt.oauth.extensions.validators; + +import org.apache.oltu.oauth2.common.OAuth; +import org.apache.oltu.oauth2.common.validators.AbstractValidator; +import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants; + +import javax.servlet.http.HttpServletRequest; + +/** + * Grant validator for JSON Web Tokens + * For JWT Grant to be valid the required parameters are + * grant_type and assertion + */ +public class ExtendedDeviceJWTGrantValidator extends AbstractValidator { + + public ExtendedDeviceJWTGrantValidator() { + requiredParams.add(OAuth.OAUTH_GRANT_TYPE); + requiredParams.add(OAuth.OAUTH_ASSERTION); + } +} \ No newline at end of file diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDevicePasswordGrantValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDevicePasswordGrantValidator.java new file mode 100644 index 0000000000..e22b211f5f --- /dev/null +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDevicePasswordGrantValidator.java @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License + */ + +package org.wso2.carbon.device.mgt.oauth.extensions.validators; + +import org.apache.oltu.oauth2.common.OAuth; +import org.apache.oltu.oauth2.common.validators.AbstractValidator; +import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants; + +import javax.servlet.http.HttpServletRequest; + +/** + * Grant validator for Device Object with Password Grant type + */ +public class ExtendedDevicePasswordGrantValidator extends AbstractValidator { + + public ExtendedDevicePasswordGrantValidator() { + requiredParams.add(OAuth.OAUTH_USERNAME); + requiredParams.add(OAuth.OAUTH_PASSWORD); + requiredParams.add(OAuthConstants.DEFAULT_DEVICE_ASSERTION); + } +} \ No newline at end of file diff --git a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java index b4081fa600..55da4229b3 100644 --- a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java +++ b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java @@ -44,6 +44,7 @@ import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.List; +import java.util.Map; /** * this class represents an implementation of Token Client which is based on JWT @@ -63,14 +64,10 @@ public class JWTClient { this.isDefaultJWTClient = isDefaultJWTClient; } - - /** - * {@inheritDoc} - */ public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes) throws JWTClientException { List params = new ArrayList<>(); - params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, JWTConstants.JWT_GRANT_TYPE)); + params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType())); String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient); if (assertion == null) { throw new JWTClientException("JWT is not configured properly for user : " + username); @@ -80,9 +77,26 @@ public class JWTClient { return getTokenInfo(params, consumerKey, consumerSecret); } - /** - * {@inheritDoc} - */ + public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes, + Map paramsMap) + throws JWTClientException { + List params = new ArrayList<>(); + params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType())); + String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient); + if (assertion == null) { + throw new JWTClientException("JWT is not configured properly for user : " + username); + } + params.add(new BasicNameValuePair(JWTConstants.JWT_PARAM_NAME, assertion)); + params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes)); + if (paramsMap != null) { + for (String key : paramsMap.keySet()) { + params.add(new BasicNameValuePair(key, paramsMap.get(key))); + } + } + return getTokenInfo(params, consumerKey, consumerSecret); + } + + public AccessTokenInfo getAccessTokenFromRefreshToken(String refreshToken, String username, String scopes, String consumerKey, String consumerSecret) throws JWTClientException { diff --git a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/dto/JWTConfig.java b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/dto/JWTConfig.java index 11ee9053ae..67ebcb4099 100644 --- a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/dto/JWTConfig.java +++ b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/dto/JWTConfig.java @@ -1,6 +1,7 @@ package org.wso2.carbon.identity.jwt.client.extension.dto; import org.wso2.carbon.core.util.Utils; +import org.wso2.carbon.identity.jwt.client.extension.constant.JWTConstants; import java.util.ArrayList; import java.util.List; @@ -20,6 +21,7 @@ public class JWTConfig { private static final String JKS_PASSWORD ="KeyStorePassword"; private static final String JKA_PRIVATE_KEY_PASSWORD = "PrivateKeyPassword"; private static final String TOKEN_ENDPOINT = "TokenEndpoint"; + private static final String JWT_GRANT_TYPE_NAME = "GrantType"; /** * issuer of the JWT @@ -69,6 +71,11 @@ public class JWTConfig { private String privateKeyAlias; private String privateKeyPassword; + /** + * Jwt Grant Type Name + */ + private String jwtGrantType; + /** * @param properties load the config from the properties file. */ @@ -89,6 +96,8 @@ public class JWTConfig { privateKeyAlias = properties.getProperty(JKS_PRIVATE_KEY_ALIAS); privateKeyPassword = properties.getProperty(JKA_PRIVATE_KEY_PASSWORD); tokenEndpoint = properties.getProperty(TOKEN_ENDPOINT, ""); + jwtGrantType = properties.getProperty(JWT_GRANT_TYPE_NAME, JWTConstants.JWT_GRANT_TYPE); + } private static List getAudience(String audience){ @@ -146,4 +155,8 @@ public class JWTConfig { public String getTokenEndpoint() { return Utils.replaceSystemProperty(tokenEndpoint); } + + public String getJwtGrantType() { + return jwtGrantType; + } } diff --git a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/mgt/impl/FeatureManagerImpl.java b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/mgt/impl/FeatureManagerImpl.java index ea3ed7cd7f..ee4102bfc9 100644 --- a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/mgt/impl/FeatureManagerImpl.java +++ b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/mgt/impl/FeatureManagerImpl.java @@ -245,7 +245,7 @@ public class FeatureManagerImpl implements FeatureManager { @Override public List getFeaturesForProfile(int profileId) throws FeatureManagementException { try { - DeviceManagementDAOFactory.openConnection(); + PolicyManagementDAOFactory.openConnection(); return featureDAO.getFeaturesForProfile(profileId); } catch (FeatureManagerDAOException e) { throw new FeatureManagementException("Error occurred while getting the features", e); diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/OAuthTokenValidationException.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/OAuthTokenValidationException.java index 9cab2c5db7..42dbfe417c 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/OAuthTokenValidationException.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/oauth/OAuthTokenValidationException.java @@ -25,29 +25,16 @@ public class OAuthTokenValidationException extends Exception { private static final long serialVersionUID = -3151279311929070297L; - private String errorMessage; - - public String getErrorMessage() { - return errorMessage; - } - - public void setErrorMessage(String errorMessage) { - this.errorMessage = errorMessage; - } - public OAuthTokenValidationException(String msg, Exception nestedEx) { super(msg, nestedEx); - setErrorMessage(msg); } public OAuthTokenValidationException(String message, Throwable cause) { super(message, cause); - setErrorMessage(message); } public OAuthTokenValidationException(String msg) { super(msg); - setErrorMessage(msg); } public OAuthTokenValidationException() { diff --git a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/h2.sql b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/h2.sql index e9894b7997..f3f3735e50 100644 --- a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/h2.sql +++ b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/src/main/resources/dbscripts/cdm/h2.sql @@ -26,8 +26,9 @@ CREATE TABLE IF NOT EXISTS DM_DEVICE ( LAST_UPDATED_TIMESTAMP TIMESTAMP NOT NULL, TENANT_ID INTEGER DEFAULT 0, PRIMARY KEY (ID), - CONSTRAINT fk_DM_DEVICE_DM_DEVICE_TYPE2 FOREIGN KEY (DEVICE_TYPE_ID ) - REFERENCES DM_DEVICE_TYPE (ID) ON DELETE NO ACTION ON UPDATE NO ACTION + CONSTRAINT fk_DM_DEVICE_DM_DEVICE_TYPE2 FOREIGN KEY (DEVICE_TYPE_ID) + REFERENCES DM_DEVICE_TYPE (ID) ON DELETE NO ACTION ON UPDATE NO ACTION, + CONSTRAINT uk_DM_DEVICE UNIQUE (NAME, DEVICE_TYPE_ID, DEVICE_IDENTIFICATION, TENANT_ID) ); CREATE TABLE IF NOT EXISTS DM_DEVICE_GROUP_MAP ( @@ -96,7 +97,8 @@ CREATE TABLE IF NOT EXISTS DM_ENROLMENT ( TENANT_ID INT NOT NULL, PRIMARY KEY (ID), CONSTRAINT fk_dm_device_enrolment FOREIGN KEY (DEVICE_ID) REFERENCES - DM_DEVICE (ID) ON DELETE NO ACTION ON UPDATE NO ACTION + DM_DEVICE (ID) ON DELETE NO ACTION ON UPDATE NO ACTION, + CONSTRAINT uk_dm_device_enrolment UNIQUE (DEVICE_ID, OWNER, OWNERSHIP, TENANT_ID) ); CREATE TABLE IF NOT EXISTS DM_ENROLMENT_OP_MAPPING ( diff --git a/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/build.properties b/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/build.properties new file mode 100644 index 0000000000..33bb0980d3 --- /dev/null +++ b/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/build.properties @@ -0,0 +1,19 @@ +# +# Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +# +# WSO2 Inc. licenses this file to you under the Apache License, +# Version 2.0 (the "License"); you may not use this file except +# in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +custom = true diff --git a/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/device-mgt-scopes.xml b/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/device-mgt-scopes.xml new file mode 100644 index 0000000000..a76191cce0 --- /dev/null +++ b/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/device-mgt-scopes.xml @@ -0,0 +1,51 @@ + + + + + + + + + /permission/device-mgt/user/groups/device_operation + /permission/device-mgt/admin/groups + /permission/device-mgt/user/groups + + + + + /permission/device-mgt/user/groups/device_monitor + /permission/device-mgt/admin/groups + /permission/device-mgt/user/groups + + + + + /permission/device-mgt/user/groups/device_monitor + /permission/device-mgt/admin/groups + /permission/device-mgt/user/groups + + + + + /permission/device-mgt/user/groups/device_operation + /permission/device-mgt/admin/groups + /permission/device-mgt/user/groups + + + \ No newline at end of file diff --git a/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/p2.inf b/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/p2.inf new file mode 100644 index 0000000000..6f97c8724c --- /dev/null +++ b/features/oauth-extensions/org.wso2.carbon.device.mgt.oauth.extensions.feature/src/main/resources/p2.inf @@ -0,0 +1,2 @@ +instructions.configure = \ +org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.oauth.extensions_${feature.version}/device-mgt-scopes.xml,target:${installFolder}/../../conf/etc/device-mgt-scopes.xml,overwrite:true);\ diff --git a/pom.xml b/pom.xml index 41fb7eab3d..f14a0c3a44 100644 --- a/pom.xml +++ b/pom.xml @@ -780,6 +780,11 @@ org.wso2.carbon.apimgt.keymgt.client ${carbon.api.mgt.version} + + org.wso2.carbon.apimgt + org.wso2.carbon.apimgt.keymgt + ${carbon.api.mgt.version} + org.wso2.carbon.apimgt org.wso2.carbon.apimgt.impl