Examples with User org.wso2.broker.core.security.authentication.user.User used on opensource projects

Example 11 with User

use of org.wso2.broker.core.security.authentication.user.User in project carbon-apimgt by wso2.

the class APIExecutor method execute.

/**
 * This method will be called when the invoke() method of the default lifecycle implementation is called.
 * Execution logic should reside in this method since the default lifecycle implementation will determine
 * the execution output by looking at the output of this method.
 *
 * @param resource     The resource in which the lifecycle state is changed.
 * @param currentState Current lifecycle state.
 * @param targetState  The target lifecycle state.
 * @throws LifecycleException If exception occurs while running the executor.
 */
@Override
public void execute(Object resource, String currentState, String targetState) throws LifecycleException {
    API api = (API) resource;
    if (!currentState.equals(targetState)) {
        // todo:This place need to write how to handle Gateway publishing
        try {
            ApiDAO apiDAO = DAOFactory.getApiDAO();
            apiDAO.changeLifeCycleStatus(api.getId(), targetState);
        } catch (APIMgtDAOException e) {
            throw new LifecycleException("Couldn't create APIPublisher from user", e);
        }
    }
}

Example 12 with User

use of org.wso2.broker.core.security.authentication.user.User in project carbon-apimgt by wso2.

the class BrokerManager method loadUsers.

/**
 * Loads the users from users.yaml during broker startup
 */
private static void loadUsers() throws ConfigurationException {
    Path usersYamlFile;
    String usersFilePath = System.getProperty(BrokerSecurityConstants.SYSTEM_PARAM_USERS_CONFIG);
    if (usersFilePath == null || usersFilePath.trim().isEmpty()) {
        // use current path.
        usersYamlFile = Paths.get("", BrokerSecurityConstants.USERS_FILE_NAME).toAbsolutePath();
    } else {
        usersYamlFile = Paths.get(usersFilePath).toAbsolutePath();
    }
    ConfigProvider configProvider = ConfigProviderFactory.getConfigProvider(usersYamlFile, null);
    UsersFile usersFile = configProvider.getConfigurationObject(BrokerSecurityConstants.USERS_CONFIG_NAMESPACE, UsersFile.class);
    if (usersFile != null) {
        List<User> users = usersFile.getUsers();
        for (User user : users) {
            UserStoreManager.addUser(user);
        }
    }
}

Example 13 with User

use of org.wso2.broker.core.security.authentication.user.User in project carbon-apimgt by wso2.

the class RestCallUtilImpl method rsaSignedFetchUserRequest.

/**
 * {@inheritDoc}
 */
@Override
public HttpResponse rsaSignedFetchUserRequest(URI uri, String username, String userTenantDomain, String rsaSignedToken, MediaType acceptContentType) throws APIManagementException {
    if (uri == null) {
        throw new IllegalArgumentException("The URI must not be null");
    }
    if (username == null) {
        throw new IllegalArgumentException("UserName must not be null");
    }
    if (userTenantDomain == null) {
        throw new IllegalArgumentException("User tenant domain must not be null");
    }
    if (rsaSignedToken == null) {
        throw new IllegalArgumentException("RSA signed token must not be null");
    }
    HttpURLConnection httpConnection = null;
    try {
        JSONObject loginInfoJsonObj = new JSONObject();
        loginInfoJsonObj.put(APIMgtConstants.FunctionsConstants.USERNAME, username);
        loginInfoJsonObj.put(APIMgtConstants.FunctionsConstants.USER_TENANT_DOMAIN, userTenantDomain);
        httpConnection = (HttpURLConnection) uri.toURL().openConnection();
        httpConnection.setRequestMethod(APIMgtConstants.FunctionsConstants.POST);
        httpConnection.setRequestProperty(APIMgtConstants.FunctionsConstants.CONTENT_TYPE, MediaType.APPLICATION_JSON);
        httpConnection.setDoOutput(true);
        httpConnection.setRequestProperty(APIMgtConstants.FunctionsConstants.RSA_SIGNED_TOKEN, rsaSignedToken);
        if (acceptContentType != null) {
            httpConnection.setRequestProperty(APIMgtConstants.FunctionsConstants.ACCEPT, acceptContentType.toString());
        }
        OutputStream outputStream = httpConnection.getOutputStream();
        outputStream.write(loginInfoJsonObj.toString().getBytes(StandardCharsets.UTF_8));
        outputStream.flush();
        outputStream.close();
        return getResponse(httpConnection);
    } catch (IOException e) {
        throw new APIManagementException("Connection not established properly ", e);
    } finally {
        if (httpConnection != null) {
            httpConnection.disconnect();
        }
    }
}

Example 14 with User

use of org.wso2.broker.core.security.authentication.user.User in project carbon-apimgt by wso2.

the class ApiDAOImplIT method testGetAPIsWhenUserRolesInAPIPermissionsWithoutREAD.

@Test(description = "Tests getting the APIs when the user roles are contained in the API permission list " + "but without READ permissions")
public void testGetAPIsWhenUserRolesInAPIPermissionsWithoutREAD() throws Exception {
    ApiDAO apiDAO = DAOFactory.getApiDAO();
    Set<String> rolesOfUser = new HashSet<>();
    rolesOfUser.add(SampleTestObjectCreator.DEVELOPER_ROLE_ID);
    // This user is not the provider of the API
    List<API> apiList = apiDAO.getAPIs(rolesOfUser, ALTERNATIVE_USER);
    Assert.assertTrue(apiList.isEmpty());
    Map map = new HashMap();
    map.put(SampleTestObjectCreator.DEVELOPER_ROLE_ID, 0);
    API.APIBuilder builder = SampleTestObjectCreator.createDefaultAPI().permissionMap(map);
    API api1 = builder.build();
    testAddGetEndpoint();
    apiDAO.addAPI(api1);
    apiList = apiDAO.getAPIs(rolesOfUser, ALTERNATIVE_USER);
    // Since the API has the role ID of the user but without READ permissions, it is not visible to this user
    Assert.assertTrue(apiList.size() == 0);
}

Example 15 with User

use of org.wso2.broker.core.security.authentication.user.User in project carbon-apimgt by wso2.

the class ApiDAOImplIT method testGetAPIsWithUserRoles.

@Test(description = "Tests getting the APIs when the user has roles assigned")
public void testGetAPIsWithUserRoles() throws Exception {
    ApiDAO apiDAO = DAOFactory.getApiDAO();
    Set<String> rolesOfUser = new HashSet<>();
    rolesOfUser.add(SampleTestObjectCreator.ADMIN_ROLE_ID);
    List<API> apiList = apiDAO.getAPIs(rolesOfUser, ADMIN);
    Assert.assertTrue(apiList.isEmpty());
    API.APIBuilder builder = SampleTestObjectCreator.createDefaultAPI();
    API api1 = builder.build();
    testAddGetEndpoint();
    apiDAO.addAPI(api1);
    builder = SampleTestObjectCreator.createAlternativeAPI();
    API api2 = builder.build();
    apiDAO.addAPI(api2);
    apiList = apiDAO.getAPIs(rolesOfUser, ADMIN);
    List<API> expectedAPIs = new ArrayList<>();
    expectedAPIs.add(SampleTestObjectCreator.copyAPISummary(api1));
    expectedAPIs.add(SampleTestObjectCreator.copyAPISummary(api2));
    Assert.assertTrue(apiList.size() == 2);
    Assert.assertTrue(APIUtils.isListsEqualIgnoreOrder(apiList, expectedAPIs, new APIComparator()), TestUtil.printDiff(apiList, expectedAPIs));
}