forked from community/device-mgt-core
parent
28faf53802
commit
fe263efe60
@ -1,30 +0,0 @@
|
|||||||
package org.wso2.carbon.device.mgt.oauth.extensions;
|
|
||||||
|
|
||||||
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
|
|
||||||
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This class holds the request format for device for grant type.
|
|
||||||
*/
|
|
||||||
public class DeviceRequestDTO {
|
|
||||||
|
|
||||||
private List<DeviceIdentifier> deviceIdentifiers;
|
|
||||||
private String scope;
|
|
||||||
|
|
||||||
public List<DeviceIdentifier> getDeviceIdentifiers() {
|
|
||||||
return deviceIdentifiers;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setDeviceIdentifiers(List<DeviceIdentifier> deviceIdentifiers) {
|
|
||||||
this.deviceIdentifiers = deviceIdentifiers;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getScope() {
|
|
||||||
return scope;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setScope(String scope) {
|
|
||||||
this.scope = scope;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,13 +0,0 @@
|
|||||||
package org.wso2.carbon.device.mgt.oauth.extensions;
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This hold the OAuthConstants related oauth extensions.
|
|
||||||
*/
|
|
||||||
public class OAuthConstants {
|
|
||||||
|
|
||||||
public static final String DEFAULT_DEVICE_ASSERTION = "device";
|
|
||||||
public static final String DEFAULT_USERNAME_IDENTIFIER = "username";
|
|
||||||
public static final String DEFAULT_PASSWORD_IDENTIFIER = "password";
|
|
||||||
|
|
||||||
}
|
|
@ -1,90 +0,0 @@
|
|||||||
|
|
||||||
package org.wso2.carbon.device.mgt.oauth.extensions.config;
|
|
||||||
|
|
||||||
import javax.xml.bind.annotation.XmlAccessType;
|
|
||||||
import javax.xml.bind.annotation.XmlAccessorType;
|
|
||||||
import javax.xml.bind.annotation.XmlAttribute;
|
|
||||||
import javax.xml.bind.annotation.XmlElement;
|
|
||||||
import javax.xml.bind.annotation.XmlType;
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* <p>Java class for Action complex type.
|
|
||||||
*
|
|
||||||
* <p>The following schema fragment specifies the expected content contained within this class.
|
|
||||||
*
|
|
||||||
* <pre>
|
|
||||||
* <complexType name="Action">
|
|
||||||
* <complexContent>
|
|
||||||
* <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
|
|
||||||
* <sequence>
|
|
||||||
* <element name="Permissions" type="{}Permissions"/>
|
|
||||||
* </sequence>
|
|
||||||
* <attribute name="name" type="{http://www.w3.org/2001/XMLSchema}string" />
|
|
||||||
* </restriction>
|
|
||||||
* </complexContent>
|
|
||||||
* </complexType>
|
|
||||||
* </pre>
|
|
||||||
*
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
@XmlAccessorType(XmlAccessType.FIELD)
|
|
||||||
@XmlType(name = "Action", propOrder = {
|
|
||||||
"permissions"
|
|
||||||
})
|
|
||||||
public class Action {
|
|
||||||
|
|
||||||
@XmlElement(name = "Permissions", required = true)
|
|
||||||
protected Permissions permissions;
|
|
||||||
@XmlAttribute(name = "name")
|
|
||||||
protected String name;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets the value of the permissions property.
|
|
||||||
*
|
|
||||||
* @return
|
|
||||||
* possible object is
|
|
||||||
* {@link Permissions }
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
public Permissions getPermissions() {
|
|
||||||
return permissions;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Sets the value of the permissions property.
|
|
||||||
*
|
|
||||||
* @param value
|
|
||||||
* allowed object is
|
|
||||||
* {@link Permissions }
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
public void setPermissions(Permissions value) {
|
|
||||||
this.permissions = value;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets the value of the name property.
|
|
||||||
*
|
|
||||||
* @return
|
|
||||||
* possible object is
|
|
||||||
* {@link String }
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
public String getName() {
|
|
||||||
return name;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Sets the value of the name property.
|
|
||||||
*
|
|
||||||
* @param value
|
|
||||||
* allowed object is
|
|
||||||
* {@link String }
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
public void setName(String value) {
|
|
||||||
this.name = value;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,67 +0,0 @@
|
|||||||
|
|
||||||
package org.wso2.carbon.device.mgt.oauth.extensions.config;
|
|
||||||
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.List;
|
|
||||||
import javax.xml.bind.annotation.XmlAccessType;
|
|
||||||
import javax.xml.bind.annotation.XmlAccessorType;
|
|
||||||
import javax.xml.bind.annotation.XmlElement;
|
|
||||||
import javax.xml.bind.annotation.XmlRootElement;
|
|
||||||
import javax.xml.bind.annotation.XmlType;
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* <p>Java class for DeviceMgtScopes complex type.
|
|
||||||
*
|
|
||||||
* <p>The following schema fragment specifies the expected content contained within this class.
|
|
||||||
*
|
|
||||||
* <pre>
|
|
||||||
* <complexType name="DeviceMgtScopes">
|
|
||||||
* <complexContent>
|
|
||||||
* <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
|
|
||||||
* <sequence>
|
|
||||||
* <element name="Action" type="{}Action" maxOccurs="unbounded" minOccurs="0"/>
|
|
||||||
* </sequence>
|
|
||||||
* </restriction>
|
|
||||||
* </complexContent>
|
|
||||||
* </complexType>
|
|
||||||
* </pre>
|
|
||||||
*
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
@XmlRootElement(name = "DeviceMgtScopes")
|
|
||||||
public class DeviceMgtScopes {
|
|
||||||
|
|
||||||
@XmlElement(name = "Action")
|
|
||||||
protected List<Action> action;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets the value of the action property.
|
|
||||||
*
|
|
||||||
* <p>
|
|
||||||
* This accessor method returns a reference to the live list,
|
|
||||||
* not a snapshot. Therefore any modification you make to the
|
|
||||||
* returned list will be present inside the JAXB object.
|
|
||||||
* This is why there is not a <CODE>set</CODE> method for the action property.
|
|
||||||
*
|
|
||||||
* <p>
|
|
||||||
* For example, to add a new item, do as follows:
|
|
||||||
* <pre>
|
|
||||||
* getAction().add(newItem);
|
|
||||||
* </pre>
|
|
||||||
*
|
|
||||||
*
|
|
||||||
* <p>
|
|
||||||
* Objects of the following type(s) are allowed in the list
|
|
||||||
* {@link Action }
|
|
||||||
*
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
public List<Action> getAction() {
|
|
||||||
if (action == null) {
|
|
||||||
action = new ArrayList<Action>();
|
|
||||||
}
|
|
||||||
return this.action;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,67 +0,0 @@
|
|||||||
|
|
||||||
package org.wso2.carbon.device.mgt.oauth.extensions.config;
|
|
||||||
|
|
||||||
import org.w3c.dom.Document;
|
|
||||||
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
|
|
||||||
import org.wso2.carbon.utils.CarbonUtils;
|
|
||||||
|
|
||||||
import javax.xml.bind.JAXBContext;
|
|
||||||
import javax.xml.bind.JAXBException;
|
|
||||||
import javax.xml.bind.Unmarshaller;
|
|
||||||
import java.io.File;
|
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This class represents the configuration that are needed for scopes to permission map.
|
|
||||||
*/
|
|
||||||
public class DeviceMgtScopesConfig {
|
|
||||||
|
|
||||||
private static DeviceMgtScopesConfig config = new DeviceMgtScopesConfig();
|
|
||||||
private static Map<String, String[]> actionPermissionMap = new HashMap<>();
|
|
||||||
|
|
||||||
private static final String DEVICE_MGT_SCOPES_CONFIG_PATH =
|
|
||||||
CarbonUtils.getEtcCarbonConfigDirPath() + File.separator + "device-mgt-scopes.xml";
|
|
||||||
|
|
||||||
private DeviceMgtScopesConfig() {
|
|
||||||
}
|
|
||||||
|
|
||||||
public static DeviceMgtScopesConfig getInstance() {
|
|
||||||
return config;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void init() throws DeviceMgtScopesConfigurationFailedException {
|
|
||||||
try {
|
|
||||||
File deviceMgtConfig = new File(DEVICE_MGT_SCOPES_CONFIG_PATH);
|
|
||||||
Document doc = OAuthExtUtils.convertToDocument(deviceMgtConfig);
|
|
||||||
|
|
||||||
/* Un-marshaling DeviceMGtScope configuration */
|
|
||||||
JAXBContext ctx = JAXBContext.newInstance(DeviceMgtScopes.class);
|
|
||||||
Unmarshaller unmarshaller = ctx.createUnmarshaller();
|
|
||||||
//unmarshaller.setSchema(getSchema());
|
|
||||||
DeviceMgtScopes deviceMgtScopes = (DeviceMgtScopes) unmarshaller.unmarshal(doc);
|
|
||||||
if (deviceMgtScopes != null) {
|
|
||||||
for (Action action : deviceMgtScopes.getAction()) {
|
|
||||||
Permissions permissions = action.getPermissions();
|
|
||||||
if (permissions != null) {
|
|
||||||
String permission[] = new String[permissions.getPermission().size()];
|
|
||||||
int i = 0;
|
|
||||||
for (String perm : permissions.getPermission()) {
|
|
||||||
permission[i] = perm;
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
actionPermissionMap.put(action.getName(), permission);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} catch (JAXBException e) {
|
|
||||||
throw new DeviceMgtScopesConfigurationFailedException("Error occurred while un-marshalling Device Scope" +
|
|
||||||
" Config", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public Map<String, String[]> getDeviceMgtScopePermissionMap() {
|
|
||||||
return actionPermissionMap;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,44 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.wso2.carbon.device.mgt.oauth.extensions.config;
|
|
||||||
|
|
||||||
public class DeviceMgtScopesConfigurationFailedException extends Exception {
|
|
||||||
|
|
||||||
private static final long serialVersionUID = -3151279312929070398L;
|
|
||||||
|
|
||||||
public DeviceMgtScopesConfigurationFailedException(String msg, Exception nestedEx) {
|
|
||||||
super(msg, nestedEx);
|
|
||||||
}
|
|
||||||
|
|
||||||
public DeviceMgtScopesConfigurationFailedException(String message, Throwable cause) {
|
|
||||||
super(message, cause);
|
|
||||||
}
|
|
||||||
|
|
||||||
public DeviceMgtScopesConfigurationFailedException(String msg) {
|
|
||||||
super(msg);
|
|
||||||
}
|
|
||||||
|
|
||||||
public DeviceMgtScopesConfigurationFailedException() {
|
|
||||||
super();
|
|
||||||
}
|
|
||||||
|
|
||||||
public DeviceMgtScopesConfigurationFailedException(Throwable cause) {
|
|
||||||
super(cause);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,78 +0,0 @@
|
|||||||
|
|
||||||
package org.wso2.carbon.device.mgt.oauth.extensions.config;
|
|
||||||
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.List;
|
|
||||||
import javax.xml.bind.annotation.XmlAccessType;
|
|
||||||
import javax.xml.bind.annotation.XmlAccessorType;
|
|
||||||
import javax.xml.bind.annotation.XmlElement;
|
|
||||||
import javax.xml.bind.annotation.XmlType;
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* <p>Java class for Permissions complex type.
|
|
||||||
*
|
|
||||||
* <p>The following schema fragment specifies the expected content contained within this class.
|
|
||||||
*
|
|
||||||
* <pre>
|
|
||||||
* <complexType name="Permissions">
|
|
||||||
* <complexContent>
|
|
||||||
* <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
|
|
||||||
* <sequence>
|
|
||||||
* <element name="Permission" maxOccurs="unbounded" minOccurs="0">
|
|
||||||
* <simpleType>
|
|
||||||
* <restriction base="{http://www.w3.org/2001/XMLSchema}string">
|
|
||||||
* <enumeration value="/permission/device-mgt/user/groups/device_operation"/>
|
|
||||||
* <enumeration value="/permission/device-mgt/groups"/>
|
|
||||||
* <enumeration value="/permission/device-mgt/user/groups"/>
|
|
||||||
* <enumeration value="/permission/device-mgt/user/groups/device_monitor"/>
|
|
||||||
* </restriction>
|
|
||||||
* </simpleType>
|
|
||||||
* </element>
|
|
||||||
* </sequence>
|
|
||||||
* </restriction>
|
|
||||||
* </complexContent>
|
|
||||||
* </complexType>
|
|
||||||
* </pre>
|
|
||||||
*
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
@XmlAccessorType(XmlAccessType.FIELD)
|
|
||||||
@XmlType(name = "Permissions", propOrder = {
|
|
||||||
"permission"
|
|
||||||
})
|
|
||||||
public class Permissions {
|
|
||||||
|
|
||||||
@XmlElement(name = "Permission")
|
|
||||||
protected List<String> permission;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets the value of the permission property.
|
|
||||||
*
|
|
||||||
* <p>
|
|
||||||
* This accessor method returns a reference to the live list,
|
|
||||||
* not a snapshot. Therefore any modification you make to the
|
|
||||||
* returned list will be present inside the JAXB object.
|
|
||||||
* This is why there is not a <CODE>set</CODE> method for the permission property.
|
|
||||||
*
|
|
||||||
* <p>
|
|
||||||
* For example, to add a new item, do as follows:
|
|
||||||
* <pre>
|
|
||||||
* getPermission().add(newItem);
|
|
||||||
* </pre>
|
|
||||||
*
|
|
||||||
*
|
|
||||||
* <p>
|
|
||||||
* Objects of the following type(s) are allowed in the list
|
|
||||||
* {@link String }
|
|
||||||
*
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
public List<String> getPermission() {
|
|
||||||
if (permission == null) {
|
|
||||||
permission = new ArrayList<String>();
|
|
||||||
}
|
|
||||||
return this.permission;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,31 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant;
|
|
||||||
|
|
||||||
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
|
|
||||||
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
|
|
||||||
import org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler;
|
|
||||||
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
|
|
||||||
|
|
||||||
public class ExtendedDeviceMgtJWTBearerGrantHandler extends JWTBearerGrantHandler {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
|
|
||||||
return OAuthExtUtils.validateScope(tokReqMsgCtx);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,59 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant;
|
|
||||||
|
|
||||||
import org.apache.commons.logging.Log;
|
|
||||||
import org.apache.commons.logging.LogFactory;
|
|
||||||
import org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler;
|
|
||||||
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
|
|
||||||
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
|
|
||||||
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
|
|
||||||
import org.wso2.carbon.identity.oauth2.model.RequestParameter;
|
|
||||||
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
|
|
||||||
|
|
||||||
@SuppressWarnings("unused")
|
|
||||||
public class ExtendedDeviceMgtPasswordGrantHandler extends ExtendedPasswordGrantHandler {
|
|
||||||
|
|
||||||
private static Log log = LogFactory.getLog(ExtendedDeviceMgtPasswordGrantHandler.class);
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
|
|
||||||
RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
|
|
||||||
for (RequestParameter parameter : parameters) {
|
|
||||||
switch (parameter.getKey()) {
|
|
||||||
case OAuthConstants.DEFAULT_USERNAME_IDENTIFIER:
|
|
||||||
String username = parameter.getValue()[0];
|
|
||||||
tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(username);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case OAuthConstants.DEFAULT_PASSWORD_IDENTIFIER:
|
|
||||||
String password = parameter.getValue()[0];
|
|
||||||
tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerPassword(password);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return super.validateGrant(tokReqMsgCtx);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) {
|
|
||||||
return OAuthExtUtils.validateScope(tokReqMsgCtx);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,38 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.wso2.carbon.device.mgt.oauth.extensions.validators;
|
|
||||||
|
|
||||||
import org.apache.oltu.oauth2.common.OAuth;
|
|
||||||
import org.apache.oltu.oauth2.common.validators.AbstractValidator;
|
|
||||||
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Grant validator for JSON Web Tokens
|
|
||||||
* For JWT Grant to be valid the required parameters are
|
|
||||||
* grant_type and assertion
|
|
||||||
*/
|
|
||||||
public class ExtendedDeviceJWTGrantValidator extends AbstractValidator<HttpServletRequest> {
|
|
||||||
|
|
||||||
public ExtendedDeviceJWTGrantValidator() {
|
|
||||||
requiredParams.add(OAuth.OAUTH_GRANT_TYPE);
|
|
||||||
requiredParams.add(OAuth.OAUTH_ASSERTION);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,37 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.wso2.carbon.device.mgt.oauth.extensions.validators;
|
|
||||||
|
|
||||||
import org.apache.oltu.oauth2.common.OAuth;
|
|
||||||
import org.apache.oltu.oauth2.common.validators.AbstractValidator;
|
|
||||||
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Grant validator for Device Object with Password Grant type
|
|
||||||
*/
|
|
||||||
public class ExtendedDevicePasswordGrantValidator extends AbstractValidator<HttpServletRequest> {
|
|
||||||
|
|
||||||
public ExtendedDevicePasswordGrantValidator() {
|
|
||||||
requiredParams.add(OAuth.OAUTH_USERNAME);
|
|
||||||
requiredParams.add(OAuth.OAUTH_PASSWORD);
|
|
||||||
requiredParams.add(OAuthConstants.DEFAULT_DEVICE_ASSERTION);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,112 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
||||||
*
|
|
||||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
|
||||||
* Version 2.0 (the "License"); you may not use this file except
|
|
||||||
* in compliance with the License.
|
|
||||||
* you may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.wso2.carbon.device.mgt.oauth.extensions.validators;
|
|
||||||
|
|
||||||
import org.apache.commons.logging.Log;
|
|
||||||
import org.apache.commons.logging.LogFactory;
|
|
||||||
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
|
|
||||||
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
|
|
||||||
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
|
|
||||||
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
|
|
||||||
import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder;
|
|
||||||
import org.wso2.carbon.identity.application.common.model.User;
|
|
||||||
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
|
|
||||||
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
|
|
||||||
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
|
|
||||||
import org.wso2.carbon.user.api.UserRealm;
|
|
||||||
import org.wso2.carbon.user.api.UserStoreException;
|
|
||||||
|
|
||||||
import java.util.Properties;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Custom OAuth2Token Scope validation implementation for DeviceManagement. This will validate the
|
|
||||||
* user permissions before dispatching the HTTP request to the actual endpoint.
|
|
||||||
*/
|
|
||||||
public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
|
|
||||||
|
|
||||||
private static final String URL_PROPERTY = "URL";
|
|
||||||
private static final String HTTP_METHOD_PROPERTY = "HTTP_METHOD";
|
|
||||||
|
|
||||||
public static final class PermissionMethod {
|
|
||||||
private PermissionMethod() {
|
|
||||||
throw new AssertionError();
|
|
||||||
}
|
|
||||||
|
|
||||||
public static final String READ = "read";
|
|
||||||
public static final String WRITE = "write";
|
|
||||||
public static final String DELETE = "delete";
|
|
||||||
public static final String ACTION = "action";
|
|
||||||
public static final String UI_EXECUTE = "ui.execute";
|
|
||||||
}
|
|
||||||
|
|
||||||
private static final Log log = LogFactory.getLog(PermissionBasedScopeValidator.class);
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean validateScope(AccessTokenDO accessTokenDO, String resource)
|
|
||||||
throws IdentityOAuth2Exception {
|
|
||||||
boolean status = true;
|
|
||||||
//Extract the url & http method
|
|
||||||
int idx = resource.lastIndexOf(':');
|
|
||||||
String url = resource.substring(0, idx);
|
|
||||||
String method = resource.substring(++idx, resource.length());
|
|
||||||
//This is to remove the url params for request path.
|
|
||||||
int urlParamIndex = url.indexOf('?');
|
|
||||||
if(urlParamIndex > 0) {
|
|
||||||
url = url.substring(0, urlParamIndex);
|
|
||||||
}
|
|
||||||
|
|
||||||
Properties properties = new Properties();
|
|
||||||
properties.put(PermissionBasedScopeValidator.URL_PROPERTY, url.toLowerCase());
|
|
||||||
properties.put(PermissionBasedScopeValidator.HTTP_METHOD_PROPERTY, method.toUpperCase());
|
|
||||||
PermissionManagerService permissionManagerService = OAuthExtensionsDataHolder.getInstance().
|
|
||||||
getPermissionManagerService();
|
|
||||||
try {
|
|
||||||
Permission permission = permissionManagerService.getPermission(properties);
|
|
||||||
User authzUser = accessTokenDO.getAuthzUser();
|
|
||||||
if ((permission != null) && (authzUser != null)) {
|
|
||||||
if (permission.getPath() == null) {
|
|
||||||
if (log.isDebugEnabled()) {
|
|
||||||
log.debug("Permission is not defined for the resource '" + resource + "'");
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
String username = authzUser.getUserName();
|
|
||||||
String userStore = authzUser.getUserStoreDomain();
|
|
||||||
int tenantId = OAuthExtUtils.getTenantId(authzUser.getTenantDomain());
|
|
||||||
UserRealm userRealm = OAuthExtensionsDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId);
|
|
||||||
if (userRealm != null && userRealm.getAuthorizationManager() != null) {
|
|
||||||
if (userStore != null) {
|
|
||||||
status = userRealm.getAuthorizationManager()
|
|
||||||
.isUserAuthorized(userStore + "/" + username, permission.getPath(),
|
|
||||||
PermissionMethod.UI_EXECUTE);
|
|
||||||
} else {
|
|
||||||
status = userRealm.getAuthorizationManager()
|
|
||||||
.isUserAuthorized(username, permission.getPath(), PermissionMethod.UI_EXECUTE);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} catch (PermissionManagementException e) {
|
|
||||||
log.error("Error occurred while validating the resource scope for : " + resource +
|
|
||||||
", Msg = " + e.getMessage(), e);
|
|
||||||
} catch (UserStoreException e) {
|
|
||||||
log.error("Error occurred while retrieving user store. " + e.getMessage());
|
|
||||||
}
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,51 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
|
||||||
<!--
|
|
||||||
~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
||||||
~
|
|
||||||
~ WSO2 Inc. licenses this file to you under the Apache License,
|
|
||||||
~ Version 2.0 (the "License"); you may not use this file except
|
|
||||||
~ in compliance with the License.
|
|
||||||
~ you may obtain a copy of the License at
|
|
||||||
~
|
|
||||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
~
|
|
||||||
~ Unless required by applicable law or agreed to in writing,
|
|
||||||
~ software distributed under the License is distributed on an
|
|
||||||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
~ KIND, either express or implied. See the License for the
|
|
||||||
~ specific language governing permissions and limitations
|
|
||||||
~ under the License.
|
|
||||||
-->
|
|
||||||
|
|
||||||
<!--This holds the scopes that are allowed by the device-mgt, The user require below permission to get the required scope-->
|
|
||||||
<!--These scopes are assigned after validating with device-mgt specific grant types-->
|
|
||||||
<DeviceMgtScopes>
|
|
||||||
<Action name="mqtt-publisher">
|
|
||||||
<Permissions>
|
|
||||||
<Permission>/permission/device-mgt/user/groups/device_operation</Permission>
|
|
||||||
<Permission>/permission/device-mgt/admin/groups</Permission>
|
|
||||||
<Permission>/permission/device-mgt/user/groups</Permission>
|
|
||||||
</Permissions>
|
|
||||||
</Action>
|
|
||||||
<Action name="mqtt-subscriber">
|
|
||||||
<Permissions>
|
|
||||||
<Permission>/permission/device-mgt/user/groups/device_monitor</Permission>
|
|
||||||
<Permission>/permission/device-mgt/admin/groups</Permission>
|
|
||||||
<Permission>/permission/device-mgt/user/groups</Permission>
|
|
||||||
</Permissions>
|
|
||||||
</Action>
|
|
||||||
<Action name="stats">
|
|
||||||
<Permissions>
|
|
||||||
<Permission>/permission/device-mgt/user/groups/device_monitor</Permission>
|
|
||||||
<Permission>/permission/device-mgt/admin/groups</Permission>
|
|
||||||
<Permission>/permission/device-mgt/user/groups</Permission>
|
|
||||||
</Permissions>
|
|
||||||
</Action>
|
|
||||||
<Action name="operation">
|
|
||||||
<Permissions>
|
|
||||||
<Permission>/permission/device-mgt/user/groups/device_operation</Permission>
|
|
||||||
<Permission>/permission/device-mgt/admin/groups</Permission>
|
|
||||||
<Permission>/permission/device-mgt/user/groups</Permission>
|
|
||||||
</Permissions>
|
|
||||||
</Action>
|
|
||||||
</DeviceMgtScopes>
|
|
@ -1,2 +1 @@
|
|||||||
instructions.configure = \
|
instructions.configure = \
|
||||||
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.oauth.extensions_${feature.version}/device-mgt-scopes.xml,target:${installFolder}/../../conf/etc/device-mgt-scopes.xml,overwrite:true);\
|
|
||||||
|
Loading…
Reference in new issue