Example 96 with Roles
use of org.wso2.carbon.identity.api.server.idp.v1.model.Roles in project identity-inbound-auth-oauth by wso2-extensions.
the class JDBCScopeValidator method getUserRoles.
private String[] getUserRoles(AuthenticatedUser user) throws UserStoreException {
UserStoreManager userStoreManager;
String[] userRoles;
boolean tenantFlowStarted = false;
RealmService realmService = OAuthComponentServiceHolder.getInstance().getRealmService();
int tenantId = getTenantId(user);
try {
if (tenantId != MultitenantConstants.SUPER_TENANT_ID) {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(realmService.getTenantManager().getDomain(tenantId), true);
tenantFlowStarted = true;
}
userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager();
userRoles = userStoreManager.getRoleListOfUser(MultitenantUtils.getTenantAwareUsername(user.toFullQualifiedUsername()));
} finally {
if (tenantFlowStarted) {
PrivilegedCarbonContext.endTenantFlow();
}
}
if (ArrayUtils.isNotEmpty(userRoles)) {
if (log.isDebugEnabled()) {
String logMessage = "Found roles of user " + user.getLoggableUserId() + " " + String.join(",", userRoles);
log.debug(logMessage);
}
}
return userRoles;
}
Also used :
RealmService(org.wso2.carbon.user.core.service.RealmService)
UserStoreManager(org.wso2.carbon.user.api.UserStoreManager)
Example 97 with Roles
use of org.wso2.carbon.identity.api.server.idp.v1.model.Roles in project identity-governance by wso2-extensions.
the class UserSelfRegistrationHandler method handleEvent.
@Override
public void handleEvent(Event event) throws IdentityEventException {
Map<String, Object> eventProperties = event.getEventProperties();
String userName = (String) eventProperties.get(IdentityEventConstants.EventProperty.USER_NAME);
UserStoreManager userStoreManager = (UserStoreManager) eventProperties.get(IdentityEventConstants.EventProperty.USER_STORE_MANAGER);
String tenantDomain = (String) eventProperties.get(IdentityEventConstants.EventProperty.TENANT_DOMAIN);
String domainName = userStoreManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
String[] roleList = (String[]) eventProperties.get(IdentityEventConstants.EventProperty.ROLE_LIST);
User user = new User();
user.setUserName(userName);
user.setTenantDomain(tenantDomain);
user.setUserStoreDomain(domainName);
boolean enable = Boolean.parseBoolean(Utils.getConnectorConfig(IdentityRecoveryConstants.ConnectorConfig.ENABLE_SELF_SIGNUP, user.getTenantDomain()));
if (!enable) {
if (log.isDebugEnabled()) {
log.debug("Self signup feature is disabled in tenant: " + tenantDomain);
}
return;
}
// Check selfSignupRole is in the request. If it is not there, this handler will not do anything. just retrun
if (roleList == null) {
return;
} else {
List<String> roles = Arrays.asList(roleList);
if (!roles.contains(IdentityRecoveryConstants.SELF_SIGNUP_ROLE)) {
return;
}
}
boolean isAccountLockOnCreation = Boolean.parseBoolean(Utils.getConnectorConfig(IdentityRecoveryConstants.ConnectorConfig.ACCOUNT_LOCK_ON_CREATION, user.getTenantDomain()));
boolean isEnableConfirmationOnCreation = Boolean.parseBoolean(Utils.getConnectorConfig(IdentityRecoveryConstants.ConnectorConfig.SEND_CONFIRMATION_NOTIFICATION, user.getTenantDomain()));
boolean isNotificationInternallyManage = Boolean.parseBoolean(Utils.getConnectorConfig(IdentityRecoveryConstants.ConnectorConfig.SIGN_UP_NOTIFICATION_INTERNALLY_MANAGE, user.getTenantDomain()));
if (IdentityEventConstants.Event.POST_ADD_USER.equals(event.getEventName())) {
UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
try {
// Get the user preferred notification channel.
String preferredChannel = resolveNotificationChannel(eventProperties, userName, tenantDomain, domainName);
// If the preferred channel is already verified, no need to send the notifications or lock
// the account.
boolean notificationChannelVerified = isNotificationChannelVerified(userName, tenantDomain, preferredChannel, eventProperties);
if (notificationChannelVerified) {
return;
}
boolean isSelfRegistrationConfirmationNotify = Boolean.parseBoolean(Utils.getSignUpConfigs(IdentityRecoveryConstants.ConnectorConfig.SELF_REGISTRATION_NOTIFY_ACCOUNT_CONFIRMATION, user.getTenantDomain()));
// EnableConfirmationOnCreation are disabled then send account creation notification.
if (!isAccountLockOnCreation && !isEnableConfirmationOnCreation && isNotificationInternallyManage && isSelfRegistrationConfirmationNotify) {
triggerAccountCreationNotification(user);
}
// If notifications are externally managed, no send notifications.
if ((isAccountLockOnCreation || isEnableConfirmationOnCreation) && isNotificationInternallyManage) {
userRecoveryDataStore.invalidate(user);
// Create a secret key based on the preferred notification channel.
String secretKey = generateSecretKey(preferredChannel);
// Resolve event name.
String eventName = resolveEventName(preferredChannel, userName, domainName, tenantDomain);
UserRecoveryData recoveryDataDO = new UserRecoveryData(user, secretKey, RecoveryScenarios.SELF_SIGN_UP, RecoverySteps.CONFIRM_SIGN_UP);
// Notified channel is stored in remaining setIds for recovery purposes.
recoveryDataDO.setRemainingSetIds(preferredChannel);
userRecoveryDataStore.store(recoveryDataDO);
triggerNotification(user, preferredChannel, secretKey, Utils.getArbitraryProperties(), eventName);
}
} catch (IdentityRecoveryException e) {
throw new IdentityEventException("Error while sending self sign up notification ", e);
}
if (isAccountLockOnCreation || isEnableConfirmationOnCreation) {
HashMap<String, String> userClaims = new HashMap<>();
if (isAccountLockOnCreation) {
// Need to lock user account.
userClaims.put(IdentityRecoveryConstants.ACCOUNT_LOCKED_CLAIM, Boolean.TRUE.toString());
userClaims.put(IdentityRecoveryConstants.ACCOUNT_LOCKED_REASON_CLAIM, IdentityMgtConstants.LockedReason.PENDING_SELF_REGISTRATION.toString());
}
if (Utils.isAccountStateClaimExisting(tenantDomain)) {
userClaims.put(IdentityRecoveryConstants.ACCOUNT_STATE_CLAIM_URI, IdentityRecoveryConstants.PENDING_SELF_REGISTRATION);
}
try {
userStoreManager.setUserClaimValues(user.getUserName(), userClaims, null);
if (log.isDebugEnabled()) {
if (isAccountLockOnCreation) {
log.debug("Locked user account: " + user.getUserName());
}
if (isEnableConfirmationOnCreation) {
log.debug("Send verification notification for user account: " + user.getUserName());
}
}
} catch (UserStoreException e) {
throw new IdentityEventException("Error while lock user account :" + user.getUserName(), e);
}
}
}
}
Also used :
User(org.wso2.carbon.identity.application.common.model.User)
IdentityEventException(org.wso2.carbon.identity.event.IdentityEventException)
HashMap(java.util.HashMap)
UserStoreManager(org.wso2.carbon.user.core.UserStoreManager)
UserRecoveryData(org.wso2.carbon.identity.recovery.model.UserRecoveryData)
UserRecoveryDataStore(org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore)
UserStoreException(org.wso2.carbon.user.core.UserStoreException)
IdentityRecoveryException(org.wso2.carbon.identity.recovery.IdentityRecoveryException)
Example 98 with Roles
use of org.wso2.carbon.identity.api.server.idp.v1.model.Roles in project identity-governance by wso2-extensions.
the class UserAccountRecoveryManager method createRequiredChannelClaimsList.
/**
* Create required claim list from the attributes in the Notification channel list. The required claims will be
* used to get user's attributes.
*
* @return Required claims list.
*/
private String[] createRequiredChannelClaimsList() {
List<String> requiredClaims = new ArrayList<>();
for (NotificationChannels channel : notificationChannels) {
requiredClaims.add(channel.getClaimUri());
requiredClaims.add(channel.getVerifiedClaimUrl());
}
requiredClaims.add(IdentityRecoveryConstants.PREFERRED_CHANNEL_CLAIM);
// Get the list of roles that the user has since the channel selection criteria changes with the availability
// of INTERNAL/selfsignup role.
requiredClaims.add(IdentityRecoveryConstants.USER_ROLES_CLAIM);
return requiredClaims.toArray(new String[0]);
}
Also used :
NotificationChannels(org.wso2.carbon.identity.governance.service.notification.NotificationChannels)
ArrayList(java.util.ArrayList)
Example 99 with Roles
use of org.wso2.carbon.identity.api.server.idp.v1.model.Roles in project product-is by wso2.
the class ApplicationManagementTestCase method testUpdateRoles.
@Test(alwaysRun = true, description = "Testing update Roles")
public void testUpdateRoles() {
String applicationName = "TestServiceProvider";
try {
ServiceProvider serviceProvider = applicationManagementServiceClient.getApplication(applicationName);
PermissionsAndRoleConfig permAndRoleConfig = new PermissionsAndRoleConfig();
List<RoleMapping> roleMappingList = new ArrayList<RoleMapping>();
RoleMapping mapping = new RoleMapping();
LocalRole localRole = new LocalRole();
localRole.setLocalRoleName("idpRole_1");
mapping.setLocalRole(localRole);
mapping.setRemoteRole("spRole_1");
roleMappingList.add(mapping);
permAndRoleConfig.setRoleMappings(roleMappingList.toArray(new RoleMapping[roleMappingList.size()]));
serviceProvider.setPermissionAndRoleConfig(permAndRoleConfig);
applicationManagementServiceClient.updateApplicationData(serviceProvider);
ServiceProvider updatedServiceProvider = applicationManagementServiceClient.getApplication(applicationName);
PermissionsAndRoleConfig updatedPermissionsAndRoleConfig = updatedServiceProvider.getPermissionAndRoleConfig();
Assert.assertEquals(updatedPermissionsAndRoleConfig.getRoleMappings()[0].getLocalRole().getLocalRoleName(), "idpRole_1", "Failed update local role");
Assert.assertEquals(updatedPermissionsAndRoleConfig.getRoleMappings()[0].getRemoteRole(), "spRole_1", "Failed update remote role");
} catch (Exception e) {
Assert.fail("Error while trying to update Roles", e);
}
}
Also used :
ServiceProvider(org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider)
ArrayList(java.util.ArrayList)
ISIntegrationTest(org.wso2.identity.integration.common.utils.ISIntegrationTest)
Example 100 with Roles
use of org.wso2.carbon.identity.api.server.idp.v1.model.Roles in project product-is by wso2.
the class UserManagementClient method roleNameExists.
public boolean roleNameExists(String roleName) throws RemoteException, UserAdminUserAdminException {
FlaggedName[] roles;
roles = userAdminStub.getAllRolesNames(roleName, LIMIT);
for (FlaggedName role : roles) {
if (role.getItemName().equals(roleName)) {
log.info("Role name " + roleName + " already exists");
return true;
}
}
return false;
}
Also used :
FlaggedName(org.wso2.carbon.user.mgt.stub.types.carbon.FlaggedName)
Aggregations
ArrayList (java.util.ArrayList)72
HashMap (java.util.HashMap)60
Test (org.testng.annotations.Test)36
UserStoreException (org.wso2.carbon.user.api.UserStoreException)36
SQLException (java.sql.SQLException)27
HashSet (java.util.HashSet)26
Map (java.util.Map)25
Connection (java.sql.Connection)23
APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)23
PreparedStatement (java.sql.PreparedStatement)21
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)20
APIMgtDAOException (org.wso2.carbon.apimgt.core.exception.APIMgtDAOException)18
JSONObject (org.json.simple.JSONObject)17
UserStoreException (org.wso2.carbon.user.core.UserStoreException)17
RoleBasicInfo (org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)16
UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)16
RealmService (org.wso2.carbon.user.core.service.RealmService)15
API (org.wso2.carbon.apimgt.core.models.API)14
RoleMapping (org.wso2.carbon.identity.application.common.model.RoleMapping)14
AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)14
