Add permissions and scopes.

wso2 · Dec 1, 2024 · 02c6b59 · 02c6b59
1 parent f1a771d
commit 02c6b59
Show file tree

Hide file tree

Showing 11 changed files with 92 additions and 43 deletions.
diff --git a/...n/src/main/java/org/wso2/carbon/identity/application/common/cache/AuthenticatorCache.java b/...n/src/main/java/org/wso2/carbon/identity/application/common/cache/AuthenticatorCache.java
@@ -22,7 +22,7 @@
 import org.wso2.carbon.utils.CarbonUtils;
 
 /**
- * Cache for the Local Application Authenticator configurations.
+ * Cache for the user defined local application authenticator configurations.
  */
 public class AuthenticatorCache extends BaseCache<AuthenticatorCacheKey, AuthenticatorCacheEntry> {
 

diff --git a/.../main/java/org/wso2/carbon/identity/application/common/cache/AuthenticatorCacheEntry.java b/.../main/java/org/wso2/carbon/identity/application/common/cache/AuthenticatorCacheEntry.java
@@ -22,7 +22,7 @@
 import org.wso2.carbon.identity.core.cache.CacheEntry;
 
 /**
- * Cache Entry for the User Defined Local Application Authenticator configurations.
+ * Cache Entry for the user defined local application authenticator configurations.
  */
 public class AuthenticatorCacheEntry extends CacheEntry {
 

diff --git a/...rc/main/java/org/wso2/carbon/identity/application/common/cache/AuthenticatorCacheKey.java b/...rc/main/java/org/wso2/carbon/identity/application/common/cache/AuthenticatorCacheKey.java
@@ -21,7 +21,7 @@
 import org.wso2.carbon.identity.core.cache.CacheKey;
 
 /**
- * Cache key for the Local Application Authenticator configurations.
+ * Cache key for the user defined local application authenticator configurations.
  */
 public class AuthenticatorCacheKey extends CacheKey {
 

diff --git a/...main/java/org/wso2/carbon/identity/application/common/dao/AuthenticatorManagementDAO.java b/...main/java/org/wso2/carbon/identity/application/common/dao/AuthenticatorManagementDAO.java
@@ -25,28 +25,27 @@
 import java.util.List;
 
 /**
- * This interface performs CRUD operations for the User defined Local Application Authenticator configurations.
+ * This interface performs CRUD operations for the user defined local application authenticator configurations.
  */
 public interface AuthenticatorManagementDAO {
 
     /**
-     * Create a new user defined Local Application Authenticator configuration.
+     * Create a new user defined local application authenticator configuration.
      *
-     * @param authenticatorConfig   Local Application Authenticator configuration.
+     * @param authenticatorConfig   Local application authenticator configuration.
      * @param tenantId              Tenant Id.
      *
      * @return Created UserDefinedLocalAuthenticatorConfig.
      * @throws AuthenticatorMgtException If an error occurs while adding the authenticator configuration.
      */
     UserDefinedLocalAuthenticatorConfig addUserDefinedLocalAuthenticator(
-            UserDefinedLocalAuthenticatorConfig authenticatorConfig, int tenantId, AuthenticationType type)
-            throws AuthenticatorMgtException;
+            UserDefinedLocalAuthenticatorConfig authenticatorConfig, int tenantId) throws AuthenticatorMgtException;
 
     /**
-     * Update a user defined Local Application Authenticator configuration.
+     * Update a user defined local application authenticator configuration.
      *
-     * @param existingAuthenticatorConfig   Existing  Local Application Authenticator configuration.
-     * @param updatedAuthenticatorConfig    New Local Application Authenticator configuration.
+     * @param existingAuthenticatorConfig   Existing Local application authenticator configuration.
+     * @param updatedAuthenticatorConfig    New local application authenticator configuration.
      * @param tenantId                      Tenant Id.
      *
      * @return Updated UserDefinedLocalAuthenticatorConfig.
@@ -60,7 +59,7 @@ UserDefinedLocalAuthenticatorConfig updateUserDefinedLocalAuthenticator(
     /**
      * Retrieve a Local user defined Application Authenticator configuration by name.
      *
-     * @param authenticatorConfigName   Name of the Local Application Authenticator configuration.
+     * @param authenticatorConfigName   Name of the local application authenticator configuration.
      * @param tenantId                  Tenant Id.
      *
      * @return Retrieved UserDefinedLocalAuthenticatorConfig
@@ -70,7 +69,7 @@ UserDefinedLocalAuthenticatorConfig getUserDefinedLocalAuthenticator(
             String authenticatorConfigName, int tenantId) throws AuthenticatorMgtException;
 
     /**
-     * Retrieve all user defined Local Application Authenticator configurations.
+     * Retrieve all user defined local application authenticator configurations.
      *
      * @param tenantId                  Tenant Id.
      *
@@ -81,9 +80,9 @@ List<UserDefinedLocalAuthenticatorConfig> getAllUserDefinedLocalAuthenticator(in
             throws AuthenticatorMgtException;
 
     /**
-     * Create a new Local Application Authenticator configuration.
+     * Create a new user defined local application authenticator configuration.
      *
-     * @param authenticatorConfigName   Name of the Local Application Authenticator configuration.
+     * @param authenticatorConfigName   Name of the local application authenticator configuration.
      * @param tenantId                  Tenant Id.
      *
      * @throws AuthenticatorMgtException If an error occurs while deleting the authenticator configuration.

diff --git a/.../org/wso2/carbon/identity/application/common/dao/impl/AuthenticatorManagementDAOImpl.java b/.../org/wso2/carbon/identity/application/common/dao/impl/AuthenticatorManagementDAOImpl.java
@@ -52,16 +52,15 @@ public class AuthenticatorManagementDAOImpl implements AuthenticatorManagementDA
 
     @Override
     public UserDefinedLocalAuthenticatorConfig addUserDefinedLocalAuthenticator(
-            UserDefinedLocalAuthenticatorConfig authenticatorConfig,
-            int tenantId, AuthenticationType type) throws AuthenticatorMgtException {
+            UserDefinedLocalAuthenticatorConfig authenticatorConfig, int tenantId) throws AuthenticatorMgtException {
 
         Connection dbConnection = IdentityDatabaseUtil.getDBConnection(true);
 
         try (NamedPreparedStatement statement = new NamedPreparedStatement(dbConnection, Query.ADD_AUTHENTICATOR_SQL)) {
             statement.setString(Column.NAME, authenticatorConfig.getName());
             statement.setString(Column.DISPLAY_NAME, authenticatorConfig.getDisplayName());
             statement.setString(Column.DEFINED_BY, authenticatorConfig.getDefinedByType().toString());
-            statement.setString(Column.AUTHENTICATION_TYPE, type.toString());
+            statement.setString(Column.AUTHENTICATION_TYPE, authenticatorConfig.getAuthenticationType().toString());
             statement.setInt(Column.IS_ENABLED, authenticatorConfig.isEnabled() ? 1 : 0);
             statement.setString(Column.IDP_NAME, LOCAL_IDP_NAME);
             statement.setInt(Column.TENANT_ID, tenantId);
@@ -77,7 +76,7 @@ public UserDefinedLocalAuthenticatorConfig addUserDefinedLocalAuthenticator(
             IdentityDatabaseUtil.commitTransaction(dbConnection);
 
             return getUserDefinedLocalAuthenticatorByName(dbConnection, authenticatorConfig.getName(), tenantId);
-        } catch (SQLException | AuthenticatorMgtException e) {
+        } catch (SQLException e) {
             if (LOG.isDebugEnabled()) {
                 LOG.debug(String.format("Error while adding the authenticator: %s in tenant domain: %s. " +
                                 "Rolling back added Authenticator information.", authenticatorConfig.getName(),

diff --git a/...a/org/wso2/carbon/identity/application/common/dao/impl/AuthenticatorManagementFacade.java b/...a/org/wso2/carbon/identity/application/common/dao/impl/AuthenticatorManagementFacade.java
@@ -18,6 +18,7 @@
 
 package org.wso2.carbon.identity.application.common.dao.impl;
 
+import org.wso2.carbon.identity.application.common.dao.AuthenticatorManagementDAO;
 import org.wso2.carbon.identity.application.common.exception.AuthenticatorMgtException;
 import org.wso2.carbon.identity.application.common.model.UserDefinedLocalAuthenticatorConfig;
 import org.wso2.carbon.identity.application.common.util.UserDefinedAuthenticatorEndpointConfigManager;
@@ -29,34 +30,35 @@
  * This class responsible for managing authenticator endpoint configurations for the user defined local
  * authenticators.
  */
-public class AuthenticatorManagementFacade {
+public class AuthenticatorManagementFacade implements AuthenticatorManagementDAO {
 
-    private final AuthenticatorManagementDAOImpl dao;
+    private final AuthenticatorManagementDAO dao;
     private UserDefinedAuthenticatorEndpointConfigManager endpointConfigManager =
             new UserDefinedAuthenticatorEndpointConfigManager();
 
-    public AuthenticatorManagementFacade(AuthenticatorManagementDAOImpl dao) {
+    public AuthenticatorManagementFacade(AuthenticatorManagementDAO dao) {
 
         this.dao = dao;
     }
 
+    @Override
     public UserDefinedLocalAuthenticatorConfig addUserDefinedLocalAuthenticator(
-            UserDefinedLocalAuthenticatorConfig authenticatorConfig,
-            int tenantId, AuthenticatorPropertyConstants.AuthenticationType type) throws AuthenticatorMgtException {
+            UserDefinedLocalAuthenticatorConfig authenticatorConfig, int tenantId) throws AuthenticatorMgtException {
 
         endpointConfigManager.addEndpointConfigurations(authenticatorConfig, tenantId);
         try {
-            return dao.addUserDefinedLocalAuthenticator(authenticatorConfig, tenantId, type);
+            return dao.addUserDefinedLocalAuthenticator(authenticatorConfig, tenantId);
         } catch (AuthenticatorMgtException e) {
             endpointConfigManager.deleteEndpointConfigurations(authenticatorConfig, tenantId);
             throw e;
         }
     }
-
-    public UserDefinedLocalAuthenticatorConfig updateUserDefinedLocalAuthenticator(UserDefinedLocalAuthenticatorConfig 
-            existingAuthenticatorConfig, UserDefinedLocalAuthenticatorConfig newAuthenticatorConfig, 
+
+    @Override
+    public UserDefinedLocalAuthenticatorConfig updateUserDefinedLocalAuthenticator(UserDefinedLocalAuthenticatorConfig
+            existingAuthenticatorConfig, UserDefinedLocalAuthenticatorConfig newAuthenticatorConfig,
             int tenantId) throws AuthenticatorMgtException {
-        
+
         endpointConfigManager.updateEndpointConfigurations(newAuthenticatorConfig, existingAuthenticatorConfig,
                 tenantId);
         try {
@@ -68,15 +70,17 @@ public UserDefinedLocalAuthenticatorConfig updateUserDefinedLocalAuthenticator(U
             throw e;
         }
     }
-
+
+    @Override
     public UserDefinedLocalAuthenticatorConfig getUserDefinedLocalAuthenticator(
             String authenticatorConfigName, int tenantId) throws AuthenticatorMgtException {
 
         UserDefinedLocalAuthenticatorConfig config = dao.getUserDefinedLocalAuthenticator(authenticatorConfigName,
                     tenantId);
         return endpointConfigManager.resolveEndpointConfigurations(config, tenantId);
     }
-
+
+    @Override
     public List<UserDefinedLocalAuthenticatorConfig> getAllUserDefinedLocalAuthenticator(int tenantId)
             throws AuthenticatorMgtException {
 
@@ -86,10 +90,11 @@ public List<UserDefinedLocalAuthenticatorConfig> getAllUserDefinedLocalAuthentic
         }
         return configList;
     }
-
+
+    @Override
     public void deleteUserDefinedLocalAuthenticator(String authenticatorConfigName, UserDefinedLocalAuthenticatorConfig
             authenticatorConfig, int tenantId) throws AuthenticatorMgtException {
-        
+
         endpointConfigManager.deleteEndpointConfigurations(authenticatorConfig, tenantId);
         try {
             dao.deleteUserDefinedLocalAuthenticator(authenticatorConfigName, authenticatorConfig, tenantId);

diff --git a/.../org/wso2/carbon/identity/application/common/dao/impl/CacheBackedAuthenticatorMgtDAO.java b/.../org/wso2/carbon/identity/application/common/dao/impl/CacheBackedAuthenticatorMgtDAO.java
@@ -37,21 +37,20 @@ public class CacheBackedAuthenticatorMgtDAO implements AuthenticatorManagementDA
 
     private static final Log LOG = LogFactory.getLog(CacheBackedAuthenticatorMgtDAO.class);
     private final AuthenticatorCache authenticatorCache;
-    private final AuthenticatorManagementDAO authenticatorManagementDAO;
+    private final AuthenticatorManagementFacade authenticatorMgtFacade;
 
     public CacheBackedAuthenticatorMgtDAO(AuthenticatorManagementDAO authenticatorManagementDAO) {
 
-        this.authenticatorManagementDAO = authenticatorManagementDAO;
+        authenticatorMgtFacade = new AuthenticatorManagementFacade(authenticatorManagementDAO);
         authenticatorCache = AuthenticatorCache.getInstance();
     }
 
     @Override
     public UserDefinedLocalAuthenticatorConfig addUserDefinedLocalAuthenticator(
-            UserDefinedLocalAuthenticatorConfig authenticatorConfig,
-            int tenantId, AuthenticationType type) throws AuthenticatorMgtException {
+            UserDefinedLocalAuthenticatorConfig authenticatorConfig, int tenantId) throws AuthenticatorMgtException {
 
-        UserDefinedLocalAuthenticatorConfig createdConfig = authenticatorManagementDAO.addUserDefinedLocalAuthenticator(
-                authenticatorConfig, tenantId, type);
+        UserDefinedLocalAuthenticatorConfig createdConfig = authenticatorMgtFacade.addUserDefinedLocalAuthenticator(
+                authenticatorConfig, tenantId);
 
         AuthenticatorCacheKey cacheKey = new AuthenticatorCacheKey(authenticatorConfig.getName());
         authenticatorCache.addToCache(cacheKey, new AuthenticatorCacheEntry(createdConfig), tenantId);
@@ -66,7 +65,7 @@ public UserDefinedLocalAuthenticatorConfig updateUserDefinedLocalAuthenticator(U
         AuthenticatorCacheKey cacheKey = new AuthenticatorCacheKey(existingAuthenticatorConfig.getName());
         authenticatorCache.clearCacheEntry(cacheKey, tenantId);
 
-        return authenticatorManagementDAO.updateUserDefinedLocalAuthenticator(
+        return authenticatorMgtFacade.updateUserDefinedLocalAuthenticator(
                 existingAuthenticatorConfig, newAuthenticatorConfig, tenantId);
     }
 
@@ -81,22 +80,22 @@ public UserDefinedLocalAuthenticatorConfig getUserDefinedLocalAuthenticator(
             return entry.getAuthenticatorConfig();
         }
 
-        return authenticatorManagementDAO.getUserDefinedLocalAuthenticator(authenticatorConfigName, tenantId);
+        return authenticatorMgtFacade.getUserDefinedLocalAuthenticator(authenticatorConfigName, tenantId);
     }
 
     @Override
     public List<UserDefinedLocalAuthenticatorConfig> getAllUserDefinedLocalAuthenticator(int tenantId)
             throws AuthenticatorMgtException {
 
-        return authenticatorManagementDAO.getAllUserDefinedLocalAuthenticator(tenantId);
+        return authenticatorMgtFacade.getAllUserDefinedLocalAuthenticator(tenantId);
     }
 
     @Override
     public void deleteUserDefinedLocalAuthenticator(String authenticatorConfigName, 
             UserDefinedLocalAuthenticatorConfig authenticatorConfig, int tenantId) throws AuthenticatorMgtException {
 
         authenticatorCache.clearCacheEntry(new AuthenticatorCacheKey(authenticatorConfigName), tenantId);
-        authenticatorManagementDAO.deleteUserDefinedLocalAuthenticator(authenticatorConfigName, authenticatorConfig,
+        authenticatorMgtFacade.deleteUserDefinedLocalAuthenticator(authenticatorConfigName, authenticatorConfig,
                 tenantId);
     }
 }
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml
@@ -2308,6 +2308,19 @@
             <Scopes>internal_action_mgt_view</Scopes>
         </Resource>
 
+        <Resource context="(.*)api/server/v1/authenticators/custom(.*)" secured="true" http-method="POST">
+            <Permissions>/permission/admin/manage/custom_authenticator/create</Permissions>
+            <Scopes>internal_custom_authenticator_create</Scopes>
+        </Resource>
+        <Resource context="(.*)api/server/v1/authenticators/custom(.*)" secured="true" http-method="PUT">
+            <Permissions>/permission/admin/manage/custom_authenticator/update</Permissions>
+            <Scopes>internal_custom_authenticator_update</Scopes>
+        </Resource>
+        <Resource context="(.*)api/server/v1/authenticators/custom(.*)" secured="true" http-method="DELETE">
+            <Permissions>/permission/admin/manage/custom_authenticator/delete</Permissions>
+            <Scopes>internal_custom_authenticator_delete</Scopes>
+        </Resource>
+
         <Resource context="/carbon(.*)" secured="false" http-method="all"/>
         <Resource context="(.*)/myaccount(.*)" secured="false" http-method="all"/>
         <Resource context="(.*)/console(.*)" secured="false" http-method="all"/>

diff --git a/...ures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2 b/...ures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
@@ -3562,6 +3562,18 @@
             <Scopes>internal_action_mgt_view</Scopes>
         </Resource>
 
+        <Resource context="(.*)api/server/v1/authenticators/custom(.*)" secured="true" http-method="POST">
+            <Permissions>/permission/admin/manage/custom_authenticator/create</Permissions>
+            <Scopes>internal_custom_authenticator_create</Scopes>
+        </Resource>
+        <Resource context="(.*)api/server/v1/authenticators/custom(.*)" secured="true" http-method="PUT">
+            <Permissions>/permission/admin/manage/custom_authenticator/update</Permissions>
+            <Scopes>internal_custom_authenticator_update</Scopes>
+        </Resource>
+        <Resource context="(.*)api/server/v1/authenticators/custom(.*)" secured="true" http-method="DELETE">
+            <Permissions>/permission/admin/manage/custom_authenticator/delete</Permissions>
+            <Scopes>internal_custom_authenticator_delete</Scopes>
+        </Resource>
 
         <Resource context="/carbon(.*)" secured="false" http-method="all"/>
         <Resource context="(.*)/myaccount(.*)" secured="false" http-method="all"/>

diff --git a/...ore/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml b/...ore/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml
@@ -1199,6 +1199,17 @@
         <Scopes>internal_action_mgt_view</Scopes>
     </Resource>
 
+    <!-- User Defined local authenticator API -->
+    <Resource context="(.*)api/server/v1/authenticators/custom(.*)" secured="true" http-method="POST">
+        <Scopes>internal_custom_authenticator_create</Scopes>
+    </Resource>
+    <Resource context="(.*)api/server/v1/authenticators/custom(.*)" secured="true" http-method="PUT">
+        <Scopes>internal_custom_authenticator_update</Scopes>
+    </Resource>
+    <Resource context="(.*)api/server/v1/authenticators/custom(.*)" secured="true" http-method="DELETE">
+        <Scopes>internal_custom_authenticator_delete</Scopes>
+    </Resource>
+
     <Resource context="/carbon(.*)" secured="false" http-method="all"/>
     <Resource context="(.*)/myaccount(.*)" secured="false" http-method="all"/>
     <Resource context="(.*)/console(.*)" secured="false" http-method="all"/>

diff --git a/.../org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml.j2 b/.../org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml.j2
@@ -1255,6 +1255,17 @@
              <Scopes>internal_action_mgt_view</Scopes>
          </Resource>
 
+         <!-- User Defined local authenticator API -->
+         <Resource context="(.*)api/server/v1/authenticators/custom(.*)" secured="true" http-method="POST">
+             <Scopes>internal_custom_authenticator_create</Scopes>
+         </Resource>
+         <Resource context="(.*)api/server/v1/authenticators/custom(.*)" secured="true" http-method="PUT">
+             <Scopes>internal_custom_authenticator_update</Scopes>
+         </Resource>
+         <Resource context="(.*)api/server/v1/authenticators/custom(.*)" secured="true" http-method="DELETE">
+             <Scopes>internal_custom_authenticator_delete</Scopes>
+         </Resource>
+
         <Resource context="/carbon(.*)" secured="false" http-method="all"/>
         <Resource context="(.*)/myaccount(.*)" secured="false" http-method="all"/>
         <Resource context="(.*)/console(.*)" secured="false" http-method="all"/>