From d04e3b0823deec77cc11012f062bac500e98c690 Mon Sep 17 00:00:00 2001 From: Thamindu Aluthwala Date: Tue, 5 Sep 2023 09:28:39 +0530 Subject: [PATCH 1/3] Add authorized API implementation --- .../api/resource/mgt/APIResourceManager.java | 10 + .../resource/mgt/APIResourceManagerImpl.java | 6 + .../common/model/AuthorizedAPI.java | 136 +++++++ .../common/model/AuthorizedScopes.java | 81 ++++ .../pom.xml | 6 + .../application/mgt/ApplicationConstants.java | 5 + .../mgt/ApplicationManagementService.java | 22 ++ .../mgt/ApplicationManagementServiceImpl.java | 12 + .../mgt/AuthorizedAPIManagementService.java | 100 +++++ .../AuthorizedAPIManagementServiceImpl.java | 179 +++++++++ .../application/mgt/dao/ApplicationDAO.java | 23 ++ .../application/mgt/dao/AuthorizedAPIDAO.java | 52 +++ .../mgt/dao/impl/ApplicationDAOImpl.java | 34 ++ .../mgt/dao/impl/ApplicationMgtDBQueries.java | 31 ++ .../mgt/dao/impl/AuthorizedAPIDAOImpl.java | 241 +++++++++++ ...ApplicationManagementServiceComponent.java | 30 ++ ...ationManagementServiceComponentHolder.java | 22 ++ ...uthorizedAPIManagementServiceImplTest.java | 374 ++++++++++++++++++ .../src/test/resources/dbscripts/identity.sql | 57 +++ .../src/test/resources/testng.xml | 1 + .../pom.xml | 5 + .../resources/dbscripts/db2.sql | 24 ++ .../resources/dbscripts/h2.sql | 24 +- .../resources/dbscripts/mssql.sql | 29 ++ .../resources/dbscripts/mysql-cluster.sql | 22 ++ .../resources/dbscripts/mysql.sql | 22 ++ .../resources/dbscripts/postgresql.sql | 30 +- 27 files changed, 1576 insertions(+), 2 deletions(-) create mode 100644 components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/AuthorizedAPI.java create mode 100644 components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/AuthorizedScopes.java create mode 100644 components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementService.java create mode 100644 components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementServiceImpl.java create mode 100644 components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/AuthorizedAPIDAO.java create mode 100644 components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/AuthorizedAPIDAOImpl.java create mode 100644 components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementServiceImplTest.java diff --git a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/APIResourceManager.java b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/APIResourceManager.java index fbdc5e976d25..0bdeefc940e8 100644 --- a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/APIResourceManager.java +++ b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/APIResourceManager.java @@ -146,4 +146,14 @@ void putScopes(String apiResourceId, List currentScopes, List scop * @throws APIResourceMgtException If an error occurs while retrieving scopes. */ List getScopesByTenantDomain(String tenantDomain, String filter) throws APIResourceMgtException; + + /** + * Get scope by name. + * + * @param scopeName Scope name. + * @param tenantDomain Tenant domain. + * @return Scope. + * @throws APIResourceMgtException If an error occurs while retrieving scope. + */ + Scope getScopeByName(String scopeName, String tenantDomain) throws APIResourceMgtException; } diff --git a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/APIResourceManagerImpl.java b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/APIResourceManagerImpl.java index 8b7ffb83dcd3..fb13f8796f2e 100644 --- a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/APIResourceManagerImpl.java +++ b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/APIResourceManagerImpl.java @@ -142,6 +142,12 @@ public List getScopesByTenantDomain(String tenantDomain, String filter) t return CACHE_BACKED_DAO.getScopesByTenantId(tenantId, expressionNodes); } + @Override + public Scope getScopeByName(String scopeName, String tenantDomain) throws APIResourceMgtException { + + return CACHE_BACKED_DAO.getScopeByNameAndTenantId(scopeName, IdentityTenantUtil.getTenantId(tenantDomain)); + } + /** * Get the filter node as a list. * diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/AuthorizedAPI.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/AuthorizedAPI.java new file mode 100644 index 000000000000..37aafcf12aec --- /dev/null +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/AuthorizedAPI.java @@ -0,0 +1,136 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.application.common.model; + +import java.util.List; + +/** + * Authorized API model class. + */ +public class AuthorizedAPI { + + private String appId; + private String apiId; + private String apiIdentifier; + private String apiName; + private String policyId; + private List scopes; + + public AuthorizedAPI(String appId, String apiId, String policyId, List scopes) { + + this.appId = appId; + this.apiId = apiId; + this.policyId = policyId; + this.scopes = scopes; + } + + public AuthorizedAPI() { + + } + + public String getAppId() { + + return appId; + } + + public String getAPIId() { + + return apiId; + } + + public String getAPIIdentifier() { + return apiIdentifier; + } + + public void setAPIIdentifier(String apiIdentifier) { + this.apiIdentifier = apiIdentifier; + } + + public String getAPIName() { + return apiName; + } + + public void setAPIName(String apiName) { + this.apiName = apiName; + } + + public String getPolicyId() { + + return policyId; + } + + public List getScopes() { + + return scopes; + } + + public void setScopes(List scopes) { + + this.scopes = scopes; + } + + public void addScope(Scope scope) { + + this.scopes.add(scope); + } + + /** + * Builder class for {@link AuthorizedAPI}. + */ + public static class AuthorizedAPIBuilder { + + private String appId; + private String apiId; + private String policyId; + private List scopes; + + public AuthorizedAPIBuilder() { + + } + + public AuthorizedAPIBuilder appId(String appId) { + + this.appId = appId; + return this; + } + + public AuthorizedAPIBuilder apiId(String apiId) { + + this.apiId = apiId; + return this; + } + + public AuthorizedAPIBuilder policyId(String policyId) { + + this.policyId = policyId; + return this; + } + + public AuthorizedAPIBuilder scopes(List scopes) { + + this.scopes = scopes; + return this; + } + + public AuthorizedAPI build() { + + return new AuthorizedAPI(appId, apiId, policyId, scopes); + } + } +} diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/AuthorizedScopes.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/AuthorizedScopes.java new file mode 100644 index 000000000000..296dab8d9ff7 --- /dev/null +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/AuthorizedScopes.java @@ -0,0 +1,81 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.application.common.model; + +import java.util.List; + +/** + * Authorized Scopes model class. + */ +public class AuthorizedScopes { + + private String policyId; + private List scopes; + + public AuthorizedScopes(String policyId, List scopes) { + + this.policyId = policyId; + this.scopes = scopes; + } + + public AuthorizedScopes() { + + } + + public String getPolicyId() { + + return policyId; + } + + public List getScopes() { + + return scopes; + } + + public void setScopes(List scopes) { + + this.scopes = scopes; + } + + /** + * Builder class for {@link AuthorizedScopes}. + */ + public static class AuthorizedScopesBuilder { + + private String policyId; + private List scopes; + + public AuthorizedScopesBuilder policyId(String policyId) { + + this.policyId = policyId; + return this; + } + + public AuthorizedScopesBuilder scopes(List scopes) { + + this.scopes = scopes; + return this; + } + + public AuthorizedScopes build() { + + return new AuthorizedScopes(policyId, scopes); + } + } +} diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/pom.xml b/components/application-mgt/org.wso2.carbon.identity.application.mgt/pom.xml index 53b2d31572b3..a0291322fac1 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/pom.xml +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/pom.xml @@ -125,6 +125,11 @@ org.wso2.carbon.identity.framework org.wso2.carbon.identity.claim.metadata.mgt + + org.wso2.carbon.identity.framework + org.wso2.carbon.identity.api.resource.mgt + provided + org.wso2.carbon.utils org.wso2.carbon.database.utils @@ -236,6 +241,7 @@ org.wso2.carbon.identity.central.log.mgt.*; version="${carbon.identity.package.import.version.range}", org.wso2.carbon.identity.organization.management.service; version="${org.wso2.carbon.identity.organization.management.core.version.range}", org.wso2.carbon.identity.organization.management.service.exception; version="${org.wso2.carbon.identity.organization.management.core.version.range}", + org.wso2.carbon.identity.api.resource.mgt; version="${carbon.identity.package.import.version.range}" !org.wso2.carbon.identity.application.mgt.internal, diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationConstants.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationConstants.java index d532e06be26a..c3312037fb22 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationConstants.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationConstants.java @@ -146,6 +146,11 @@ public static class ApplicationTableColumns { public static final String UUID = "UUID"; public static final String IMAGE_URL = "IMAGE_URL"; public static final String ACCESS_URL = "ACCESS_URL"; + public static final String APP_ID = "APP_ID"; + public static final String API_ID = "API_ID"; + public static final String POLICY_ID = "POLICY_ID"; + public static final String SCOPE_NAME = "SCOPE_NAME"; + public static final String MAIN_APP_ID = "MAIN_APP_ID"; private ApplicationTableColumns() { diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementService.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementService.java index 9c8f9b6f7df0..fbac956b2174 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementService.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementService.java @@ -19,6 +19,7 @@ import org.apache.commons.lang.NotImplementedException; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; +import org.wso2.carbon.identity.application.common.IdentityApplicationManagementServerException; import org.wso2.carbon.identity.application.common.model.ApplicationBasicInfo; import org.wso2.carbon.identity.application.common.model.AuthenticationStep; import org.wso2.carbon.identity.application.common.model.IdentityProvider; @@ -492,5 +493,26 @@ public Set getSystemApplications() { return Collections.emptySet(); } + /** + * Get main application ID from the shared application ID. + * + * @param sharedAppId ID of the shared application. + * @return ID of the main application. + */ + public String getMainAppId(String sharedAppId) throws IdentityApplicationManagementServerException { + + throw new NotImplementedException(); + } + + /** + * Get tenant ID of the application. + * + * @param appId ID of the application. + * @return Tenant ID. + */ + public int getTenantIdByApp(String appId) throws IdentityApplicationManagementServerException { + + throw new NotImplementedException(); + } } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java index be0136adc207..df9d88ca821a 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java @@ -2650,6 +2650,18 @@ public Set getSystemApplications() { return systemApplications; } + @Override + public String getMainAppId(String sharedAppId) throws IdentityApplicationManagementServerException { + + return ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getMainAppId(sharedAppId); + } + + @Override + public int getTenantIdByApp(String appId) throws IdentityApplicationManagementServerException { + + return ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getTenantIdByApp(appId); + } + private void doPreUpdateChecks(String storedAppName, ServiceProvider updatedApp, String tenantDomain, String username) throws IdentityApplicationManagementException { diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementService.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementService.java new file mode 100644 index 000000000000..a55991678fc4 --- /dev/null +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementService.java @@ -0,0 +1,100 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.application.mgt; + +import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; +import org.wso2.carbon.identity.application.common.model.AuthorizedAPI; +import org.wso2.carbon.identity.application.common.model.AuthorizedScopes; + +import java.util.List; + +/** + * Authorized API management service. + */ +public interface AuthorizedAPIManagementService { + + /** + * Authorize an API to the application. + * + * @param applicationId Application ID. + * @param authorizedAPI Authorized API. + * @param tenantDomain Tenant Domain. + * @throws IdentityApplicationManagementException if an error occurs while authorizing the API. + */ + public void addAuthorizedAPI(String applicationId, AuthorizedAPI authorizedAPI, String tenantDomain) + throws IdentityApplicationManagementException; + + /** + * Delete authorized APIs from the application. + * + * @param appId Application ID. + * @param apiId API ID. + * @param tenantDomain Tenant Domain. + * @throws IdentityApplicationManagementException if an error occurs while deleting the authorized APIs. + */ + public void deleteAuthorizedAPIs(String appId, String apiId, String tenantDomain) + throws IdentityApplicationManagementException; + + /** + * Get authorized APIs of the application. + * + * @param applicationId Application ID. + * @param tenantDomain Tenant Domain. + * @return List of authorized APIs. + * @throws IdentityApplicationManagementException if an error occurs while retrieving the authorized APIs. + */ + public List getAuthorizedAPIs(String applicationId, String tenantDomain) + throws IdentityApplicationManagementException; + + /** + * Patch authorized APIs of the application. + * + * @param appId Application ID. + * @param apiId API ID. + * @param addedScopes Added scopes. + * @param removedScopes Removed scopes. + * @param tenantDomain Tenant Domain. + * @throws IdentityApplicationManagementException if an error occurs while patching the authorized APIs. + */ + public void patchAuthorizedAPIs(String appId, String apiId, List addedScopes, + List removedScopes, String tenantDomain) + throws IdentityApplicationManagementException; + + /** + * Get authorized scopes of the application. + * + * @param appId Application ID. + * @param tenantDomain Tenant Domain. + * @throws IdentityApplicationManagementException if an error occurs while retrieving the authorized scopes. + */ + public List getAuthorizedScopes(String appId, String tenantDomain) + throws IdentityApplicationManagementException; + + /** + * Get authorized API of the application by ID. + * + * @param appId Application ID. + * @param apiId API Resource ID. + * @param tenantDomain Tenant Domain. + * @return Authorized API. + * @throws IdentityApplicationManagementException if an error occurs while retrieving the authorized API. + */ + public AuthorizedAPI getAuthorizedAPI(String appId, String apiId, String tenantDomain) + throws IdentityApplicationManagementException; +} diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementServiceImpl.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementServiceImpl.java new file mode 100644 index 000000000000..f07a34ca0c02 --- /dev/null +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementServiceImpl.java @@ -0,0 +1,179 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.application.mgt; + +import org.wso2.carbon.identity.api.resource.mgt.APIResourceMgtException; +import org.wso2.carbon.identity.application.common.IdentityApplicationManagementClientException; +import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; +import org.wso2.carbon.identity.application.common.IdentityApplicationManagementServerException; +import org.wso2.carbon.identity.application.common.model.APIResource; +import org.wso2.carbon.identity.application.common.model.AuthorizedAPI; +import org.wso2.carbon.identity.application.common.model.AuthorizedScopes; +import org.wso2.carbon.identity.application.common.model.Scope; +import org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants; +import org.wso2.carbon.identity.application.mgt.dao.AuthorizedAPIDAO; +import org.wso2.carbon.identity.application.mgt.dao.impl.AuthorizedAPIDAOImpl; +import org.wso2.carbon.identity.application.mgt.internal.ApplicationManagementServiceComponentHolder; +import org.wso2.carbon.identity.core.util.IdentityTenantUtil; + +import java.util.ArrayList; +import java.util.List; + +import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.Error.INVALID_REQUEST; +import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.Error.UNEXPECTED_SERVER_ERROR; + +/** + * Authorized API management service implementation. + */ +public class AuthorizedAPIManagementServiceImpl implements AuthorizedAPIManagementService { + + private final AuthorizedAPIDAO authorizedAPIDAO = new AuthorizedAPIDAOImpl(); + + @Override + public void addAuthorizedAPI(String applicationId, AuthorizedAPI authorizedAPI, String tenantDomain) + throws IdentityApplicationManagementException { + + // Check if the application is a main application. If not, throw a client error. + ApplicationManagementService applicationManagementService = ApplicationManagementServiceImpl.getInstance(); + String mainAppId = applicationManagementService.getMainAppId(applicationId); + if (mainAppId != null) { + throw buildClientException(INVALID_REQUEST, "Cannot add authorized APIs to a shared application."); + } + authorizedAPIDAO.addAuthorizedAPI(applicationId, authorizedAPI.getAPIId(), + authorizedAPI.getPolicyId(), authorizedAPI.getScopes(), IdentityTenantUtil.getTenantId(tenantDomain)); + } + + @Override + public void deleteAuthorizedAPIs(String appId, String apiId, String tenantDomain) + throws IdentityApplicationManagementException { + + + authorizedAPIDAO.deleteAuthorizedAPIs(appId, apiId, IdentityTenantUtil.getTenantId(tenantDomain)); + } + + @Override + public List getAuthorizedAPIs(String applicationId, String tenantDomain) + throws IdentityApplicationManagementException { + + try { + // Check if the application is a main application else get the main application id and main tenant id. + ApplicationManagementService applicationManagementService = ApplicationManagementServiceImpl.getInstance(); + String mainAppId = applicationManagementService.getMainAppId(applicationId); + if (mainAppId != null) { + applicationId = mainAppId; + int tenantId = applicationManagementService.getTenantIdByApp(mainAppId); + tenantDomain = IdentityTenantUtil.getTenantDomain(tenantId); + } + + List authorizedAPIS = authorizedAPIDAO.getAuthorizedAPIs(applicationId, + IdentityTenantUtil.getTenantId(tenantDomain)); + for (AuthorizedAPI authorizedAPI : authorizedAPIS) { + // Get API resource data from DB. + APIResource apiResource = ApplicationManagementServiceComponentHolder.getInstance() + .getAPIResourceManager().getAPIResourceById(authorizedAPI.getAPIId(), tenantDomain); + authorizedAPI.setAPIIdentifier(apiResource.getIdentifier()); + authorizedAPI.setAPIName(apiResource.getName()); + // Get Scope data from DB. + List scopeList = new ArrayList<>(); + for (Scope scope : authorizedAPI.getScopes()) { + Scope scopeFromDB = ApplicationManagementServiceComponentHolder.getInstance() + .getAPIResourceManager().getScopeByName(scope.getName(), tenantDomain); + scopeList.add(scopeFromDB); + } + authorizedAPI.setScopes(scopeList); + } + return authorizedAPIS; + } catch (APIResourceMgtException e) { + throw buildServerException("Error while retrieving authorized APIs.", e); + } + } + + @Override + public void patchAuthorizedAPIs(String appId, String apiId, List addedScopes, + List removedScopes, String tenantDomain) + throws IdentityApplicationManagementException { + + authorizedAPIDAO.patchAuthorizedAPIs(appId, apiId, addedScopes, removedScopes, + IdentityTenantUtil.getTenantId(tenantDomain)); + } + + @Override + public List getAuthorizedScopes(String appId, String tenantDomain) + throws IdentityApplicationManagementException { + + // Check if the application is a main application else get the main application id and main tenant id. + ApplicationManagementService applicationManagementService = ApplicationManagementServiceImpl.getInstance(); + String mainAppId = applicationManagementService.getMainAppId(appId); + if (mainAppId != null) { + appId = mainAppId; + int tenantId = applicationManagementService.getTenantIdByApp(mainAppId); + tenantDomain = IdentityTenantUtil.getTenantDomain(tenantId); + } + return authorizedAPIDAO.getAuthorizedScopes(appId, IdentityTenantUtil.getTenantId(tenantDomain)); + } + + @Override + public AuthorizedAPI getAuthorizedAPI(String appId, String apiId, String tenantDomain) + throws IdentityApplicationManagementException { + + try { + // Check if the application is a main application else get the main application id and main tenant id. + ApplicationManagementService applicationManagementService = ApplicationManagementServiceImpl.getInstance(); + String mainAppId = applicationManagementService.getMainAppId(appId); + if (mainAppId != null) { + apiId = mainAppId; + int tenantId = applicationManagementService.getTenantIdByApp(mainAppId); + tenantDomain = IdentityTenantUtil.getTenantDomain(tenantId); + } + + AuthorizedAPI authorizedAPI = authorizedAPIDAO.getAuthorizedAPI(appId, apiId, + IdentityTenantUtil.getTenantId(tenantDomain)); + if (authorizedAPI == null) { + return null; + } + APIResource apiResource = ApplicationManagementServiceComponentHolder.getInstance() + .getAPIResourceManager().getAPIResourceById(authorizedAPI.getAPIId(), tenantDomain); + authorizedAPI.setAPIIdentifier(apiResource.getIdentifier()); + authorizedAPI.setAPIName(apiResource.getName()); + // Get Scope data from DB. + List scopeList = new ArrayList<>(); + for (Scope scope : authorizedAPI.getScopes()) { + Scope scopeFromDB = ApplicationManagementServiceComponentHolder.getInstance() + .getAPIResourceManager().getScopeByName(scope.getName(), tenantDomain); + scopeList.add(scopeFromDB); + } + authorizedAPI.setScopes(scopeList); + return authorizedAPI; + } catch (APIResourceMgtException e) { + throw buildServerException("Error while retrieving authorized API.", e); + } + } + + private IdentityApplicationManagementClientException buildClientException( + IdentityApplicationConstants.Error errorMessage, String message) { + + return new IdentityApplicationManagementClientException(errorMessage.getCode(), message); + } + + private IdentityApplicationManagementServerException buildServerException(String message, + Throwable ex) { + + return new IdentityApplicationManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), message, ex); + } +} diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/ApplicationDAO.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/ApplicationDAO.java index 0021e3cdf1e4..d91ad1dfaff9 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/ApplicationDAO.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/ApplicationDAO.java @@ -20,6 +20,7 @@ import org.apache.commons.lang.NotImplementedException; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; +import org.wso2.carbon.identity.application.common.IdentityApplicationManagementServerException; import org.wso2.carbon.identity.application.common.model.ApplicationBasicInfo; import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig; import org.wso2.carbon.identity.application.common.model.ServiceProvider; @@ -336,4 +337,26 @@ default ServiceProvider getApplicationWithRequiredAttributes(int applicationId, return new ServiceProvider(); } + + /** + * Method that return the application id of the main application for a given shared application id. + * + * @param sharedAppId Shared application id. + * @return Application id of the main application. + */ + default String getMainAppId(String sharedAppId) throws IdentityApplicationManagementServerException { + + throw new NotImplementedException(); + } + + /** + * Method that returns the tenant id of the application. + * + * @param applicationId Application id. + * @return Tenant id of the application. + */ + default int getTenantIdByApp(String applicationId) throws IdentityApplicationManagementServerException { + + throw new NotImplementedException(); + } } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/AuthorizedAPIDAO.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/AuthorizedAPIDAO.java new file mode 100644 index 000000000000..283b74708efa --- /dev/null +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/AuthorizedAPIDAO.java @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.application.mgt.dao; + +import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; +import org.wso2.carbon.identity.application.common.model.AuthorizedAPI; +import org.wso2.carbon.identity.application.common.model.AuthorizedScopes; +import org.wso2.carbon.identity.application.common.model.Scope; + +import java.util.List; + +/** + * Authorized API DAO interface. + */ +public interface AuthorizedAPIDAO { + + void addAuthorizedAPI(String applicationId, String apiId, String policyId, List scopes, + int tenantId) + throws IdentityApplicationManagementException; + + List getAuthorizedAPIs(String applicationId, int tenantId) + throws IdentityApplicationManagementException; + + void patchAuthorizedAPIs(String appId, String apiId, List addedScopes, + List removedScopes, int tenantId) + throws IdentityApplicationManagementException; + + void deleteAuthorizedAPIs(String appId, String apiId, int tenantId) + throws IdentityApplicationManagementException; + + List getAuthorizedScopes(String applicationId, int tenantId) + throws IdentityApplicationManagementException; + + AuthorizedAPI getAuthorizedAPI(String appId, String apiId, int tenantId) + throws IdentityApplicationManagementException; +} diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java index 225dc1fd53b1..e53723a3c830 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java @@ -5254,6 +5254,40 @@ public boolean isClaimReferredByAnySp(Connection dbConnection, String claimUri, } } + @Override + public String getMainAppId(String sharedAppId) throws IdentityApplicationManagementServerException { + + try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) { + PreparedStatement prepStmt = connection.prepareStatement(ApplicationMgtDBQueries.GET_MAIN_APP_ID); + prepStmt.setString(1, sharedAppId); + ResultSet resultSet = prepStmt.executeQuery(); + if (resultSet.next()) { + return resultSet.getString(ApplicationTableColumns.MAIN_APP_ID); + } + return null; + } catch (SQLException e) { + throw new IdentityApplicationManagementServerException("Error while getting main application id for " + + "the shared application with id: %s", sharedAppId, e); + } + } + + @Override + public int getTenantIdByApp(String applicationId) throws IdentityApplicationManagementServerException { + + try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) { + PreparedStatement prepStmt = connection.prepareStatement(ApplicationMgtDBQueries.GET_APP_TENANT_ID); + prepStmt.setString(1, applicationId); + ResultSet resultSet = prepStmt.executeQuery(); + if (resultSet.next()) { + return resultSet.getInt(ApplicationTableColumns.TENANT_ID); + } + return -1; + } catch (SQLException e) { + throw new IdentityApplicationManagementServerException("Error while getting tenant id of the application " + + "with id: %s", applicationId, e); + } + } + private List getDiscoverableApplicationBasicInfo(int limit, int offset, String tenantDomain) throws IdentityApplicationManagementException { diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationMgtDBQueries.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationMgtDBQueries.java index 48115f851b2c..4063887e377a 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationMgtDBQueries.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationMgtDBQueries.java @@ -449,4 +449,35 @@ public class ApplicationMgtDBQueries { public static final String GET_TOTAL_SP_CLAIM_USAGES = "SELECT COUNT(*) FROM SP_CLAIM_MAPPING WHERE TENANT_ID = ?" + " AND IDP_CLAIM = ?"; + + public static final String GET_MAIN_APP_ID = "SELECT MAIN_APP_ID FROM SP_SHARED_APP WHERE SHARED_APP_ID = ?"; + + public static final String GET_APP_TENANT_ID = "SELECT TENANT_ID FROM SP_APP WHERE UUID = ?"; + + // Authorized API queries. + public static final String GET_AUTHORIZED_APIS = "SELECT AUTHORIZED_API.APP_ID, AUTHORIZED_API.API_ID, " + + "POLICY_ID, SCOPE_NAME, TENANT_ID FROM AUTHORIZED_API JOIN AUTHORIZED_SCOPE ON " + + "AUTHORIZED_API.APP_ID = AUTHORIZED_SCOPE.APP_ID AND AUTHORIZED_API.API_ID = AUTHORIZED_SCOPE.API_ID" + + " WHERE AUTHORIZED_API.APP_ID = ?"; + + public static final String GET_AUTHORIZED_SCOPES = "SELECT POLICY_ID, SCOPE_NAME FROM AUTHORIZED_API JOIN" + + " AUTHORIZED_SCOPE ON AUTHORIZED_API.APP_ID = AUTHORIZED_SCOPE.APP_ID AND AUTHORIZED_API.API_ID " + + "= AUTHORIZED_SCOPE.API_ID WHERE AUTHORIZED_API.APP_ID = ?"; + + public static final String GET_AUTHORIZED_API = "SELECT AUTHORIZED_API.APP_ID, AUTHORIZED_API.API_ID, " + + "POLICY_ID, SCOPE_NAME, TENANT_ID FROM AUTHORIZED_API JOIN AUTHORIZED_SCOPE ON " + + "AUTHORIZED_API.APP_ID = AUTHORIZED_SCOPE.APP_ID AND AUTHORIZED_API.API_ID = AUTHORIZED_SCOPE.API_ID" + + " WHERE AUTHORIZED_API.APP_ID = ? AND AUTHORIZED_API.API_ID = ?"; + + public static final String ADD_AUTHORIZED_API = "INSERT INTO AUTHORIZED_API (APP_ID, API_ID, POLICY_ID) " + + "VALUES (?, ?, ?)"; + + public static final String ADD_AUTHORIZED_SCOPE = "INSERT INTO AUTHORIZED_SCOPE (APP_ID, API_ID, SCOPE_NAME," + + " TENANT_ID) VALUES (?, ?, ?, ?)"; + + public static final String DELETE_AUTHORIZED_API_BY_API_ID = "DELETE FROM AUTHORIZED_API WHERE APP_ID = ? AND " + + "API_ID = ?"; + + public static final String DELETE_AUTHORIZED_SCOPE = "DELETE FROM AUTHORIZED_SCOPE WHERE " + + "APP_ID = ? AND API_ID = ? AND SCOPE_NAME = ? AND TENANT_ID = ?"; } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/AuthorizedAPIDAOImpl.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/AuthorizedAPIDAOImpl.java new file mode 100644 index 000000000000..63425917b40f --- /dev/null +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/AuthorizedAPIDAOImpl.java @@ -0,0 +1,241 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.application.mgt.dao.impl; + +import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; +import org.wso2.carbon.identity.application.common.model.AuthorizedAPI; +import org.wso2.carbon.identity.application.common.model.AuthorizedScopes; +import org.wso2.carbon.identity.application.common.model.Scope; +import org.wso2.carbon.identity.application.mgt.ApplicationConstants; +import org.wso2.carbon.identity.application.mgt.dao.AuthorizedAPIDAO; +import org.wso2.carbon.identity.core.util.IdentityDatabaseUtil; + +import java.sql.Connection; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * Authorized API DAO implementation class. + */ +public class AuthorizedAPIDAOImpl implements AuthorizedAPIDAO { + + @Override + public void addAuthorizedAPI(String applicationId, String apiId, String policyId, + List scopes, int tenantId) throws IdentityApplicationManagementException { + + try (Connection dbConnection = IdentityDatabaseUtil.getDBConnection(true)) { + try { + PreparedStatement prepStmt = dbConnection.prepareStatement(ApplicationMgtDBQueries.ADD_AUTHORIZED_API); + prepStmt.setString(1, applicationId); + prepStmt.setString(2, apiId); + prepStmt.setString(3, policyId); + prepStmt.execute(); + + prepStmt = dbConnection.prepareStatement(ApplicationMgtDBQueries.ADD_AUTHORIZED_SCOPE); + for (Scope scope : scopes) { + prepStmt.setString(1, applicationId); + prepStmt.setString(2, apiId); + prepStmt.setString(3, scope.getName()); + prepStmt.setInt(4, tenantId); + prepStmt.addBatch(); + prepStmt.clearParameters(); + } + prepStmt.executeBatch(); + + IdentityDatabaseUtil.commitTransaction(dbConnection); + } catch (SQLException e) { + IdentityDatabaseUtil.rollbackTransaction(dbConnection); + throw e; + } + } catch (SQLException e) { + throw new IdentityApplicationManagementException("Error while adding authorized API", e); + } + } + + @Override + public List getAuthorizedAPIs(String applicationId, int tenantId) + throws IdentityApplicationManagementException { + + try (Connection dbConnection = IdentityDatabaseUtil.getDBConnection(false)) { + + PreparedStatement prepStmt = dbConnection.prepareStatement( + ApplicationMgtDBQueries.GET_AUTHORIZED_APIS); + prepStmt.setString(1, applicationId); + ResultSet resultSet = prepStmt.executeQuery(); + Map authorizedAPIMap = new HashMap<>(); + while (resultSet.next()) { + Scope scope = new Scope.ScopeBuilder() + .name(resultSet.getString(ApplicationConstants.ApplicationTableColumns.SCOPE_NAME)).build(); + String apiId = resultSet.getString(ApplicationConstants.ApplicationTableColumns.API_ID); + if (!authorizedAPIMap.containsKey(apiId)) { + AuthorizedAPI.AuthorizedAPIBuilder authorizedAPIBuilder = new AuthorizedAPI.AuthorizedAPIBuilder() + .appId(applicationId) + .apiId(apiId) + .policyId(resultSet.getString( + ApplicationConstants.ApplicationTableColumns.POLICY_ID)) + .scopes(Collections.singletonList(scope)); + authorizedAPIMap.put(apiId, authorizedAPIBuilder.build()); + } else { + AuthorizedAPI authorizedAPI = authorizedAPIMap.get(apiId); + List scopes = new ArrayList<>(authorizedAPI.getScopes()); + scope = new Scope.ScopeBuilder() + .name(resultSet.getString(ApplicationConstants.ApplicationTableColumns.SCOPE_NAME)).build(); + scopes.add(scope); + authorizedAPI.setScopes(scopes); + } + } + return authorizedAPIMap.values().isEmpty() ? new ArrayList<>() : new ArrayList<>(authorizedAPIMap.values()); + } catch (SQLException e) { + throw new IdentityApplicationManagementException("Error while adding authorized API", e); + + } + } + + @Override + public void patchAuthorizedAPIs(String appId, String apiId, List addedScopes, + List removedScopes, int tenantId) + throws IdentityApplicationManagementException { + + try (Connection dbConnection = IdentityDatabaseUtil.getDBConnection(true)) { + try { + if (addedScopes != null && !addedScopes.isEmpty()) { + PreparedStatement prepStmt = dbConnection.prepareStatement( + ApplicationMgtDBQueries.ADD_AUTHORIZED_SCOPE); + prepStmt.setString(1, appId); + prepStmt.setString(2, apiId); + prepStmt.setInt(4, tenantId); + for (String scope : addedScopes) { + prepStmt.setString(3, scope); + prepStmt.addBatch(); + } + prepStmt.executeBatch(); + } + + if (removedScopes != null && !removedScopes.isEmpty()) { + PreparedStatement prepStmt = dbConnection.prepareStatement( + ApplicationMgtDBQueries.DELETE_AUTHORIZED_SCOPE); + prepStmt.setString(1, appId); + prepStmt.setString(2, apiId); + prepStmt.setInt(4, tenantId); + for (String scope : removedScopes) { + prepStmt.setString(3, scope); + prepStmt.addBatch(); + } + prepStmt.executeBatch(); + } + IdentityDatabaseUtil.commitTransaction(dbConnection); + } catch (SQLException e) { + IdentityDatabaseUtil.rollbackTransaction(dbConnection); + throw e; + } + } catch (SQLException e) { + throw new IdentityApplicationManagementException("Error while adding authorized API", e); + } + } + + @Override + public void deleteAuthorizedAPIs(String appId, String apiId, int tenantId) + throws IdentityApplicationManagementException { + + try (Connection dbConnection = IdentityDatabaseUtil.getDBConnection(false)) { + PreparedStatement prepStmt = dbConnection.prepareStatement( + ApplicationMgtDBQueries.DELETE_AUTHORIZED_API_BY_API_ID); + prepStmt.setString(1, appId); + prepStmt.setString(2, apiId); + prepStmt.execute(); + } catch (SQLException e) { + throw new IdentityApplicationManagementException("Error while deleting authorized API", e); + } + } + + @Override + public List getAuthorizedScopes(String applicationId, int tenantId) + throws IdentityApplicationManagementException { + + try (Connection dbConnection = IdentityDatabaseUtil.getDBConnection(false)) { + + PreparedStatement prepStmt = dbConnection.prepareStatement( + ApplicationMgtDBQueries.GET_AUTHORIZED_SCOPES); + prepStmt.setString(1, applicationId); + ResultSet resultSet = prepStmt.executeQuery(); + Map authorizedScopesMap = new HashMap<>(); + while (resultSet.next()) { + String policyId = resultSet.getString(ApplicationConstants.ApplicationTableColumns.POLICY_ID); + if (!authorizedScopesMap.containsKey(policyId)) { + AuthorizedScopes.AuthorizedScopesBuilder authorizedScopesBuilder = + new AuthorizedScopes.AuthorizedScopesBuilder() + .policyId(policyId) + .scopes(Collections.singletonList(resultSet.getString( + ApplicationConstants.ApplicationTableColumns.SCOPE_NAME))); + authorizedScopesMap.put(policyId, authorizedScopesBuilder.build()); + } else { + AuthorizedScopes authorizedScopes = authorizedScopesMap.get(policyId); + List scopes = new ArrayList<>(authorizedScopes.getScopes()); + scopes.add(resultSet.getString(ApplicationConstants.ApplicationTableColumns.SCOPE_NAME)); + authorizedScopes.setScopes(scopes); + } + } + return authorizedScopesMap.values().isEmpty() ? new ArrayList<>() : + new ArrayList<>(authorizedScopesMap.values()); + } catch (SQLException e) { + throw new IdentityApplicationManagementException("Error while getting authorized scopes", e); + + } + } + + @Override + public AuthorizedAPI getAuthorizedAPI(String applicationId, String apiId, int tenantId) + throws IdentityApplicationManagementException { + + try (Connection dbConnection = IdentityDatabaseUtil.getDBConnection(false)) { + PreparedStatement prepStmt = dbConnection.prepareStatement( + ApplicationMgtDBQueries.GET_AUTHORIZED_API); + prepStmt.setString(1, applicationId); + prepStmt.setString(2, apiId); + ResultSet resultSet = prepStmt.executeQuery(); + AuthorizedAPI authorizedAPI = null; + while (resultSet.next()) { + Scope scope = new Scope.ScopeBuilder() + .name(resultSet.getString(ApplicationConstants.ApplicationTableColumns.SCOPE_NAME)).build(); + if (authorizedAPI == null) { + authorizedAPI = new AuthorizedAPI.AuthorizedAPIBuilder() + .apiId(apiId) + .appId(applicationId) + .policyId(resultSet.getString(ApplicationConstants.ApplicationTableColumns.POLICY_ID)) + .scopes(Collections.singletonList(scope)).build(); + } else { + List scopes = new ArrayList<>(authorizedAPI.getScopes()); + scope = new Scope.ScopeBuilder() + .name(resultSet.getString(ApplicationConstants.ApplicationTableColumns.SCOPE_NAME)).build(); + scopes.add(scope); + authorizedAPI.setScopes(scopes); + } + } + return authorizedAPI; + } catch (SQLException e) { + throw new IdentityApplicationManagementException("Error while getting authorized API", e); + } + } +} diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponent.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponent.java index e2e2c0d592c1..70414c9b2304 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponent.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponent.java @@ -36,12 +36,15 @@ import org.osgi.service.component.annotations.ReferenceCardinality; import org.osgi.service.component.annotations.ReferencePolicy; import org.wso2.carbon.consent.mgt.core.ConsentManager; +import org.wso2.carbon.identity.api.resource.mgt.APIResourceManager; import org.wso2.carbon.identity.application.common.model.ServiceProvider; import org.wso2.carbon.identity.application.mgt.AbstractInboundAuthenticatorConfig; import org.wso2.carbon.identity.application.mgt.ApplicationConstants; import org.wso2.carbon.identity.application.mgt.ApplicationManagementService; import org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl; import org.wso2.carbon.identity.application.mgt.ApplicationMgtSystemConfig; +import org.wso2.carbon.identity.application.mgt.AuthorizedAPIManagementService; +import org.wso2.carbon.identity.application.mgt.AuthorizedAPIManagementServiceImpl; import org.wso2.carbon.identity.application.mgt.DiscoverableApplicationManager; import org.wso2.carbon.identity.application.mgt.defaultsequence.DefaultAuthSeqMgtService; import org.wso2.carbon.identity.application.mgt.defaultsequence.DefaultAuthSeqMgtServiceImpl; @@ -125,6 +128,9 @@ protected void activate(ComponentContext context) { bundleContext.registerService(ClaimMetadataMgtListener.class.getName(), new ApplicationClaimMgtListener(), null); + bundleContext.registerService(AuthorizedAPIManagementService.class, + new AuthorizedAPIManagementServiceImpl(), null); + // Register the ApplicationValidator. context.getBundleContext().registerService(ApplicationValidator.class, new DefaultApplicationValidator(), null); @@ -479,4 +485,28 @@ protected void unsetIdentityEventService(IdentityEventService identityEventServi log.debug("IdentityEventService unset in Identity Application Management bundle"); } + + @Reference( + name = "api.resource.mgt.service.component", + service = APIResourceManager.class, + cardinality = ReferenceCardinality.MANDATORY, + policy = ReferencePolicy.DYNAMIC, + unbind = "unsetAPIResourceManager") + protected void setAPIResourceManager(APIResourceManager apiResourceManager) { + + ApplicationManagementServiceComponentHolder.getInstance() + .setAPIResourceManager(apiResourceManager); + if (log.isDebugEnabled()) { + log.debug("APIResourceManager set in to bundle"); + } + } + + protected void unsetAPIResourceManager(APIResourceManager apiResourceManager) { + + ApplicationManagementServiceComponentHolder.getInstance() + .setAPIResourceManager(null); + if (log.isDebugEnabled()) { + log.debug("APIResourceManager unset in to bundle"); + } + } } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponentHolder.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponentHolder.java index c1f28d860bd9..ad740802ed79 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponentHolder.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponentHolder.java @@ -18,6 +18,7 @@ package org.wso2.carbon.identity.application.mgt.internal; import org.wso2.carbon.consent.mgt.core.ConsentManager; +import org.wso2.carbon.identity.api.resource.mgt.APIResourceManager; import org.wso2.carbon.identity.application.mgt.AbstractInboundAuthenticatorConfig; import org.wso2.carbon.identity.application.mgt.provider.ApplicationPermissionProvider; import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementService; @@ -58,6 +59,7 @@ public class ApplicationManagementServiceComponentHolder { private OrganizationUserResidentResolverService organizationUserResidentResolverService; private ApplicationPermissionProvider applicationPermissionProvider; + private APIResourceManager apiResourceManager; private boolean isOrganizationManagementEnable = false; @@ -272,4 +274,24 @@ public void setIdentityEventService(IdentityEventService identityEventService) { this.identityEventService = identityEventService; } + + /** + * Set API resource manager. + * + * @param apiResourceManager API resource manager. + */ + public void setAPIResourceManager(APIResourceManager apiResourceManager) { + + this.apiResourceManager = apiResourceManager; + } + + /** + * Get API resource manager. + * + * @return API resource manager. + */ + public APIResourceManager getAPIResourceManager() { + + return apiResourceManager; + } } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementServiceImplTest.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementServiceImplTest.java new file mode 100644 index 000000000000..b89c426bb608 --- /dev/null +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementServiceImplTest.java @@ -0,0 +1,374 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.application.mgt; + +import org.powermock.modules.testng.PowerMockTestCase; +import org.testng.Assert; +import org.testng.annotations.AfterClass; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.DataProvider; +import org.testng.annotations.Test; +import org.wso2.carbon.base.CarbonBaseConstants; +import org.wso2.carbon.context.CarbonContext; +import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.context.RegistryType; +import org.wso2.carbon.context.internal.OSGiDataHolder; +import org.wso2.carbon.core.internal.CarbonCoreDataHolder; +import org.wso2.carbon.identity.api.resource.mgt.APIResourceManager; +import org.wso2.carbon.identity.api.resource.mgt.APIResourceManagerImpl; +import org.wso2.carbon.identity.api.resource.mgt.APIResourceMgtException; +import org.wso2.carbon.identity.application.common.model.APIResource; +import org.wso2.carbon.identity.application.common.model.AuthorizedAPI; +import org.wso2.carbon.identity.application.common.model.AuthorizedScopes; +import org.wso2.carbon.identity.application.common.model.Scope; +import org.wso2.carbon.identity.application.common.model.ServiceProvider; +import org.wso2.carbon.identity.application.mgt.internal.ApplicationManagementServiceComponentHolder; +import org.wso2.carbon.identity.application.mgt.provider.ApplicationPermissionProvider; +import org.wso2.carbon.identity.application.mgt.provider.RegistryBasedApplicationPermissionProvider; +import org.wso2.carbon.identity.common.testng.WithAxisConfiguration; +import org.wso2.carbon.identity.common.testng.WithCarbonHome; +import org.wso2.carbon.identity.common.testng.WithH2Database; +import org.wso2.carbon.identity.common.testng.WithRealmService; +import org.wso2.carbon.identity.common.testng.WithRegistry; +import org.wso2.carbon.identity.common.testng.realm.InMemoryRealmService; +import org.wso2.carbon.identity.common.testng.realm.MockUserStoreManager; +import org.wso2.carbon.identity.core.internal.IdentityCoreServiceDataHolder; +import org.wso2.carbon.identity.core.util.IdentityTenantUtil; +import org.wso2.carbon.registry.core.Collection; +import org.wso2.carbon.registry.core.exceptions.RegistryException; +import org.wso2.carbon.registry.core.internal.RegistryDataHolder; +import org.wso2.carbon.registry.core.service.RegistryService; +import org.wso2.carbon.registry.core.session.UserRegistry; +import org.wso2.carbon.user.api.UserStoreException; +import org.wso2.carbon.user.api.UserStoreManager; +import org.wso2.carbon.user.core.service.RealmService; + +import java.lang.reflect.Field; +import java.nio.file.Paths; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import static java.lang.Boolean.FALSE; +import static org.mockito.ArgumentMatchers.anyInt; +import static org.mockito.ArgumentMatchers.anyString; +import static org.powermock.api.mockito.PowerMockito.mock; +import static org.powermock.api.mockito.PowerMockito.when; +import static org.wso2.carbon.utils.multitenancy.MultitenantConstants.SUPER_TENANT_DOMAIN_NAME; +import static org.wso2.carbon.utils.multitenancy.MultitenantConstants.SUPER_TENANT_ID; + +@WithAxisConfiguration +@WithCarbonHome +@WithRegistry +@WithRealmService +@WithH2Database(files = {"dbscripts/identity.sql"}) +public class AuthorizedAPIManagementServiceImplTest extends PowerMockTestCase { + + private String tenantDomain; + private APIResourceManager apiResourceManager; + private ApplicationManagementService applicationManagementService; + private AuthorizedAPIManagementService authorizedAPIManagementService; + + @BeforeClass + public void setUp() throws Exception { + + setupConfiguration(); + apiResourceManager = APIResourceManagerImpl.getInstance(); + applicationManagementService = ApplicationManagementServiceImpl.getInstance(); + authorizedAPIManagementService = new AuthorizedAPIManagementServiceImpl(); + tenantDomain = "test_tenant_domain"; + } + + @AfterClass + public void tearDown() throws Exception { + +// removeTestAPIResources(); + } + + @DataProvider + public Object[][] createAuthorizedAPIDataProvider() throws Exception { + + APIResource apiResource = addTestAPIResource("test-create"); + String appId = addApplication(); + AuthorizedAPI authorizedAPI1 = new AuthorizedAPI.AuthorizedAPIBuilder() + .apiId(apiResource.getId()) + .appId(appId) + .policyId("RBAC") + .scopes(apiResource.getScopes()) + .build(); + + return new Object[][]{ + {authorizedAPI1, 1} + }; + } + + @Test(dataProvider = "createAuthorizedAPIDataProvider") + public void testCreateAuthorizedAPI(AuthorizedAPI authorizedAPI, int expectedAPIs) + throws Exception { + + ApplicationManagementServiceComponentHolder.getInstance().setAPIResourceManager(apiResourceManager); + authorizedAPIManagementService.addAuthorizedAPI(authorizedAPI.getAppId(), authorizedAPI, tenantDomain); + List authorizedAPIS = authorizedAPIManagementService.getAuthorizedAPIs(authorizedAPI.getAppId(), + tenantDomain); + Assert.assertFalse(authorizedAPIS.isEmpty()); + Assert.assertEquals(authorizedAPIS.size(), expectedAPIs); + } + + @DataProvider + public Object[][] getAuthorizedAPIDataProvider() throws Exception { + + APIResource apiResource = addTestAPIResource("test-get"); + String appId = addApplication(); + AuthorizedAPI authorizedAPI1 = new AuthorizedAPI.AuthorizedAPIBuilder() + .apiId(apiResource.getId()) + .appId(appId) + .policyId("RBAC") + .scopes(apiResource.getScopes()) + .build(); + + return new Object[][]{ + {authorizedAPI1, 2} + }; + } + + @Test(dataProvider = "getAuthorizedAPIDataProvider", priority = 1) + public void testGetAuthorizedAPI(AuthorizedAPI authorizedAPI, int expectedScopes) + throws Exception { + + authorizedAPIManagementService.addAuthorizedAPI(authorizedAPI.getAppId(), authorizedAPI, tenantDomain); + AuthorizedAPI authzAPI = authorizedAPIManagementService.getAuthorizedAPI(authorizedAPI.getAppId(), + authorizedAPI.getAPIId(), tenantDomain); + Assert.assertNotNull(authzAPI); + Assert.assertFalse(authzAPI.getScopes().isEmpty()); + Assert.assertEquals(authzAPI.getScopes().size(), expectedScopes); + } + + @DataProvider + public Object[][] updateAuthorizedAPIDataProvider() throws Exception { + + APIResource apiResource = addTestAPIResource("test-update"); + + Scope newScope = new Scope.ScopeBuilder() + .name("newScope test-update") + .displayName("newScope test-update") + .description("newScope test-update") + .build(); + + apiResourceManager.updateAPIResource(apiResource, Collections.singletonList(newScope), + new ArrayList<>(), tenantDomain); + + String appId = addApplication(); + + AuthorizedAPI authorizedAPI1 = new AuthorizedAPI.AuthorizedAPIBuilder() + .apiId(apiResource.getId()) + .appId(appId) + .policyId("RBAC") + .scopes(apiResource.getScopes()) + .build(); + + return new Object[][]{ + {authorizedAPI1, Collections.singletonList(newScope.getName()), 3} + }; + } + + @Test(dataProvider = "updateAuthorizedAPIDataProvider", priority = 2) + public void testUpdateAuthorizedAPI(AuthorizedAPI authorizedAPI, List newScopes, int expectedScopes) + throws Exception { + + authorizedAPIManagementService.addAuthorizedAPI(authorizedAPI.getAppId(), authorizedAPI, tenantDomain); + authorizedAPIManagementService.patchAuthorizedAPIs(authorizedAPI.getAppId(), + authorizedAPI.getAPIId(), newScopes, new ArrayList<>(), tenantDomain); + AuthorizedAPI authzAPI = authorizedAPIManagementService.getAuthorizedAPI(authorizedAPI.getAppId(), + authorizedAPI.getAPIId(), tenantDomain); + Assert.assertNotNull(authzAPI); + Assert.assertFalse(authzAPI.getScopes().isEmpty()); + Assert.assertEquals(authzAPI.getScopes().size(), expectedScopes); + } + + @Test(priority = 3) + public void testGetAuthorizedScopes() throws Exception { + + String appId = addApplication(); + APIResource apiResource = addTestAPIResource("test-get-scopes-1"); + AuthorizedAPI authorizedAPI = new AuthorizedAPI.AuthorizedAPIBuilder() + .apiId(apiResource.getId()) + .appId(appId) + .policyId("RBAC") + .scopes(apiResource.getScopes()) + .build(); + APIResource apiResource2 = addTestAPIResource("test-get-scopes-2"); + AuthorizedAPI authorizedAPI2 = new AuthorizedAPI.AuthorizedAPIBuilder() + .apiId(apiResource2.getId()) + .appId(appId) + .policyId("No Policy") + .scopes(apiResource2.getScopes()) + .build(); + authorizedAPIManagementService.addAuthorizedAPI(authorizedAPI.getAppId(), authorizedAPI, tenantDomain); + authorizedAPIManagementService.addAuthorizedAPI(authorizedAPI2.getAppId(), authorizedAPI2, tenantDomain); + List authorizedScopesList = authorizedAPIManagementService.getAuthorizedScopes(appId, + tenantDomain); + Assert.assertFalse(authorizedScopesList.isEmpty()); + for (AuthorizedScopes authorizedScopes: authorizedScopesList) { + Assert.assertEquals(authorizedScopes.getScopes().size(), 2); + } + } + + @Test(priority = 4) + public void testDeleteAuthorizedAPI() throws Exception { + + APIResource apiResource = addTestAPIResource("test-delete"); + String appId = addApplication(); + AuthorizedAPI authorizedAPI = new AuthorizedAPI.AuthorizedAPIBuilder() + .apiId(apiResource.getId()) + .appId(appId) + .policyId("RBAC") + .scopes(apiResource.getScopes()) + .build(); + authorizedAPIManagementService.addAuthorizedAPI(authorizedAPI.getAppId(), authorizedAPI, tenantDomain); + AuthorizedAPI authzAPI = authorizedAPIManagementService.getAuthorizedAPI(authorizedAPI.getAppId(), + authorizedAPI.getAPIId(), tenantDomain); + Assert.assertNotNull(authzAPI); + authorizedAPIManagementService.deleteAuthorizedAPIs(authorizedAPI.getAppId(), + authorizedAPI.getAPIId(), tenantDomain); + authzAPI = authorizedAPIManagementService.getAuthorizedAPI(authorizedAPI.getAppId(), + authorizedAPI.getAPIId(), tenantDomain); + Assert.assertNull(authzAPI); + } + + private void setupConfiguration() throws UserStoreException, RegistryException { + + String carbonHome = Paths.get(System.getProperty("user.dir"), "target", "test-classes", "repository"). + toString(); + System.setProperty(CarbonBaseConstants.CARBON_HOME, carbonHome); + System.setProperty(CarbonBaseConstants.CARBON_CONFIG_DIR_PATH, Paths.get(carbonHome, "conf").toString()); + + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(SUPER_TENANT_DOMAIN_NAME); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(SUPER_TENANT_ID); + PrivilegedCarbonContext.getThreadLocalCarbonContext(); + + // Configure RealmService. + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(SUPER_TENANT_ID); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(SUPER_TENANT_DOMAIN_NAME); + InMemoryRealmService testSessionRealmService = new InMemoryRealmService(SUPER_TENANT_ID); + UserStoreManager userStoreManager = testSessionRealmService.getTenantUserRealm(SUPER_TENANT_ID) + .getUserStoreManager(); + ((MockUserStoreManager) userStoreManager) + .addSecondaryUserStoreManager("PRIMARY", (MockUserStoreManager) userStoreManager); + IdentityTenantUtil.setRealmService(testSessionRealmService); + RegistryDataHolder.getInstance().setRealmService(testSessionRealmService); + OSGiDataHolder.getInstance().setUserRealmService(testSessionRealmService); + IdentityCoreServiceDataHolder.getInstance().setRealmService(testSessionRealmService); + ApplicationManagementServiceComponentHolder holder = ApplicationManagementServiceComponentHolder.getInstance(); + setInstanceValue(testSessionRealmService, RealmService.class, ApplicationManagementServiceComponentHolder.class, + holder); + setInstanceValue(new RegistryBasedApplicationPermissionProvider(), ApplicationPermissionProvider.class, + ApplicationManagementServiceComponentHolder.class, holder); + + // Configure Registry Service. + RegistryService mockRegistryService = mock(RegistryService.class); + UserRegistry mockRegistry = mock(UserRegistry.class); + when(mockRegistryService.getGovernanceUserRegistry(anyString(), anyInt())).thenReturn(mockRegistry); + OSGiDataHolder.getInstance().setRegistryService(mockRegistryService); + CarbonCoreDataHolder.getInstance().setRegistryService(mockRegistryService); + PrivilegedCarbonContext.getThreadLocalCarbonContext() + .setRegistry(RegistryType.USER_GOVERNANCE, mockRegistryService.getRegistry()); + when(mockRegistry.resourceExists(anyString())).thenReturn(FALSE); + Collection mockPermissionNode = mock(Collection.class); + when(mockRegistry.newCollection()).thenReturn(mockPermissionNode); + when(mockRegistry.get(anyString())).thenReturn(mockPermissionNode); + when(CarbonContext.getThreadLocalCarbonContext().getRegistry( + RegistryType.USER_GOVERNANCE)).thenReturn(mockRegistry); + when(mockRegistry.resourceExists(anyString())).thenReturn(FALSE); + } + + private void setInstanceValue(Object value, Class valueType, Class clazz, Object instance) { + + for (Field field1 : clazz.getDeclaredFields()) { + if (field1.getType().isAssignableFrom(valueType)) { + field1.setAccessible(true); + + if (java.lang.reflect.Modifier.isStatic(field1.getModifiers())) { + setInternalState(clazz, field1.getName(), value); + } else if (instance != null) { + setInternalState(instance, field1.getName(), value); + } + } + } + } + + private static void setInternalState(Object target, String field, Object value) { + + Class targetClass = target.getClass(); + + try { + Field declaredField = targetClass.getDeclaredField(field); + declaredField.setAccessible(true); + declaredField.set(target, value); + } catch (Exception e) { + throw new RuntimeException("Unable to set internal state on a private field.", e); + } + } + + private APIResource addTestAPIResource(String postfix) throws Exception { + + List scopes = new ArrayList<>(); + scopes.add(new Scope.ScopeBuilder() + .name("name 1 " + postfix) + .displayName("displayName 1 " + postfix) + .description("description 1 " + postfix).build()); + scopes.add(new Scope.ScopeBuilder() + .name("name 2 " + postfix) + .displayName("displayName 2 " + postfix) + .description("description 2 " + postfix).build()); + + APIResource.APIResourceBuilder apiResourceBuilder = new APIResource.APIResourceBuilder() + .name("testAPIResource name " + postfix) + .identifier("testAPIResource identifier " + postfix) + .description("testAPIResource description " + postfix) + .type("BUSINESS") + .requiresAuthorization(true) + .scopes(scopes); + return apiResourceManager.addAPIResource(apiResourceBuilder.build(), tenantDomain); + } + + private String addApplication() throws Exception { + + ServiceProvider serviceProvider = new ServiceProvider(); + serviceProvider.setApplicationName("TestApp"); + return applicationManagementService.createApplication(serviceProvider, tenantDomain, "user 1"); + } + + private void removeTestAPIResources() throws Exception { + + apiResourceManager.getAPIResources(null, null, 10, null, "ASC", tenantDomain) + .getAPIResources().forEach( + apiResource -> { + try { + apiResourceManager.deleteAPIResourceById(apiResource.getId(), tenantDomain); + } catch (APIResourceMgtException e) { + Assert.fail("Error while deleting API resource: " + apiResource.getIdentifier(), e); + } + } + ); + } + + +} diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/resources/dbscripts/identity.sql b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/resources/dbscripts/identity.sql index 56bd6b03b40a..e1cadb3de7ec 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/resources/dbscripts/identity.sql +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/resources/dbscripts/identity.sql @@ -1137,6 +1137,63 @@ CREATE TABLE IF NOT EXISTS IDN_CORS_ASSOCIATION ( FOREIGN KEY (SP_APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE ); +CREATE TABLE IF NOT EXISTS SP_SHARED_APP ( + ID INTEGER NOT NULL AUTO_INCREMENT, + MAIN_APP_ID CHAR(36) NOT NULL, + OWNER_ORG_ID CHAR(36) NOT NULL, + SHARED_APP_ID CHAR(36) NOT NULL, + SHARED_ORG_ID CHAR(36) NOT NULL, + SHARE_WITH_ALL_CHILDREN BOOLEAN DEFAULT FALSE, + PRIMARY KEY (ID), + FOREIGN KEY (MAIN_APP_ID) REFERENCES SP_APP(UUID) ON DELETE CASCADE, + FOREIGN KEY (SHARED_APP_ID) REFERENCES SP_APP(UUID) ON DELETE CASCADE, + UNIQUE (MAIN_APP_ID, OWNER_ORG_ID, SHARED_ORG_ID), + UNIQUE (SHARED_APP_ID) +); + +CREATE TABLE IF NOT EXISTS API_RESOURCE ( + ID VARCHAR(255) NOT NULL PRIMARY KEY, + CURSOR_KEY INTEGER NOT NULL AUTO_INCREMENT, + NAME VARCHAR(255) NOT NULL, + IDENTIFIER VARCHAR(255) NOT NULL, + TENANT_ID INT NOT NULL, + DESCRIPTION VARCHAR(255), + TYPE VARCHAR(255) NOT NULL, + REQUIRES_AUTHORIZATION BOOLEAN NOT NULL, + CONSTRAINT IDENTIFIER_UNIQUE UNIQUE (IDENTIFIER, TENANT_ID) +); + +CREATE TABLE IF NOT EXISTS SCOPE ( + ID VARCHAR(255) NOT NULL PRIMARY KEY, + CURSOR_KEY INTEGER NOT NULL AUTO_INCREMENT, + API_ID VARCHAR(255) NOT NULL, + NAME VARCHAR(255) NOT NULL, + DISPLAY_NAME VARCHAR(255) NOT NULL, + DESCRIPTION VARCHAR(300), + TENANT_ID INT NOT NULL, + FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID) ON DELETE CASCADE, + CONSTRAINT SCOPE_UNIQUE UNIQUE (NAME, TENANT_ID) +); + +CREATE TABLE IF NOT EXISTS AUTHORIZED_API( + APP_ID VARCHAR(255) NOT NULL, + API_ID VARCHAR(255) NOT NULL, + POLICY_ID VARCHAR(255) NOT NULL, + PRIMARY KEY (APP_ID, API_ID), + FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID) ON DELETE CASCADE, + FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID) ON DELETE CASCADE +); + +CREATE TABLE IF NOT EXISTS AUTHORIZED_SCOPE( + APP_ID VARCHAR(255) NOT NULL, + API_ID VARCHAR(255) NOT NULL, + SCOPE_NAME VARCHAR(255) NOT NULL, + TENANT_ID INT NOT NULL, + FOREIGN KEY (SCOPE_NAME, TENANT_ID) REFERENCES SCOPE(NAME, TENANT_ID) ON DELETE CASCADE, + FOREIGN KEY (API_ID, APP_ID) REFERENCES AUTHORIZED_API(API_ID, APP_ID) ON DELETE CASCADE, + CONSTRAINT AUTHORIZED_SCOPE_UNIQUE UNIQUE (APP_ID, SCOPE_NAME) +); + -- --------------------------- INDEX CREATION ----------------------------- -- IDN_OAUTH2_ACCESS_TOKEN -- CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED); diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/resources/testng.xml b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/resources/testng.xml index cc86528658ac..b0b7234962c4 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/resources/testng.xml +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/resources/testng.xml @@ -22,6 +22,7 @@ + diff --git a/features/application-mgt/org.wso2.carbon.identity.application.mgt.server.feature/pom.xml b/features/application-mgt/org.wso2.carbon.identity.application.mgt.server.feature/pom.xml index 0681cb9f1d86..213ef9198bc6 100644 --- a/features/application-mgt/org.wso2.carbon.identity.application.mgt.server.feature/pom.xml +++ b/features/application-mgt/org.wso2.carbon.identity.application.mgt.server.feature/pom.xml @@ -36,6 +36,10 @@ org.wso2.carbon.identity.framework org.wso2.carbon.identity.application.mgt + + org.wso2.carbon.identity.framework + org.wso2.carbon.identity.api.resource.mgt + @@ -69,6 +73,7 @@ org.wso2.carbon.security.mgt.server:compatible:${identity.framework.version} org.wso2.carbon.idp.mgt.server:compatible:${identity.framework.version} org.wso2.carbon.identity.core.server:compatible:${identity.framework.version} + org.wso2.carbon.identity.api.resource.mgt.server:compatible:${identity.framework.version} diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/db2.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/db2.sql index 6e302540cf6b..02da78b0bc44 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/db2.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/db2.sql @@ -1994,6 +1994,30 @@ CREATE TRIGGER SCOPE_TRIG NO CASCADE END / +CREATE TABLE AUTHORIZED_API ( + APP_ID CHAR(36) NOT NULL, + API_ID VARCHAR(255) NOT NULL, + POLICY_ID VARCHAR(255) NOT NULL, + PRIMARY KEY (APP_ID, API_ID), + FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID) ON DELETE CASCADE, + FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID) ON DELETE CASCADE +) +/ + +CREATE TABLE AUTHORIZED_SCOPE ( + SCOPE_NAME VARCHAR(255) NOT NULL, + API_ID VARCHAR(255) NOT NULL, + APP_ID CHAR(36) NOT NULL, + TENANT_ID INT NOT NULL, + CONSTRAINT PK_APP_API_SCOPE PRIMARY KEY (APP_ID, API_ID, SCOPE_NAME), + FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID), + FOREIGN KEY (SCOPE_NAME, TENANT_ID) REFERENCES SCOPE(NAME, TENANT_ID) ON DELETE CASCADE, + FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID), + FOREIGN KEY (APP_ID, API_ID) REFERENCES AUTHORIZED_API(APP_ID, API_ID) ON DELETE CASCADE, + CONSTRAINT AUTHORIZED_SCOPE_UNIQUE UNIQUE (APP_ID, SCOPE_NAME) +) +/ + -- --------------------------- INDEX CREATION ----------------------------- -- IDN_OAUTH2_ACCESS_TOKEN -- CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED) diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql index 6ccd13a0f329..c91ff312c085 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql @@ -1326,12 +1326,34 @@ CREATE TABLE IF NOT EXISTS SCOPE ( API_ID CHAR(36) NOT NULL, NAME VARCHAR(255) NOT NULL, DISPLAY_NAME VARCHAR(255) NOT NULL, - TENANT_ID INT NOT NULL, DESCRIPTION VARCHAR(300), + TENANT_ID INT NOT NULL, FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID) ON DELETE CASCADE, CONSTRAINT SCOPE_UNIQUE UNIQUE (NAME, TENANT_ID) ); +CREATE TABLE IF NOT EXISTS AUTHORIZED_API( + APP_ID CHAR(36) NOT NULL, + API_ID VARCHAR(255) NOT NULL, + POLICY_ID VARCHAR(255) NOT NULL, + CONSTRAINT PK_APP_API PRIMARY KEY (APP_ID, API_ID), + FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID) ON DELETE CASCADE, + FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID) ON DELETE CASCADE +); + +CREATE TABLE IF NOT EXISTS AUTHORIZED_SCOPE( + APP_ID CHAR(36) NOT NULL, + API_ID VARCHAR(255) NOT NULL, + SCOPE_NAME VARCHAR(255) NOT NULL, + TENANT_ID INT NOT NULL, + CONSTRAINT PK_APP_API_SCOPE PRIMARY KEY (APP_ID, API_ID, SCOPE_NAME), + FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID), + FOREIGN KEY (SCOPE_NAME, TENANT_ID) REFERENCES SCOPE(NAME, TENANT_ID) ON DELETE CASCADE, + FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID), + FOREIGN KEY (APP_ID, API_ID) REFERENCES AUTHORIZED_API(APP_ID, API_ID) ON DELETE CASCADE, + CONSTRAINT AUTHORIZED_SCOPE_UNIQUE UNIQUE (APP_ID, SCOPE_NAME) +); + -- --------------------------- INDEX CREATION ----------------------------- -- IDN_OAUTH2_ACCESS_TOKEN -- CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED); diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mssql.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mssql.sql index 11b54601eb9e..9fae6f5534a4 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mssql.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mssql.sql @@ -1476,6 +1476,30 @@ CREATE TABLE SCOPE ( CONSTRAINT SCOPE_UNIQUE UNIQUE (NAME, TENANT_ID) ); +IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[AUTHORIZED_API]') AND TYPE IN (N'U')) +CREATE TABLE AUTHORIZED_API ( + APP_ID CHAR(36) NOT NULL, + API_ID VARCHAR(255) NOT NULL, + POLICY_ID VARCHAR(255) NOT NULL, + CONSTRAINT PK_APP_API PRIMARY KEY (APP_ID, API_ID), + FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID), + FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID) ON DELETE CASCADE +); + +IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[AUTHORIZED_SCOPE]') AND TYPE IN (N'U')) +CREATE TABLE AUTHORIZED_SCOPE ( + APP_ID CHAR(36) NOT NULL, + API_ID VARCHAR(255) NOT NULL, + SCOPE_NAME VARCHAR(255) NOT NULL, + TENANT_ID INT NOT NULL, + CONSTRAINT PK_APP_API_SCOPE PRIMARY KEY (APP_ID, API_ID, SCOPE_NAME), + FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID), + FOREIGN KEY (SCOPE_NAME, TENANT_ID) REFERENCES SCOPE(NAME, TENANT_ID) ON DELETE CASCADE, + FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID), + FOREIGN KEY (APP_ID, API_ID) REFERENCES AUTHORIZED_API(APP_ID, API_ID) ON DELETE CASCADE, + CONSTRAINT AUTHORIZED_SCOPE_UNIQUE UNIQUE (APP_ID, SCOPE_NAME) +); + -- --------------------------- INDEX CREATION ----------------------------- -- IDN_OAUTH2_ACCESS_TOKEN -- CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED); @@ -1598,3 +1622,8 @@ GO CREATE TRIGGER SP_APP_DELETE_TRIGGER ON SP_APP INSTEAD OF DELETE AS BEGIN DELETE FROM SP_SHARED_APP WHERE MAIN_APP_ID IN (SELECT UUID FROM deleted) DELETE FROM SP_SHARED_APP WHERE SHARED_APP_ID IN (SELECT UUID FROM deleted) DELETE FROM SP_APP WHERE UUID IN (SELECT UUID FROM deleted) END; GO + +-- Trigger AUTHORIZED_API delete by API_ID on API_RESOURCE deletion by ID -- +CREATE TRIGGER API_RESOURCE_DELETE_TRIGGER ON API_RESOURCE INSTEAD OF DELETE AS BEGIN DELETE FROM AUTHORIZED_API WHERE API_ID IN (SELECT ID FROM DELETED) DELETE FROM API_RESOURCE WHERE ID IN (SELECT ID FROM deleted) END; + +GO diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql-cluster.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql-cluster.sql index 91251e6b98f4..542eccbfaeaf 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql-cluster.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql-cluster.sql @@ -1503,6 +1503,28 @@ CREATE TABLE IF NOT EXISTS SCOPE ( CONSTRAINT SCOPE_UNIQUE UNIQUE (NAME, TENANT_ID) )ENGINE NDB; +CREATE TABLE IF NOT EXISTS AUTHORIZED_API ( + APP_ID CHAR(36) NOT NULL, + API_ID VARCHAR(255) NOT NULL, + POLICY_ID VARCHAR(255) NOT NULL, + CONSTRAINT PK_APP_API PRIMARY KEY (APP_ID, API_ID), + FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID) ON DELETE CASCADE, + FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID) ON DELETE CASCADE +)ENGINE NDB; + +CREATE TABLE IF NOT EXISTS AUTHORIZED_SCOPE ( + SCOPE_NAME VARCHAR(255) NOT NULL, + API_ID VARCHAR(255) NOT NULL, + APP_ID CHAR(36) NOT NULL, + TENANT_ID INT NOT NULL, + CONSTRAINT PK_APP_API_SCOPE PRIMARY KEY (APP_ID, API_ID, SCOPE_NAME), + FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID), + FOREIGN KEY (SCOPE_NAME, TENANT_ID) REFERENCES SCOPE(NAME, TENANT_ID) ON DELETE CASCADE, + FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID), + FOREIGN KEY (APP_ID, API_ID) REFERENCES AUTHORIZED_API(APP_ID, API_ID) ON DELETE CASCADE, + CONSTRAINT AUTHORIZED_SCOPE_UNIQUE UNIQUE (APP_ID, SCOPE_NAME) +)ENGINE NDB; + -- --------------------------- INDEX CREATION ----------------------------- -- IDN_OAUTH2_ACCESS_TOKEN -- CREATE INDEX IDX_TC diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql.sql index 7aa7788e8bb2..cadde9396f31 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql.sql @@ -1362,6 +1362,28 @@ CREATE TABLE IF NOT EXISTS SCOPE ( CONSTRAINT SCOPE_UNIQUE UNIQUE (NAME, TENANT_ID) )DEFAULT CHARACTER SET latin1 ENGINE INNODB; +CREATE TABLE IF NOT EXISTS AUTHORIZED_API ( + APP_ID CHAR(36) NOT NULL, + API_ID VARCHAR(255) NOT NULL, + POLICY_ID VARCHAR(255) NOT NULL, + CONSTRAINT PK_APP_API PRIMARY KEY (APP_ID, API_ID), + FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID) ON DELETE CASCADE, + FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID) ON DELETE CASCADE +)DEFAULT CHARACTER SET latin1 ENGINE INNODB; + +CREATE TABLE IF NOT EXISTS AUTHORIZED_SCOPE ( + SCOPE_NAME VARCHAR(255) NOT NULL, + API_ID VARCHAR(255) NOT NULL, + APP_ID CHAR(36) NOT NULL, + TENANT_ID INT NOT NULL, + CONSTRAINT PK_APP_API_SCOPE PRIMARY KEY (APP_ID, API_ID, SCOPE_NAME), + FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID), + FOREIGN KEY (SCOPE_NAME, TENANT_ID) REFERENCES SCOPE(NAME, TENANT_ID) ON DELETE CASCADE, + FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID), + FOREIGN KEY (APP_ID, API_ID) REFERENCES AUTHORIZED_API(APP_ID, API_ID) ON DELETE CASCADE, + CONSTRAINT AUTHORIZED_SCOPE_UNIQUE UNIQUE (APP_ID, SCOPE_NAME) +)DEFAULT CHARACTER SET latin1 ENGINE INNODB; + -- --------------------------- INDEX CREATION ----------------------------- -- IDN_OAUTH2_ACCESS_TOKEN -- CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED); diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/postgresql.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/postgresql.sql index d32ecd700677..b9aa5d1cf5c2 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/postgresql.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/postgresql.sql @@ -1565,7 +1565,7 @@ CREATE TABLE API_RESOURCE ( TENANT_ID INT NOT NULL, DESCRIPTION VARCHAR(255), TYPE VARCHAR(255) NOT NULL, - REQUIRES_AUTHORIZATION BOOLEAN NOT NULL DEFAULT 'true', + REQUIRES_AUTHORIZATION BOOLEAN NOT NULL, CONSTRAINT IDENTIFIER_UNIQUE UNIQUE (IDENTIFIER, TENANT_ID) ); @@ -1584,6 +1584,34 @@ CREATE TABLE SCOPE ( CONSTRAINT SCOPE_UNIQUE UNIQUE (NAME, TENANT_ID) ); +DROP TABLE IF EXISTS AUTHORIZED_API; +DROP SEQUENCE IF EXISTS AUTHORIZED_API_SEQ; +CREATE SEQUENCE AUTHORIZED_API_SEQ; +CREATE TABLE AUTHORIZED_API ( + APP_ID CHAR(36) NOT NULL, + API_ID VARCHAR(255) NOT NULL, + POLICY_ID VARCHAR(255) NOT NULL, + PRIMARY KEY (APP_ID, API_ID), + FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID) ON DELETE CASCADE, + FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID) ON DELETE CASCADE +); + +DROP TABLE IF EXISTS AUTHORIZED_SCOPE; +DROP SEQUENCE IF EXISTS AUTHORIZED_SCOPE_SEQ; +CREATE SEQUENCE AUTHORIZED_SCOPE_SEQ; +CREATE TABLE AUTHORIZED_SCOPE ( + SCOPE_NAME VARCHAR(255) NOT NULL, + API_ID VARCHAR(255) NOT NULL, + APP_ID CHAR(36) NOT NULL, + TENANT_ID INT NOT NULL, + CONSTRAINT PK_APP_API_SCOPE PRIMARY KEY (APP_ID, API_ID, SCOPE_NAME), + FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID), + FOREIGN KEY (SCOPE_NAME, TENANT_ID) REFERENCES SCOPE(NAME, TENANT_ID) ON DELETE CASCADE, + FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID), + FOREIGN KEY (APP_ID, API_ID) REFERENCES AUTHORIZED_API(APP_ID, API_ID) ON DELETE CASCADE, + CONSTRAINT AUTHORIZED_SCOPE_UNIQUE UNIQUE (APP_ID, SCOPE_NAME) +); + -- --------------------------- INDEX CREATION ----------------------------- -- IDN_OAUTH2_ACCESS_TOKEN -- CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED); From 3dbf668e2add6684ffa40afe26e616fcf5ba82a2 Mon Sep 17 00:00:00 2001 From: Thamindu Aluthwala Date: Sat, 7 Oct 2023 15:28:44 +0530 Subject: [PATCH 2/3] Address comments --- .../common/model/AuthorizedAPI.java | 4 ++ .../mgt/AuthorizedAPIManagementService.java | 16 +++---- .../AuthorizedAPIManagementServiceImpl.java | 45 ++++++++++--------- .../application/mgt/dao/AuthorizedAPIDAO.java | 6 +-- .../mgt/dao/impl/AuthorizedAPIDAOImpl.java | 24 +++++----- ...ApplicationManagementServiceComponent.java | 8 +--- ...uthorizedAPIManagementServiceImplTest.java | 19 +++----- .../resources/dbscripts/db2.sql | 6 +-- .../resources/dbscripts/h2.sql | 4 +- .../resources/dbscripts/mssql.sql | 4 +- .../resources/dbscripts/mysql-cluster.sql | 6 +-- .../resources/dbscripts/mysql.sql | 6 +-- .../resources/dbscripts/postgresql.sql | 6 +-- 13 files changed, 74 insertions(+), 80 deletions(-) diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/AuthorizedAPI.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/AuthorizedAPI.java index 37aafcf12aec..d4a458a7d55b 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/AuthorizedAPI.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/AuthorizedAPI.java @@ -55,18 +55,22 @@ public String getAPIId() { } public String getAPIIdentifier() { + return apiIdentifier; } public void setAPIIdentifier(String apiIdentifier) { + this.apiIdentifier = apiIdentifier; } public String getAPIName() { + return apiName; } public void setAPIName(String apiName) { + this.apiName = apiName; } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementService.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementService.java index a55991678fc4..b79d515ad9ab 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementService.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementService.java @@ -41,14 +41,14 @@ public void addAuthorizedAPI(String applicationId, AuthorizedAPI authorizedAPI, throws IdentityApplicationManagementException; /** - * Delete authorized APIs from the application. + * Delete the authorized API from the application. * * @param appId Application ID. * @param apiId API ID. * @param tenantDomain Tenant Domain. - * @throws IdentityApplicationManagementException if an error occurs while deleting the authorized APIs. + * @throws IdentityApplicationManagementException if an error occurs while deleting the authorized API. */ - public void deleteAuthorizedAPIs(String appId, String apiId, String tenantDomain) + public void deleteAuthorizedAPI(String appId, String apiId, String tenantDomain) throws IdentityApplicationManagementException; /** @@ -63,17 +63,17 @@ public List getAuthorizedAPIs(String applicationId, String tenant throws IdentityApplicationManagementException; /** - * Patch authorized APIs of the application. + * Patch the authorized API of the application. * * @param appId Application ID. * @param apiId API ID. * @param addedScopes Added scopes. * @param removedScopes Removed scopes. * @param tenantDomain Tenant Domain. - * @throws IdentityApplicationManagementException if an error occurs while patching the authorized APIs. + * @throws IdentityApplicationManagementException if an error occurs while patching the authorized API. */ - public void patchAuthorizedAPIs(String appId, String apiId, List addedScopes, - List removedScopes, String tenantDomain) + public void patchAuthorizedAPI(String appId, String apiId, List addedScopes, + List removedScopes, String tenantDomain) throws IdentityApplicationManagementException; /** @@ -87,7 +87,7 @@ public List getAuthorizedScopes(String appId, String tenantDom throws IdentityApplicationManagementException; /** - * Get authorized API of the application by ID. + * Get an authorized API of the application by ID. * * @param appId Application ID. * @param apiId API Resource ID. diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementServiceImpl.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementServiceImpl.java index f07a34ca0c02..580571841fa1 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementServiceImpl.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementServiceImpl.java @@ -18,6 +18,7 @@ package org.wso2.carbon.identity.application.mgt; +import org.apache.commons.lang.StringUtils; import org.wso2.carbon.identity.api.resource.mgt.APIResourceMgtException; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementClientException; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; @@ -52,7 +53,7 @@ public void addAuthorizedAPI(String applicationId, AuthorizedAPI authorizedAPI, // Check if the application is a main application. If not, throw a client error. ApplicationManagementService applicationManagementService = ApplicationManagementServiceImpl.getInstance(); String mainAppId = applicationManagementService.getMainAppId(applicationId); - if (mainAppId != null) { + if (StringUtils.isNotBlank(mainAppId)) { throw buildClientException(INVALID_REQUEST, "Cannot add authorized APIs to a shared application."); } authorizedAPIDAO.addAuthorizedAPI(applicationId, authorizedAPI.getAPIId(), @@ -60,11 +61,10 @@ public void addAuthorizedAPI(String applicationId, AuthorizedAPI authorizedAPI, } @Override - public void deleteAuthorizedAPIs(String appId, String apiId, String tenantDomain) + public void deleteAuthorizedAPI(String appId, String apiId, String tenantDomain) throws IdentityApplicationManagementException { - - authorizedAPIDAO.deleteAuthorizedAPIs(appId, apiId, IdentityTenantUtil.getTenantId(tenantDomain)); + authorizedAPIDAO.deleteAuthorizedAPI(appId, apiId, IdentityTenantUtil.getTenantId(tenantDomain)); } @Override @@ -75,41 +75,43 @@ public List getAuthorizedAPIs(String applicationId, String tenant // Check if the application is a main application else get the main application id and main tenant id. ApplicationManagementService applicationManagementService = ApplicationManagementServiceImpl.getInstance(); String mainAppId = applicationManagementService.getMainAppId(applicationId); - if (mainAppId != null) { + if (StringUtils.isNotBlank(mainAppId)) { applicationId = mainAppId; int tenantId = applicationManagementService.getTenantIdByApp(mainAppId); tenantDomain = IdentityTenantUtil.getTenantDomain(tenantId); } - List authorizedAPIS = authorizedAPIDAO.getAuthorizedAPIs(applicationId, + List authorizedAPIs = authorizedAPIDAO.getAuthorizedAPIs(applicationId, IdentityTenantUtil.getTenantId(tenantDomain)); - for (AuthorizedAPI authorizedAPI : authorizedAPIS) { - // Get API resource data from DB. + for (AuthorizedAPI authorizedAPI : authorizedAPIs) { + // Get API resource data from OSGi service. APIResource apiResource = ApplicationManagementServiceComponentHolder.getInstance() .getAPIResourceManager().getAPIResourceById(authorizedAPI.getAPIId(), tenantDomain); authorizedAPI.setAPIIdentifier(apiResource.getIdentifier()); authorizedAPI.setAPIName(apiResource.getName()); - // Get Scope data from DB. + // Get Scope data from OSGi service. List scopeList = new ArrayList<>(); - for (Scope scope : authorizedAPI.getScopes()) { - Scope scopeFromDB = ApplicationManagementServiceComponentHolder.getInstance() - .getAPIResourceManager().getScopeByName(scope.getName(), tenantDomain); - scopeList.add(scopeFromDB); + if (authorizedAPI.getScopes() != null) { + for (Scope scope : authorizedAPI.getScopes()) { + Scope scopeWithMetadata = ApplicationManagementServiceComponentHolder.getInstance() + .getAPIResourceManager().getScopeByName(scope.getName(), tenantDomain); + scopeList.add(scopeWithMetadata); + } } authorizedAPI.setScopes(scopeList); } - return authorizedAPIS; + return authorizedAPIs; } catch (APIResourceMgtException e) { throw buildServerException("Error while retrieving authorized APIs.", e); } } @Override - public void patchAuthorizedAPIs(String appId, String apiId, List addedScopes, - List removedScopes, String tenantDomain) + public void patchAuthorizedAPI(String appId, String apiId, List addedScopes, + List removedScopes, String tenantDomain) throws IdentityApplicationManagementException { - authorizedAPIDAO.patchAuthorizedAPIs(appId, apiId, addedScopes, removedScopes, + authorizedAPIDAO.patchAuthorizedAPI(appId, apiId, addedScopes, removedScopes, IdentityTenantUtil.getTenantId(tenantDomain)); } @@ -151,12 +153,12 @@ public AuthorizedAPI getAuthorizedAPI(String appId, String apiId, String tenantD .getAPIResourceManager().getAPIResourceById(authorizedAPI.getAPIId(), tenantDomain); authorizedAPI.setAPIIdentifier(apiResource.getIdentifier()); authorizedAPI.setAPIName(apiResource.getName()); - // Get Scope data from DB. + // Get Scope data from OSGi service. List scopeList = new ArrayList<>(); for (Scope scope : authorizedAPI.getScopes()) { - Scope scopeFromDB = ApplicationManagementServiceComponentHolder.getInstance() + Scope scopeWithMetadata = ApplicationManagementServiceComponentHolder.getInstance() .getAPIResourceManager().getScopeByName(scope.getName(), tenantDomain); - scopeList.add(scopeFromDB); + scopeList.add(scopeWithMetadata); } authorizedAPI.setScopes(scopeList); return authorizedAPI; @@ -171,8 +173,7 @@ private IdentityApplicationManagementClientException buildClientException( return new IdentityApplicationManagementClientException(errorMessage.getCode(), message); } - private IdentityApplicationManagementServerException buildServerException(String message, - Throwable ex) { + private IdentityApplicationManagementServerException buildServerException(String message, Throwable ex) { return new IdentityApplicationManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), message, ex); } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/AuthorizedAPIDAO.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/AuthorizedAPIDAO.java index 283b74708efa..101b02d5eed9 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/AuthorizedAPIDAO.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/AuthorizedAPIDAO.java @@ -37,11 +37,11 @@ void addAuthorizedAPI(String applicationId, String apiId, String policyId, List< List getAuthorizedAPIs(String applicationId, int tenantId) throws IdentityApplicationManagementException; - void patchAuthorizedAPIs(String appId, String apiId, List addedScopes, - List removedScopes, int tenantId) + void patchAuthorizedAPI(String appId, String apiId, List addedScopes, + List removedScopes, int tenantId) throws IdentityApplicationManagementException; - void deleteAuthorizedAPIs(String appId, String apiId, int tenantId) + void deleteAuthorizedAPI(String appId, String apiId, int tenantId) throws IdentityApplicationManagementException; List getAuthorizedScopes(String applicationId, int tenantId) diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/AuthorizedAPIDAOImpl.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/AuthorizedAPIDAOImpl.java index 63425917b40f..3bdcd0f780d3 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/AuthorizedAPIDAOImpl.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/AuthorizedAPIDAOImpl.java @@ -18,6 +18,7 @@ package org.wso2.carbon.identity.application.mgt.dao.impl; +import org.apache.commons.collections.CollectionUtils; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; import org.wso2.carbon.identity.application.common.model.AuthorizedAPI; import org.wso2.carbon.identity.application.common.model.AuthorizedScopes; @@ -70,7 +71,7 @@ public void addAuthorizedAPI(String applicationId, String apiId, String policyId throw e; } } catch (SQLException e) { - throw new IdentityApplicationManagementException("Error while adding authorized API", e); + throw new IdentityApplicationManagementException("Error while adding authorized API.", e); } } @@ -108,19 +109,19 @@ public List getAuthorizedAPIs(String applicationId, int tenantId) } return authorizedAPIMap.values().isEmpty() ? new ArrayList<>() : new ArrayList<>(authorizedAPIMap.values()); } catch (SQLException e) { - throw new IdentityApplicationManagementException("Error while adding authorized API", e); + throw new IdentityApplicationManagementException("Error while fetching authorized API.", e); } } @Override - public void patchAuthorizedAPIs(String appId, String apiId, List addedScopes, - List removedScopes, int tenantId) + public void patchAuthorizedAPI(String appId, String apiId, List addedScopes, + List removedScopes, int tenantId) throws IdentityApplicationManagementException { try (Connection dbConnection = IdentityDatabaseUtil.getDBConnection(true)) { try { - if (addedScopes != null && !addedScopes.isEmpty()) { + if (CollectionUtils.isNotEmpty(addedScopes)) { PreparedStatement prepStmt = dbConnection.prepareStatement( ApplicationMgtDBQueries.ADD_AUTHORIZED_SCOPE); prepStmt.setString(1, appId); @@ -133,7 +134,7 @@ public void patchAuthorizedAPIs(String appId, String apiId, List addedSc prepStmt.executeBatch(); } - if (removedScopes != null && !removedScopes.isEmpty()) { + if (CollectionUtils.isNotEmpty(removedScopes)) { PreparedStatement prepStmt = dbConnection.prepareStatement( ApplicationMgtDBQueries.DELETE_AUTHORIZED_SCOPE); prepStmt.setString(1, appId); @@ -151,12 +152,12 @@ public void patchAuthorizedAPIs(String appId, String apiId, List addedSc throw e; } } catch (SQLException e) { - throw new IdentityApplicationManagementException("Error while adding authorized API", e); + throw new IdentityApplicationManagementException("Error while updating the authorized API.", e); } } @Override - public void deleteAuthorizedAPIs(String appId, String apiId, int tenantId) + public void deleteAuthorizedAPI(String appId, String apiId, int tenantId) throws IdentityApplicationManagementException { try (Connection dbConnection = IdentityDatabaseUtil.getDBConnection(false)) { @@ -166,7 +167,7 @@ public void deleteAuthorizedAPIs(String appId, String apiId, int tenantId) prepStmt.setString(2, apiId); prepStmt.execute(); } catch (SQLException e) { - throw new IdentityApplicationManagementException("Error while deleting authorized API", e); + throw new IdentityApplicationManagementException("Error while deleting the authorized API.", e); } } @@ -200,8 +201,7 @@ public List getAuthorizedScopes(String applicationId, int tena return authorizedScopesMap.values().isEmpty() ? new ArrayList<>() : new ArrayList<>(authorizedScopesMap.values()); } catch (SQLException e) { - throw new IdentityApplicationManagementException("Error while getting authorized scopes", e); - + throw new IdentityApplicationManagementException("Error while getting authorized scopes.", e); } } @@ -235,7 +235,7 @@ public AuthorizedAPI getAuthorizedAPI(String applicationId, String apiId, int te } return authorizedAPI; } catch (SQLException e) { - throw new IdentityApplicationManagementException("Error while getting authorized API", e); + throw new IdentityApplicationManagementException("Error while getting authorized API.", e); } } } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponent.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponent.java index 70414c9b2304..0fdcbc847df1 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponent.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponent.java @@ -496,17 +496,13 @@ protected void setAPIResourceManager(APIResourceManager apiResourceManager) { ApplicationManagementServiceComponentHolder.getInstance() .setAPIResourceManager(apiResourceManager); - if (log.isDebugEnabled()) { - log.debug("APIResourceManager set in to bundle"); - } + log.debug("APIResourceManager set in to bundle"); } protected void unsetAPIResourceManager(APIResourceManager apiResourceManager) { ApplicationManagementServiceComponentHolder.getInstance() .setAPIResourceManager(null); - if (log.isDebugEnabled()) { - log.debug("APIResourceManager unset in to bundle"); - } + log.debug("APIResourceManager unset in to bundle"); } } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementServiceImplTest.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementServiceImplTest.java index b89c426bb608..5efca35dc9ef 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementServiceImplTest.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/AuthorizedAPIManagementServiceImplTest.java @@ -20,7 +20,6 @@ import org.powermock.modules.testng.PowerMockTestCase; import org.testng.Assert; -import org.testng.annotations.AfterClass; import org.testng.annotations.BeforeClass; import org.testng.annotations.DataProvider; import org.testng.annotations.Test; @@ -95,12 +94,6 @@ public void setUp() throws Exception { tenantDomain = "test_tenant_domain"; } - @AfterClass - public void tearDown() throws Exception { - -// removeTestAPIResources(); - } - @DataProvider public Object[][] createAuthorizedAPIDataProvider() throws Exception { @@ -148,7 +141,7 @@ public Object[][] getAuthorizedAPIDataProvider() throws Exception { } @Test(dataProvider = "getAuthorizedAPIDataProvider", priority = 1) - public void testGetAuthorizedAPI(AuthorizedAPI authorizedAPI, int expectedScopes) + public void testGetAuthorizedAPI(AuthorizedAPI authorizedAPI, int expectedScopesCount) throws Exception { authorizedAPIManagementService.addAuthorizedAPI(authorizedAPI.getAppId(), authorizedAPI, tenantDomain); @@ -156,7 +149,7 @@ public void testGetAuthorizedAPI(AuthorizedAPI authorizedAPI, int expectedScopes authorizedAPI.getAPIId(), tenantDomain); Assert.assertNotNull(authzAPI); Assert.assertFalse(authzAPI.getScopes().isEmpty()); - Assert.assertEquals(authzAPI.getScopes().size(), expectedScopes); + Assert.assertEquals(authzAPI.getScopes().size(), expectedScopesCount); } @DataProvider @@ -188,17 +181,17 @@ public Object[][] updateAuthorizedAPIDataProvider() throws Exception { } @Test(dataProvider = "updateAuthorizedAPIDataProvider", priority = 2) - public void testUpdateAuthorizedAPI(AuthorizedAPI authorizedAPI, List newScopes, int expectedScopes) + public void testUpdateAuthorizedAPI(AuthorizedAPI authorizedAPI, List newScopes, int expectedScopesCount) throws Exception { authorizedAPIManagementService.addAuthorizedAPI(authorizedAPI.getAppId(), authorizedAPI, tenantDomain); - authorizedAPIManagementService.patchAuthorizedAPIs(authorizedAPI.getAppId(), + authorizedAPIManagementService.patchAuthorizedAPI(authorizedAPI.getAppId(), authorizedAPI.getAPIId(), newScopes, new ArrayList<>(), tenantDomain); AuthorizedAPI authzAPI = authorizedAPIManagementService.getAuthorizedAPI(authorizedAPI.getAppId(), authorizedAPI.getAPIId(), tenantDomain); Assert.assertNotNull(authzAPI); Assert.assertFalse(authzAPI.getScopes().isEmpty()); - Assert.assertEquals(authzAPI.getScopes().size(), expectedScopes); + Assert.assertEquals(authzAPI.getScopes().size(), expectedScopesCount); } @Test(priority = 3) @@ -244,7 +237,7 @@ public void testDeleteAuthorizedAPI() throws Exception { AuthorizedAPI authzAPI = authorizedAPIManagementService.getAuthorizedAPI(authorizedAPI.getAppId(), authorizedAPI.getAPIId(), tenantDomain); Assert.assertNotNull(authzAPI); - authorizedAPIManagementService.deleteAuthorizedAPIs(authorizedAPI.getAppId(), + authorizedAPIManagementService.deleteAuthorizedAPI(authorizedAPI.getAppId(), authorizedAPI.getAPIId(), tenantDomain); authzAPI = authorizedAPIManagementService.getAuthorizedAPI(authorizedAPI.getAppId(), authorizedAPI.getAPIId(), tenantDomain); diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/db2.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/db2.sql index 02da78b0bc44..df76e6054e2d 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/db2.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/db2.sql @@ -1996,7 +1996,7 @@ CREATE TRIGGER SCOPE_TRIG NO CASCADE CREATE TABLE AUTHORIZED_API ( APP_ID CHAR(36) NOT NULL, - API_ID VARCHAR(255) NOT NULL, + API_ID CHAR(36) NOT NULL, POLICY_ID VARCHAR(255) NOT NULL, PRIMARY KEY (APP_ID, API_ID), FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID) ON DELETE CASCADE, @@ -2005,9 +2005,9 @@ CREATE TABLE AUTHORIZED_API ( / CREATE TABLE AUTHORIZED_SCOPE ( - SCOPE_NAME VARCHAR(255) NOT NULL, - API_ID VARCHAR(255) NOT NULL, APP_ID CHAR(36) NOT NULL, + API_ID CHAR(36) NOT NULL, + SCOPE_NAME VARCHAR(255) NOT NULL, TENANT_ID INT NOT NULL, CONSTRAINT PK_APP_API_SCOPE PRIMARY KEY (APP_ID, API_ID, SCOPE_NAME), FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID), diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql index c91ff312c085..a3b3105b4583 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql @@ -1334,7 +1334,7 @@ CREATE TABLE IF NOT EXISTS SCOPE ( CREATE TABLE IF NOT EXISTS AUTHORIZED_API( APP_ID CHAR(36) NOT NULL, - API_ID VARCHAR(255) NOT NULL, + API_ID CHAR(36) NOT NULL, POLICY_ID VARCHAR(255) NOT NULL, CONSTRAINT PK_APP_API PRIMARY KEY (APP_ID, API_ID), FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID) ON DELETE CASCADE, @@ -1343,7 +1343,7 @@ CREATE TABLE IF NOT EXISTS AUTHORIZED_API( CREATE TABLE IF NOT EXISTS AUTHORIZED_SCOPE( APP_ID CHAR(36) NOT NULL, - API_ID VARCHAR(255) NOT NULL, + API_ID CHAR(36) NOT NULL, SCOPE_NAME VARCHAR(255) NOT NULL, TENANT_ID INT NOT NULL, CONSTRAINT PK_APP_API_SCOPE PRIMARY KEY (APP_ID, API_ID, SCOPE_NAME), diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mssql.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mssql.sql index 9fae6f5534a4..464221296ff5 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mssql.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mssql.sql @@ -1479,7 +1479,7 @@ CREATE TABLE SCOPE ( IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[AUTHORIZED_API]') AND TYPE IN (N'U')) CREATE TABLE AUTHORIZED_API ( APP_ID CHAR(36) NOT NULL, - API_ID VARCHAR(255) NOT NULL, + API_ID CHAR(36) NOT NULL, POLICY_ID VARCHAR(255) NOT NULL, CONSTRAINT PK_APP_API PRIMARY KEY (APP_ID, API_ID), FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID), @@ -1489,7 +1489,7 @@ CREATE TABLE AUTHORIZED_API ( IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[AUTHORIZED_SCOPE]') AND TYPE IN (N'U')) CREATE TABLE AUTHORIZED_SCOPE ( APP_ID CHAR(36) NOT NULL, - API_ID VARCHAR(255) NOT NULL, + API_ID CHAR(36) NOT NULL, SCOPE_NAME VARCHAR(255) NOT NULL, TENANT_ID INT NOT NULL, CONSTRAINT PK_APP_API_SCOPE PRIMARY KEY (APP_ID, API_ID, SCOPE_NAME), diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql-cluster.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql-cluster.sql index 542eccbfaeaf..7d779f2171c4 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql-cluster.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql-cluster.sql @@ -1505,7 +1505,7 @@ CREATE TABLE IF NOT EXISTS SCOPE ( CREATE TABLE IF NOT EXISTS AUTHORIZED_API ( APP_ID CHAR(36) NOT NULL, - API_ID VARCHAR(255) NOT NULL, + API_ID CHAR(36) NOT NULL, POLICY_ID VARCHAR(255) NOT NULL, CONSTRAINT PK_APP_API PRIMARY KEY (APP_ID, API_ID), FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID) ON DELETE CASCADE, @@ -1513,9 +1513,9 @@ CREATE TABLE IF NOT EXISTS AUTHORIZED_API ( )ENGINE NDB; CREATE TABLE IF NOT EXISTS AUTHORIZED_SCOPE ( - SCOPE_NAME VARCHAR(255) NOT NULL, - API_ID VARCHAR(255) NOT NULL, APP_ID CHAR(36) NOT NULL, + API_ID CHAR(36) NOT NULL, + SCOPE_NAME VARCHAR(255) NOT NULL, TENANT_ID INT NOT NULL, CONSTRAINT PK_APP_API_SCOPE PRIMARY KEY (APP_ID, API_ID, SCOPE_NAME), FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID), diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql.sql index cadde9396f31..0db3c3a3eca5 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql.sql @@ -1364,7 +1364,7 @@ CREATE TABLE IF NOT EXISTS SCOPE ( CREATE TABLE IF NOT EXISTS AUTHORIZED_API ( APP_ID CHAR(36) NOT NULL, - API_ID VARCHAR(255) NOT NULL, + API_ID CHAR(36) NOT NULL, POLICY_ID VARCHAR(255) NOT NULL, CONSTRAINT PK_APP_API PRIMARY KEY (APP_ID, API_ID), FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID) ON DELETE CASCADE, @@ -1372,9 +1372,9 @@ CREATE TABLE IF NOT EXISTS AUTHORIZED_API ( )DEFAULT CHARACTER SET latin1 ENGINE INNODB; CREATE TABLE IF NOT EXISTS AUTHORIZED_SCOPE ( - SCOPE_NAME VARCHAR(255) NOT NULL, - API_ID VARCHAR(255) NOT NULL, APP_ID CHAR(36) NOT NULL, + API_ID CHAR(36) NOT NULL, + SCOPE_NAME VARCHAR(255) NOT NULL, TENANT_ID INT NOT NULL, CONSTRAINT PK_APP_API_SCOPE PRIMARY KEY (APP_ID, API_ID, SCOPE_NAME), FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID), diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/postgresql.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/postgresql.sql index b9aa5d1cf5c2..bc28eabc70d4 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/postgresql.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/postgresql.sql @@ -1589,7 +1589,7 @@ DROP SEQUENCE IF EXISTS AUTHORIZED_API_SEQ; CREATE SEQUENCE AUTHORIZED_API_SEQ; CREATE TABLE AUTHORIZED_API ( APP_ID CHAR(36) NOT NULL, - API_ID VARCHAR(255) NOT NULL, + API_ID CHAR(36) NOT NULL, POLICY_ID VARCHAR(255) NOT NULL, PRIMARY KEY (APP_ID, API_ID), FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID) ON DELETE CASCADE, @@ -1600,9 +1600,9 @@ DROP TABLE IF EXISTS AUTHORIZED_SCOPE; DROP SEQUENCE IF EXISTS AUTHORIZED_SCOPE_SEQ; CREATE SEQUENCE AUTHORIZED_SCOPE_SEQ; CREATE TABLE AUTHORIZED_SCOPE ( - SCOPE_NAME VARCHAR(255) NOT NULL, - API_ID VARCHAR(255) NOT NULL, APP_ID CHAR(36) NOT NULL, + API_ID CHAR(36) NOT NULL, + SCOPE_NAME VARCHAR(255) NOT NULL, TENANT_ID INT NOT NULL, CONSTRAINT PK_APP_API_SCOPE PRIMARY KEY (APP_ID, API_ID, SCOPE_NAME), FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID), From 76ab0928cd11882dc966ae47bc16913806385f83 Mon Sep 17 00:00:00 2001 From: Thamindu Aluthwala Date: Mon, 9 Oct 2023 09:10:16 +0530 Subject: [PATCH 3/3] Revert sql change --- .../resources/dbscripts/h2.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql index a3b3105b4583..63f574deb9c8 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql @@ -1326,8 +1326,8 @@ CREATE TABLE IF NOT EXISTS SCOPE ( API_ID CHAR(36) NOT NULL, NAME VARCHAR(255) NOT NULL, DISPLAY_NAME VARCHAR(255) NOT NULL, - DESCRIPTION VARCHAR(300), TENANT_ID INT NOT NULL, + DESCRIPTION VARCHAR(300), FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID) ON DELETE CASCADE, CONSTRAINT SCOPE_UNIQUE UNIQUE (NAME, TENANT_ID) );