Register and authorize system apis

components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/pom.xml

@@ -39,6 +39,10 @@
             <groupId>org.apache.felix</groupId>
             <artifactId>org.apache.felix.scr.ds-annotations</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.framework</groupId>
+            <artifactId>org.wso2.carbon.identity.core</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity.organization.management.core</groupId>
             <artifactId>org.wso2.carbon.identity.organization.management.service</artifactId>
@@ -107,35 +111,32 @@
                             org.wso2.carbon.identity.api.resource.mgt.*; version="${carbon.identity.package.export.version}"
                         </Export-Package>
                         <Import-Package>
-                            org.osgi.framework;version="${osgi.framework.imp.pkg.version.range}",
-                            org.osgi.service.component; version="${osgi.service.component.imp.pkg.version.range}",
-                            javax.sql,
+                            javax.xml.namespace,
+                            javax.xml.stream,
+                            org.apache.axiom.om; version="${axiom.osgi.version.range}",
+                            org.apache.axiom.om.impl.builder; version="${axiom.osgi.version.range}",
                             org.apache.commons.collections; version="${commons-collections.wso2.osgi.version.range}",
+                            org.apache.commons.io; version="${commons.io.wso2.osgi.version.range}",
                             org.apache.commons.lang; version="${commons-lang.wso2.osgi.version.range}",
                             org.apache.commons.logging; version="${import.package.version.commons.logging}",
-                            org.wso2.carbon.context; version="${carbon.kernel.package.import.version.range}",
-                            org.wso2.carbon.database.utils.jdbc;
-                            version="${org.wso2.carbon.database.utils.version.range}",
-                            org.wso2.carbon.database.utils.jdbc.exceptions;
-                            version="${org.wso2.carbon.database.utils.version.range}",
+                            org.osgi.framework; version="${osgi.framework.imp.pkg.version.range}",
+                            org.osgi.service.component; version="${osgi.service.component.imp.pkg.version.range}",
                             org.wso2.carbon.identity.application.common.model;
                             version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.base; version="${carbon.identity.package.import.version.range}",
-                            org.wso2.carbon.identity.core.cache;
-                            version="${carbon.identity.package.import.version.range}",
-                            org.wso2.carbon.identity.core.model;
-                            version="${carbon.identity.package.import.version.range}",
-                            org.wso2.carbon.identity.core.util;
-                            version="${carbon.identity.package.import.version.range}",
-                            org.wso2.carbon.user.api; version="${carbon.user.api.imp.pkg.version.range}",
-                            org.wso2.carbon.user.core.util; version="${carbon.kernel.package.import.version.range}",
-                            org.wso2.carbon.utils; version="${carbon.kernel.package.import.version.range}",
+                            org.wso2.carbon.identity.core; version="${carbon.identity.package.import.version.range}",
+                            org.wso2.carbon.identity.core.cache; version="${carbon.identity.package.import.version.range}",
+                            org.wso2.carbon.identity.core.model; version="${carbon.identity.package.import.version.range}",
+                            org.wso2.carbon.identity.core.util; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.organization.management.service;
                             version="${org.wso2.carbon.identity.organization.management.core.version.range}",
                             org.wso2.carbon.identity.organization.management.service.exception;
                             version="${org.wso2.carbon.identity.organization.management.core.version.range}",
                             org.wso2.carbon.identity.organization.management.service.util;
                             version="${org.wso2.carbon.identity.organization.management.core.version.range}",
+                            org.wso2.carbon.stratos.common.*; version="${carbon.commons.imp.pkg.version}",
+                            org.wso2.carbon.user.core.service; version="${carbon.kernel.package.import.version.range}",
+                            org.wso2.carbon.utils; version="${carbon.kernel.package.import.version.range}",
                         </Import-Package>
                     </instructions>
                 </configuration>

components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/constant/APIResourceManagementConstants.java

@@ -30,6 +30,9 @@ public class APIResourceManagementConstants {
     public static final String NAME = "name";
     public static final String IDENTIFIER = "identifier";
     public static final String TYPE = "type";
+    public static final String RBAC_AUTHORIZATION = "RBAC";
+    public static final String ASC = "asc";
+    public static final String SYSTEM_API_FILTER = "type eq SYSTEM";
     public static final String BEFORE = "before";
     public static final String AFTER = "after";
     public static final String EQ = "eq";
@@ -58,6 +61,22 @@ public class APIResourceManagementConstants {
         scopeAttributeColumnMap.put(NAME, SQLConstants.NAME_COLUMN_NAME);
     }
 
+    /**
+     * API resource configuration builder constants.
+     */
+    public static class APIResourceConfigBuilderConstants {
+
+        public static final String API_RESOURCE_ELEMENT = "APIResource";
+        public static final String SCOPES_ELEMENT = "Scopes";
+        public static final String SCOPE_ELEMENT = "Scope";
+        public static final String NAME = "name";
+        public static final String IDENTIFIER = "identifier";
+        public static final String DISPLAY_NAME = "displayName";
+        public static final String DESCRIPTION = "description";
+        public static final String REQUIRES_AUTHORIZATION = "requiresAuthorization";
+        public static final String SYSTEM_TYPE = "SYSTEM";
+    }
+
     /**
      * Error messages.
      */

components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/dao/impl/APIResourceManagementDAOImpl.java

@@ -565,12 +565,15 @@ private static APIResource getApiResource(ResultSet resultSet) throws SQLExcepti
                         .tenantId(resultSet.getInt(SQLConstants.API_RESOURCE_TENANT_ID_COLUMN_NAME));
                 apiResource = apiResourceBuilder.build();
             }
-            Scope.ScopeBuilder scopeBuilder = new Scope.ScopeBuilder()
-                    .id(resultSet.getString(SQLConstants.SCOPE_ID_COLUMN_NAME))
-                    .name(resultSet.getString(SQLConstants.SCOPE_QUALIFIED_NAME_COLUMN_NAME))
-                    .displayName(resultSet.getString(SQLConstants.SCOPE_DISPLAY_NAME_COLUMN_NAME))
-                    .description(resultSet.getString(SQLConstants.SCOPE_DESCRIPTION_COLUMN_NAME));
-            scopes.add(scopeBuilder.build());
+            String scopeName = resultSet.getString(SQLConstants.SCOPE_QUALIFIED_NAME_COLUMN_NAME);
+            if (scopeName != null) {
+                Scope.ScopeBuilder scopeBuilder = new Scope.ScopeBuilder()
+                        .id(resultSet.getString(SQLConstants.SCOPE_ID_COLUMN_NAME))
+                        .name(scopeName)
+                        .displayName(resultSet.getString(SQLConstants.SCOPE_DISPLAY_NAME_COLUMN_NAME))
+                        .description(resultSet.getString(SQLConstants.SCOPE_DESCRIPTION_COLUMN_NAME));
+                scopes.add(scopeBuilder.build());
+            }
         }
         if (apiResource != null) {
             apiResource.setScopes(scopes);

components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/internal/APIResourceManagementServiceComponent.java

@@ -25,8 +25,20 @@
 import org.osgi.service.component.annotations.Activate;
 import org.osgi.service.component.annotations.Component;
 import org.osgi.service.component.annotations.Deactivate;
+import org.osgi.service.component.annotations.Reference;
+import org.osgi.service.component.annotations.ReferenceCardinality;
+import org.osgi.service.component.annotations.ReferencePolicy;
 import org.wso2.carbon.identity.api.resource.mgt.APIResourceManager;
 import org.wso2.carbon.identity.api.resource.mgt.APIResourceManagerImpl;
+import org.wso2.carbon.identity.api.resource.mgt.APIResourceMgtException;
+import org.wso2.carbon.identity.api.resource.mgt.constant.APIResourceManagementConstants;
+import org.wso2.carbon.identity.api.resource.mgt.listener.APIResourceManagementListener;
+import org.wso2.carbon.identity.api.resource.mgt.model.APIResourceSearchResult;
+import org.wso2.carbon.identity.api.resource.mgt.util.APIResourceManagementUtil;
+import org.wso2.carbon.identity.core.util.IdentityCoreInitializedEvent;
+import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
+import org.wso2.carbon.stratos.common.listeners.TenantMgtListener;
+import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
 
 /**
  * Service component for the API resource management.
@@ -45,6 +57,10 @@ protected void activate(ComponentContext context) {
         try {
             BundleContext bundleCtx = context.getBundleContext();
             bundleCtx.registerService(APIResourceManager.class, APIResourceManagerImpl.getInstance(), null);
+            bundleCtx.registerService(TenantMgtListener.class, new APIResourceManagementListener(),
+                    null);
+            // Register system APIs in the super tenant.
+            registerSystemAPIsInSuperTenant();
             LOG.debug("API resource management bundle is activated");
         } catch (Throwable e) {
             LOG.error("Error while initializing API resource management component.", e);
@@ -62,4 +78,53 @@ protected void deactivate(ComponentContext context) {
             LOG.error("Error while deactivating API resource management component.", e);
         }
     }
+
+    @Reference(
+            name = "identityCoreInitializedEventService",
+            service = IdentityCoreInitializedEvent.class,
+            cardinality = ReferenceCardinality.MANDATORY,
+            policy = ReferencePolicy.DYNAMIC,
+            unbind = "unsetIdentityCoreInitializedEventService"
+    )
+    protected void setIdentityCoreInitializedEventService(IdentityCoreInitializedEvent identityCoreInitializedEvent) {
+        /* reference IdentityCoreInitializedEvent service to guarantee that this component will wait until identity core
+         is started */
+    }
+
+    protected void unsetIdentityCoreInitializedEventService(IdentityCoreInitializedEvent identityCoreInitializedEvent) {
+        /* reference IdentityCoreInitializedEvent service to guarantee that this component will wait until identity core
+         is started */
+    }
+
+    @Reference(
+            name = "organization.service",
+            service = OrganizationManager.class,
+            cardinality = ReferenceCardinality.MANDATORY,
+            policy = ReferencePolicy.DYNAMIC,
+            unbind = "unsetOrganizationManager"
+    )
+    protected void setOrganizationManager(OrganizationManager organizationManager) {
+        /* reference Organization Management service to guarantee that this component will wait until organization
+        management service is started */
+    }
+
+    protected void unsetOrganizationManager(OrganizationManager organizationManager) {
+        /* reference Organization Management service to guarantee that this component will wait until organization
+        management service is started */
+    }
+
+    private void registerSystemAPIsInSuperTenant() {
+
+        String tenantDomain = MultitenantConstants.SUPER_TENANT_DOMAIN_NAME;
+        try {
+            APIResourceSearchResult systemAPIResources = APIResourceManagerImpl.getInstance()
+                    .getAPIResources(null, null, 1, APIResourceManagementConstants.SYSTEM_API_FILTER,
+                            APIResourceManagementConstants.ASC, tenantDomain);
+            if (systemAPIResources.getTotalCount() == 0) {
+                APIResourceManagementUtil.addSystemAPIs(tenantDomain);
+            }
+        } catch (APIResourceMgtException e) {
+            LOG.error("Error while registering system API resources in the tenant: " + tenantDomain);
+        }
+    }
 }

components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/internal/APIResourceManagementServiceComponentHolder.java

@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.resource.mgt.internal;
+
+import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
+import org.wso2.carbon.user.core.service.RealmService;
+
+/**
+ * API Resource Management Service Component Holder class.
+ */
+public class APIResourceManagementServiceComponentHolder {
+
+    private static APIResourceManagementServiceComponentHolder instance = new
+            APIResourceManagementServiceComponentHolder();
+
+    private OrganizationManager organizationManager;
+    private RealmService realmService;
+
+    public static APIResourceManagementServiceComponentHolder getInstance() {
+
+        return instance;
+    }
+
+    public OrganizationManager getOrganizationManager() {
+
+        return organizationManager;
+    }
+
+    public void setOrganizationManager(OrganizationManager organizationManager) {
+
+        this.organizationManager = organizationManager;
+    }
+
+    public RealmService getRealmService() {
+
+        return realmService;
+    }
+
+    public void setRealmService(RealmService realmService) {
+
+        this.realmService = realmService;
+    }
+}

components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/listener/APIResourceManagementListener.java

@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.resource.mgt.listener;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.identity.api.resource.mgt.APIResourceManager;
+import org.wso2.carbon.identity.api.resource.mgt.APIResourceManagerImpl;
+import org.wso2.carbon.identity.api.resource.mgt.util.APIResourceManagementUtil;
+import org.wso2.carbon.identity.core.AbstractIdentityTenantMgtListener;
+import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
+import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil;
+import org.wso2.carbon.stratos.common.beans.TenantInfoBean;
+
+/**
+ * APIResourceManagementListener class.
+ */
+public class APIResourceManagementListener extends AbstractIdentityTenantMgtListener {
+
+    private final APIResourceManager apiResourceManager = APIResourceManagerImpl.getInstance();
+
+    private static final Log LOG = LogFactory.getLog(APIResourceManagementListener.class);
+
+    @Override
+    public void onTenantCreate(TenantInfoBean tenantInfo) {
+
+        if (!isEnable()) {
+            LOG.debug("API resource management related APIResourceManagementListener is not enabled.");
+            return;
+        }
+
+        int tenantId = tenantInfo.getTenantId();
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("API resource management related APIResourceManagementListener fired for tenant " +
+                    "creation for Tenant ID: " + tenantId);
+        }
+
+        try {
+            if (OrganizationManagementUtil.isOrganization(tenantId)) {
+                return;
+            }
+            APIResourceManagementUtil.addSystemAPIs(tenantInfo.getTenantDomain());
+        } catch (OrganizationManagementException e) {
+            LOG.error("Error while registering system API resources in tenant: " + tenantInfo.getTenantDomain());
+        }
+    }
+}