Implemented scope based authorization

milanperera · Jul 3, 2016 · 49623a4 · 49623a4
1 parent 59028f9
commit 49623a4
Show file tree

Hide file tree

Showing 32 changed files with 636 additions and 351 deletions.
diff --git a/...n.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java b/...n.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Permission.java
@@ -40,6 +40,6 @@
      * Represents the associated permissions.
      * @return Returns list of permissions.
      */
-    String[] permissions();
+    String[] roles();
 
 }
diff --git a/...src/main/java/org/wso2/carbon/apimgt/webapp/publisher/config/PermissionConfiguration.java b/...src/main/java/org/wso2/carbon/apimgt/webapp/publisher/config/PermissionConfiguration.java
@@ -24,7 +24,7 @@
 public class PermissionConfiguration {
 
     private String scopeName;
-    private String[] permissions;
+    private String[] roles;
 
     public String getScopeName() {
         return scopeName;
@@ -34,12 +34,12 @@ public void setScopeName(String scope) {
         this.scopeName = scope;
     }
 
-    public String[] getPermissions() {
-        return permissions;
+    public String[] getRoles() {
+        return roles;
     }
 
-    public void setPermissions(String[] permissions) {
-        this.permissions = permissions;
+    public void setRoles(String[] roles) {
+        this.roles = roles;
     }
 
 }
diff --git a/...main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java b/...main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java
@@ -19,12 +19,10 @@
 package org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util;
 
 import org.apache.catalina.core.StandardContext;
-import org.apache.commons.lang.ArrayUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.scannotation.AnnotationDB;
-import org.scannotation.WarUrlFinder;
 import org.wso2.carbon.apimgt.annotations.api.API;
 import org.wso2.carbon.apimgt.annotations.api.Permission;
 import org.wso2.carbon.apimgt.api.model.Scope;
@@ -36,11 +34,14 @@
 
 import javax.servlet.ServletContext;
 import javax.ws.rs.*;
+import java.io.File;
 import java.io.IOException;
 import java.lang.annotation.Annotation;
 import java.lang.reflect.InvocationHandler;
 import java.lang.reflect.Method;
 import java.lang.reflect.Proxy;
+import java.net.MalformedURLException;
+import java.net.URI;
 import java.net.URL;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
@@ -58,13 +59,9 @@ public class AnnotationProcessor {
     private static final String WILD_CARD = "/*";
 
     private static final String AUTH_TYPE = "Any";
-    private static final String PROTOCOL_HTTP = "http";
-    private static final String SERVER_HOST = "carbon.local.ip";
-    private static final String HTTP_PORT = "httpPort";
     private static final String STRING_ARR = "string_arr";
     private static final String STRING = "string";
 
-    private StandardContext context;
     private Method[] pathClazzMethods;
     private Class<Path> pathClazz;
     Class<API> apiClazz;
@@ -73,7 +70,6 @@ public class AnnotationProcessor {
 
 
     public AnnotationProcessor(final StandardContext context) {
-        this.context = context;
         servletContext = context.getServletContext();
         classLoader = servletContext.getClassLoader();
     }
@@ -90,11 +86,8 @@ public Set<String> scanStandardContext(String className) throws IOException {
         db.addIgnoredPackages(PACKAGE_ORG_CODEHAUS);
         db.addIgnoredPackages(PACKAGE_ORG_SPRINGFRAMEWORK);
 
-        URL[] libPath = WarUrlFinder.findWebInfLibClasspaths(servletContext);
-        URL classPath = WarUrlFinder.findWebInfClassesPath(servletContext);
-        URL[] urls = (URL[]) ArrayUtils.add(libPath, libPath.length, classPath);
-
-        db.scanArchives(urls);
+        URL classPath = findWebInfClassesPath(servletContext);
+        db.scanArchives(classPath);
 
         //Returns a list of classes with given Annotation
         return db.getAnnotationIndex().get(className);
@@ -142,7 +135,7 @@ public APIResourceConfiguration run() {
                                             pathClazzMethods = pathClazz.getMethods();
 
                                             Annotation rootContectAnno = clazz.getAnnotation(pathClazz);
-                                            String subContext = "";
+                                            String subContext;
                                             if (rootContectAnno != null) {
                                                 subContext = invokeMethod(pathClazzMethods[0], rootContectAnno, STRING);
                                                 if (subContext != null && !subContext.isEmpty()) {
@@ -151,8 +144,6 @@ public APIResourceConfiguration run() {
                                                     } else {
                                                         rootContext = rootContext + "/" + subContext;
                                                     }
-                                                } else {
-                                                    subContext = "";
                                                 }
                                                 if (log.isDebugEnabled()) {
                                                     log.debug("API Root  Context = " + rootContext);
@@ -167,7 +158,7 @@ public APIResourceConfiguration run() {
                                         }
                                     }
                                 } catch (ClassNotFoundException e) {
-                                    log.error("Error when passing the api annotation for device type apis.");
+                                    log.error("Error when passing the api annotation for device type apis.", e);
                                 }
                                 return apiResourceConfig;
                             }
@@ -259,7 +250,7 @@ private List<APIResource> getApiResources(String resourceRootContext, Method[] a
                             scope.setKey(permissionConf.getScopeName());
                             scope.setDescription(permissionConf.getScopeName());
                             scope.setName(permissionConf.getScopeName());
-                            String roles = StringUtils.join(permissionConf.getPermissions(), ",");
+                            String roles = StringUtils.join(permissionConf.getRoles(), ",");
                             scope.setRoles(roles);
                             resource.setScope(scope);
                         }
@@ -369,10 +360,10 @@ private PermissionConfiguration getPermission(Method currentMethod) throws Throw
                     case "scope":
                         permissionConf.setScopeName(invokeMethod(method, permissionAnnotation, STRING));
                         break;
-                    case "permissions":
-                        String permissions[] = invokeMethod(method, permissionAnnotation);
-                        this.addPermission(permissions);
-                        permissionConf.setPermissions(permissions);
+                    case "roles":
+                        String roles[] = invokeMethod(method, permissionAnnotation);
+                        this.addPermission(roles);
+                        permissionConf.setRoles(roles);
                         break;
                 }
             }
@@ -387,4 +378,29 @@ private void addPermission(String[] permissions) throws PermissionManagementExce
         }
     }
 
+
+    /**
+     * Find the URL pointing to "/WEB-INF/classes"  This method may not work in conjunction with IteratorFactory
+     * if your servlet container does not extract the /WEB-INF/classes into a real file-based directory
+     *
+     * @param servletContext
+     * @return null if cannot determin /WEB-INF/classes
+     */
+    public static URL findWebInfClassesPath(ServletContext servletContext)
+    {
+        String path = servletContext.getRealPath("/WEB-INF/classes");
+        if (path == null) return null;
+        File fp = new File(path);
+        if (fp.exists() == false) return null;
+        try
+        {
+            URI uri = fp.toURI();
+            return uri.toURL();
+        }
+        catch (MalformedURLException e)
+        {
+            throw new RuntimeException(e);
+        }
+    }
+
 }
diff --git a/...gt.api/src/main/java/org/wso2/carbon/certificate/mgt/jaxrs/api/CertificateMgtService.java b/...gt.api/src/main/java/org/wso2/carbon/certificate/mgt/jaxrs/api/CertificateMgtService.java
@@ -46,7 +46,7 @@ public interface CertificateMgtService {
                             message = "Internal Server Error. \n Error occurred while retrieving signed certificate.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "sign-csr", permissions = {"/permission/admin/device-mgt/scep/sign-csr"})
+    @Permission(scope = "sign-csr", roles = {"emm-admin"})
     Response getSignedCertFromCSR(
             @ApiParam(
                     name = "If-Modified-Since",

diff --git a/...ava/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java b/...ava/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java
@@ -72,7 +72,7 @@ public interface CertificateManagementAdminService {
                             message = "Internal Server Error. \n Server error occurred while adding certificates.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "certificate-modify", permissions = {"/permission/admin/device-mgt/certificate/save"})
+    @Permission(scope = "certificate-modify", roles = {"admin"})
     Response addCertificate(
             @ApiParam(
                     name = "enrollmentCertificates",
@@ -130,7 +130,7 @@ Response addCertificate(
                             "Server error occurred while retrieving information requested certificate.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "certificate-view", permissions = {"/permission/admin/device-mgt/certificate/view"})
+    @Permission(scope = "certificate-view", roles = {"emm-admin"})
     Response getCertificate(
             @ApiParam(name = "serialNumber",
                     value = "Provide the serial number of the certificate that you wish to get the details of",
@@ -202,7 +202,7 @@ Response getCertificate(
                             "Server error occurred while retrieving all certificates enrolled in the system.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "certificate-view", permissions = {"/permission/admin/device-mgt/certificate/view"})
+    @Permission(scope = "certificate-view", roles = {"emm-admin"})
     Response getAllCertificates(
             @ApiParam(
                     name = "offset",
@@ -245,7 +245,7 @@ Response getAllCertificates(
                     message = "Internal Server Error. \n " +
                             "Server error occurred while removing the certificate.",
                     response = ErrorResponse.class)})
-    @Permission(scope = "certificate-modify", permissions = {"/permission/admin/device-mgt/certificate/remove"})
+    @Permission(scope = "certificate-modify", roles = {"emm-admin"})
     Response removeCertificate(
             @ApiParam(
                     name = "serialNumber",

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml
@@ -46,7 +46,7 @@
                 <artifactId>maven-war-plugin</artifactId>
                 <configuration>
                     <packagingExcludes>WEB-INF/lib/*cxf*.jar</packagingExcludes>
-                    <warName>api#device-mgt#v1.0</warName>
+                    <warName>api-device-mgt-v1.0</warName>
                 </configuration>
             </plugin>
         </plugins>
@@ -72,7 +72,7 @@
                                     <tasks>
                                         <copy todir="${basedir}/../../../repository/deployment/server/webapps" overwrite="true">
                                             <fileset dir="${basedir}/target">
-                                                <include name="api#device-mgt#v1.0.war" />
+                                                <include name="api-device-mgt-v1.0.war" />
                                             </fileset>
                                         </copy>
                                     </tasks>

diff --git a/...c/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java b/...c/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java
@@ -32,7 +32,7 @@
 /**
  * Activity related REST-API implementation.
  */
-@API(name = "Activities", version = "1.0.0", context = "/devicemgt_admin/activities", tags = {"devicemgt_admin"})
+@API(name = "Activity Info Provider", version = "1.0.0", context = "/api-device-mgt-v1.0/activities", tags = {"devicemgt_admin"})
 
 @Path("/activities")
 @Api(value = "Activity Info Provider", description = "Activity related information manipulation. For example operation details " +
@@ -91,7 +91,7 @@ public interface ActivityInfoProviderService {
                     message = "Internal Server ErrorResponse. \n Server error occurred while fetching activity data.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "activity-view", permissions = {"/permission/admin/device-mgt/admin/activities/view"})
+    @Permission(scope = "activity-view", roles = {"emm-user", "emm-admin"})
     Response getActivity(
             @ApiParam(
                     name = "id",
@@ -147,7 +147,7 @@ Response getActivity(
                     message = "Internal Server ErrorResponse. \n Server error occurred while fetching activity data.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "activity-view", permissions = {"/permission/admin/device-mgt/admin/activities/view"})
+    @Permission(scope = "activity-view", roles = {"emm-admin"})
     Response getActivities(
             @ApiParam(
                     name = "since",

diff --git a/...ain/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java b/...ain/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java
@@ -31,7 +31,7 @@
 /**
  * General Tenant Configuration REST-API.
  */
-@API(name = "Configuration", version = "1.0.0", context = "/devicemgt_admin/configuration", tags = {"devicemgt_admin"})
+@API(name = "Configuration Management", version = "1.0.0", context = "/api-device-mgt-v1.0/configuration", tags = {"devicemgt_admin"})
 
 @Path("/configuration")
 @Api(value = "Configuration Management", description = "General Tenant Configuration management capabilities are exposed " +
@@ -78,8 +78,7 @@ public interface ConfigurationManagementService {
                             "platform configuration.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "configuration-view",
-            permissions = {"/permission/admin/device-mgt/admin/platform-configs/view"})
+    @Permission(scope = "configuration-view", roles = {"emm-admin"})
     Response getConfiguration(
             @ApiParam(
                     name = "If-Modified-Since",
@@ -126,8 +125,7 @@ Response getConfiguration(
                             "Server error occurred while modifying general platform configuration.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "configuration-modify",
-            permissions = {"/permission/admin/device-mgt/admin/platform-configs/modify"})
+    @Permission(scope = "configuration-modify", roles = {"emm-admin"})
     Response updateConfiguration(
             @ApiParam(
                     name = "configuration",