Prgrammatically Control WSO2 Registry Resources' Permission

1. Open $EMM_Home/repository/conf/cartbon.xml and change the value of HideAdminServiceWSDLs to false
2. Start the WSO2 EMM
3. You can check the ResourceAdminService wsdl file by browsing https://<host>:9443/services/ResourceAdminService?wsdl
4. Create a new soap project in the SoapUI using the ResourceAdminService.wsdl
5. Send a changeRolePermissions request. Sample Soap request will be looks as follows

   <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://services.resource.registry.carbon.wso2.org">
      <soapenv:Header/>
      <soapenv:Body>
         <ser:changeRolePermissions>
            <ser:resourcePath>/_system/governance/mobileapps/admin/android/TestApp</ser:resourcePath>
           <ser:permissionsInput>internal/everyone:ra^true:wa^true:da^true:aa^true|internal/private_admin:ra^true</ser:permissionsInput>
         </ser:changeRolePermissions>
      </soapenv:Body>
   </soapenv:Envelope>
   

In the request

• resourcePath should be the registry resource that you want to manipulate
• permissionsInput must be in following format

  roleName:<permission_id>^true:<permission_id>^true:...:<permission_id>^true|roleName2:<permission_id>^true:<permission_id>^true|roleName3:<permission_id>^true
  

Permission can be as follows

Permission	Permission ID
Allow Read	ra
Deny Read	rd
Allow Write	wa
Deny Write	wd
Allow Delete	da
Deny Delete	dd
Allow Authorize	aa
Deny Authorize	ad

For example

internal/everyone:ra^true:wa^true:da^true:aa^true|internal/private_admin:ra^true:wd^true:dd^true:ad^true

This will allow read/write/delete/authorize permissions to the internal/everyone role and only read permission to internal/private_admin. Write/Delete/Authorize permissions of the internal/private_admin will be set to deny.

Note that if you don't specifically set all 4 permission, then the missing permission will be reset.

You can create a simple client using the ResourceAdminService wsdl and programmatically manipulate the permission.

WSO2 Carbon Extension Points - Tomcat Extensions

Valves

A Valve element represents a component that will be inserted into the request processing pipeline for the associated Catalina container (Engine, Host, or Context). Individual Valves have distinct processing capabilities. Simply a valves provide a way of inserting custom functionality within the Tomcat request/response stream.
In WSO2 products users can either extend Tomcat generic org.apache.catalina.valve.ValveBase abstract class or carbon specific org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve in order to create a custom valve.
You can refer to Tomcat Valve documentation  for further info regarding the Tomcat specific valve implementation https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html

Sample Valve

 public class CarbonSimpleValve extends ValveBase {  
   public CarbonSimpleValve() {  
     //enable async support  
     super(true);  
   }  
   @Override  
   public void invoke(Request request, Response response) throws IOException, ServletException {  
     //valve specific logic    
   }  
 }  

You can refer to the following valves in the carbon kernel to get a better idea

• org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve
• org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve
• org.wso2.carbon.tomcat.ext.valves.SecureTheWorldValve
• org.wso2.carbon.tomcat.ext.valves.CarbonTomcatSessionReplicationValve
• org.wso2.carbon.webapp.mgt.GhostWebappDeployerValve
• org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve

If you extend CarbonTomcatValve and implement your own Valve you need to add that to the Valve pipe using the TomcatValveContainer. You can refer to how the GhostWebappValve and TenantLazyLoaderValve added in the WebappManagementServiceComponent

If you extend the ValveBase then the valve need to be added to the Engine, Host or to the Context.

e.g. Adding a Host level valve in the $PRODUCT_HOME/repository/conf/tomcat/catalina-server.xml

 <Server>  
  <Service>  
    <Engine>  
     <Host>  
       …..  
       <Valve className="org.wso2.carbon.sample.CarbonSimpleValve"/>  
       …..  
     </Host>  
    </Engine>  
  </Service>  
 </Server>  

Filters

A filter is an object that performs filtering tasks on either the request to a resource (a servlet or static content), or on the response from a resource, or both. Filters perform filtering in the doFilter method. Every Filter has access to a FilterConfig object from which it can obtain its initialization parameters, a reference to the ServletContext.

Sample Filter

 public class MyFilter implements Filter {  
  public void init(FilterConfig filterConfig) throws ServletException {  
  }  
  public void destroy() {  
  }  
  public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)  
   throws IOException, ServletException {  
  servletResponse.setContentType("text/html");  
  //Pre filter logic  
  filterChain.doFilter(servletRequest, servletResponse);  
                //post filter logic  
  }  
 }  

This filter can be defined in the web.xml in order to use this. e,g. in the $Product_Home/repository/conf/tomcat/web.xml for product wide filter or you can use the web.xml in your application.

 <?xml version="1.0" encoding="ISO-8859-1"?>  
 <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
  xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">  
  <filter>  
  <filter-name>MyFilter</filter-name>  
  <filter-class>MyFilter</filter-class>  
  <init-param>  
   <param-name>my-param</param-name>  
   <param-value>my-param-value</param-value>  
  </init-param>  
  </filter>  
  <filter-mapping>  
  <filter-name>MyFilter</filter-name>  
  <url-pattern>/*</url-pattern>  
  </filter-mapping>  
 </web-app>  

You can refer to following filters in the carbon kernel for more implementation details.

• org.wso2.carbon.ui.filters.CSRFPreventionFilter
• org.wso2.carbon.ui.filters.CRLFPreventionFilter
• org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter

WSO2 Carbon Kernel 5.0.0 - Alpha Released

WSO2 Carbon Kernel 5.0.0 - Alpha Released !

We are pleased to announce the alpha release of WSO2 Carbon Kernel 5.0.0. It is now available to download from here. The source and tag location for this release are available here.

WSO2 Carbon Kernel 5.0.0 is the core of the next-generation WSO2 Carbon platform. We have completely rearchitected Carbon Kernel from the ground up with the latest technologies and patterns. Additionally, the Carbon Kernel is now a lightweight, general-purpose OSGi runtime specializing in hosting servers, providing key functionality for server developers. The result is a streamlined and even more powerful middleware platform than ever before.

The alpha release of the WSO2 Carbon Kernel 5.0.0 includes the following key features. For further details please see the documentation.

Key Features

• Transport Management Framework
• Logging Framework with Log4j 2.0 as the Backend
• Carbon Startup Order Resolver
• Dropins Support for OSGi Ready Bundles
• Jar to Bundle Conversion Tool
• Pluggable Runtime Support

Fixed Issues

• WSO2 Carbon Kernel 5.0.0 - Fixed Issues

Known Issues

• WSO2 Carbon Kernel 5.0.0 - Known Issues

How To Contribute

You can find more instructions on how to contribute on our documentation site.

If you have any suggestions or are interested in Carbon Kernel 5.0.0 discussions, you can join the dev@wso2.org or architecture@wso2.org mailing lists.

Reporting Issues

We encourage you to report issues, documentation errors regarding WSO2 Carbon Kernel 5.0.0 through the public issue tracking system.

Thanks,

WSO2 Carbon Team