Example 16 with Roles
use of org.wso2.carbon.identity.api.server.idp.v1.model.Roles in project carbon-apimgt by wso2.
the class APIStoreImpl method searchCompositeAPIs.
@Override
public List<CompositeAPI> searchCompositeAPIs(String query, int offset, int limit) throws APIManagementException {
List<CompositeAPI> apiResults;
// this should be current logged in user
String user = getUsername();
// role list of current user
Set<String> roles = APIUtils.getAllRolesOfUser(user);
try {
if (query != null && !query.isEmpty()) {
apiResults = getApiDAO().searchCompositeAPIs(roles, user, query, offset, limit);
} else {
apiResults = getApiDAO().getCompositeAPIs(roles, user, offset, limit);
}
} catch (APIMgtDAOException e) {
String errorMsg = "Error occurred while updating searching APIs - " + query;
log.error(errorMsg, e);
throw new APIManagementException(errorMsg, e, e.getErrorHandler());
}
return apiResults;
}
Also used :
APIMgtDAOException(org.wso2.carbon.apimgt.core.exception.APIMgtDAOException)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
CompositeAPI(org.wso2.carbon.apimgt.core.models.CompositeAPI)
Example 17 with Roles
use of org.wso2.carbon.identity.api.server.idp.v1.model.Roles in project carbon-apimgt by wso2.
the class DefaultIdentityProviderImplTestCase method testGetRoleIdsOfUser.
@Test
public void testGetRoleIdsOfUser() throws Exception {
SCIMServiceStub scimServiceStub = Mockito.mock(SCIMServiceStub.class);
UserNameMapper userNameMapper = Mockito.mock(UserNameMapperImpl.class);
DefaultIdentityProviderImpl idpImpl = new DefaultIdentityProviderImpl(scimServiceStub, userNameMapper);
String validUserId = "a42b4760-120d-432e-8042-4a7f12e3346c";
String roleName1 = "subscriber";
String roleId1 = "fb5aaf9c-1fdf-4b2d-86bc-6e3203b99618";
String roleName2 = "manager";
String roleId2 = "097435bc-c460-402b-9137-8ab65fd28c3e";
String roleName3 = "engineer";
String roleId3 = "ac093278-9343-466c-8a71-af47921a575b";
List<String> roleIds = new ArrayList<>();
roleIds.add(roleId1);
roleIds.add(roleId2);
roleIds.add(roleId3);
String successResponseBody = "{\"emails\":[{\"type\":\"home\",\"value\":\"john_home.com\"},{\"type\":\"work\"" + ",\"value\":\"john_work.com\"}],\"meta\":{\"created\":\"2017-06-02T10:12:26\",\"location\":" + "\"https://localhost:9443/wso2/scim/Users/" + validUserId + "\",\"lastModified\":" + "\"2017-06-02T10:12:26\"},\"schemas\":[\"urn:scim:schemas:core:1.0\"],\"name\":{\"familyName\":" + "\"Smith\",\"givenName\":\"John\"},\"groups\":[{\"display\":\"" + roleName1 + "\",\"value\":\"" + roleId1 + "\"},{\"display\":\"" + roleName2 + "\",\"value\":\"" + roleId2 + "\"},{\"display\":\"" + roleName3 + "\",\"value\":\"" + roleId3 + "\"}],\"id\":\"" + validUserId + "\",\"userName\":" + "\"John\"}";
Response successfulResponse = Response.builder().status(APIMgtConstants.HTTPStatusCodes.SC_200_OK).headers(new HashMap<>()).body(successResponseBody.getBytes()).build();
Mockito.when(scimServiceStub.getUser(validUserId)).thenReturn(successfulResponse);
List<String> roles = idpImpl.getRoleIdsOfUser(validUserId);
Assert.assertEquals(roleIds.size(), roles.size());
roles.forEach(roleId -> Assert.assertTrue(roleIds.contains(roleId)));
// Error case - When response is null
String invalidUserIdResponseNull = "invalidUserId_Response_Null";
Mockito.when(scimServiceStub.getUser(invalidUserIdResponseNull)).thenReturn(null);
try {
idpImpl.getRoleIdsOfUser(invalidUserIdResponseNull);
} catch (IdentityProviderException ex) {
Assert.assertEquals(ex.getMessage(), "Error occurred while retrieving user with Id " + invalidUserIdResponseNull + ". Error : Response is null.");
}
// Error case - When the request did not return a 200 OK response
String invalidUserIdNot200OK = "invalidUserId_Not_200_OK";
String errorResponseBody = "{\"Errors\":[{\"code\":\"404\",\"description\":\"User not found in the user " + "store.\"}]}";
Response errorResponse = Response.builder().status(APIMgtConstants.HTTPStatusCodes.SC_404_NOT_FOUND).headers(new HashMap<>()).body(errorResponseBody.getBytes()).build();
Mockito.when(scimServiceStub.getUser(invalidUserIdNot200OK)).thenReturn(errorResponse);
try {
idpImpl.getRoleIdsOfUser(invalidUserIdNot200OK);
} catch (IdentityProviderException ex) {
Assert.assertEquals(ex.getMessage(), "Error occurred while retrieving role Ids of user with Id " + invalidUserIdNot200OK + ". Error : User not found in the user store.");
}
// Error case - When response body is empty
String invalidUserIdResponseEmpty = "invalidUserId_Response_Empty";
Response emptyResponse = Response.builder().status(APIMgtConstants.HTTPStatusCodes.SC_200_OK).headers(new HashMap<>()).body("".getBytes()).build();
Mockito.when(scimServiceStub.getUser(invalidUserIdResponseEmpty)).thenReturn(emptyResponse);
try {
idpImpl.getRoleIdsOfUser(invalidUserIdResponseEmpty);
} catch (IdentityProviderException ex) {
Assert.assertEquals(ex.getMessage(), "Error occurred while retrieving user with user Id " + invalidUserIdResponseEmpty + " from SCIM endpoint. Response body is null or empty.");
}
}
Also used :
Response(feign.Response)
UserNameMapper(org.wso2.carbon.apimgt.core.api.UserNameMapper)
ArrayList(java.util.ArrayList)
SCIMServiceStub(org.wso2.carbon.apimgt.core.auth.SCIMServiceStub)
IdentityProviderException(org.wso2.carbon.apimgt.core.exception.IdentityProviderException)
Test(org.testng.annotations.Test)
Example 18 with Roles
use of org.wso2.carbon.identity.api.server.idp.v1.model.Roles in project carbon-apimgt by wso2.
the class RegistryPersistenceImpl method updateAPI.
@SuppressWarnings("unchecked")
@Override
public PublisherAPI updateAPI(Organization org, PublisherAPI publisherAPI) throws APIPersistenceException {
API api = APIMapper.INSTANCE.toApi(publisherAPI);
boolean transactionCommitted = false;
boolean tenantFlowStarted = false;
Registry registry = null;
try {
RegistryHolder holder = getRegistry(org.getName());
registry = holder.getRegistry();
tenantFlowStarted = holder.isTenantFlowStarted();
registry.beginTransaction();
String apiArtifactId = registry.get(RegistryPersistenceUtil.getAPIPath(api.getId())).getUUID();
GenericArtifactManager artifactManager = RegistryPersistenceUtil.getArtifactManager(registry, APIConstants.API_KEY);
if (artifactManager == null) {
String errorMessage = "Artifact manager is null when updating API artifact ID " + api.getId();
log.error(errorMessage);
throw new APIPersistenceException(errorMessage);
}
GenericArtifact artifact = getAPIArtifact(apiArtifactId, registry);
boolean isSecured = Boolean.parseBoolean(artifact.getAttribute(APIConstants.API_OVERVIEW_ENDPOINT_SECURED));
boolean isDigestSecured = Boolean.parseBoolean(artifact.getAttribute(APIConstants.API_OVERVIEW_ENDPOINT_AUTH_DIGEST));
String userName = artifact.getAttribute(APIConstants.API_OVERVIEW_ENDPOINT_USERNAME);
String password = artifact.getAttribute(APIConstants.API_OVERVIEW_ENDPOINT_PASSWORD);
if (!isSecured && !isDigestSecured && userName != null) {
api.setEndpointUTUsername(userName);
api.setEndpointUTPassword(password);
}
String oldStatus = artifact.getAttribute(APIConstants.API_OVERVIEW_STATUS);
Resource apiResource = registry.get(artifact.getPath());
String oldAccessControlRoles = api.getAccessControlRoles();
if (apiResource != null) {
oldAccessControlRoles = registry.get(artifact.getPath()).getProperty(APIConstants.PUBLISHER_ROLES);
}
GenericArtifact updateApiArtifact = RegistryPersistenceUtil.createAPIArtifactContent(artifact, api);
String artifactPath = GovernanceUtils.getArtifactPath(registry, updateApiArtifact.getId());
org.wso2.carbon.registry.core.Tag[] oldTags = registry.getTags(artifactPath);
if (oldTags != null) {
for (org.wso2.carbon.registry.core.Tag tag : oldTags) {
registry.removeTag(artifactPath, tag.getTagName());
}
}
Set<String> tagSet = api.getTags();
if (tagSet != null) {
for (String tag : tagSet) {
registry.applyTag(artifactPath, tag);
}
}
artifactManager.updateGenericArtifact(updateApiArtifact);
// write API Status to a separate property. This is done to support querying APIs using custom query (SQL)
// to gain performance
// String apiStatus = api.getStatus().toUpperCase();
// saveAPIStatus(artifactPath, apiStatus);
String[] visibleRoles = new String[0];
String publisherAccessControlRoles = api.getAccessControlRoles();
updateRegistryResources(registry, artifactPath, publisherAccessControlRoles, api.getAccessControl(), api.getAdditionalProperties());
// propagate api status change and access control roles change to document artifact
String newStatus = updateApiArtifact.getAttribute(APIConstants.API_OVERVIEW_STATUS);
if (!StringUtils.equals(oldStatus, newStatus) || !StringUtils.equals(oldAccessControlRoles, publisherAccessControlRoles)) {
RegistryPersistenceUtil.notifyAPIStateChangeToAssociatedDocuments(artifact, registry);
}
RegistryPersistenceUtil.clearResourcePermissions(artifactPath, api.getId(), ((UserRegistry) registry).getTenantId());
String visibleRolesList = api.getVisibleRoles();
if (visibleRolesList != null) {
visibleRoles = visibleRolesList.split(",");
}
RegistryPersistenceUtil.setResourcePermissions(api.getId().getProviderName(), api.getVisibility(), visibleRoles, artifactPath, registry);
// attaching api categories to the API
List<APICategory> attachedApiCategories = api.getApiCategories();
artifact.removeAttribute(APIConstants.API_CATEGORIES_CATEGORY_NAME);
if (attachedApiCategories != null) {
for (APICategory category : attachedApiCategories) {
artifact.addAttribute(APIConstants.API_CATEGORIES_CATEGORY_NAME, category.getName());
}
}
if (api.getSwaggerDefinition() != null) {
String resourcePath = RegistryPersistenceUtil.getOpenAPIDefinitionFilePath(api.getId().getName(), api.getId().getVersion(), api.getId().getProviderName());
resourcePath = resourcePath + APIConstants.API_OAS_DEFINITION_RESOURCE_NAME;
Resource resource;
if (!registry.resourceExists(resourcePath)) {
resource = registry.newResource();
} else {
resource = registry.get(resourcePath);
}
resource.setContent(api.getSwaggerDefinition());
resource.setMediaType("application/json");
registry.put(resourcePath, resource);
// Need to set anonymous if the visibility is public
RegistryPersistenceUtil.clearResourcePermissions(resourcePath, api.getId(), ((UserRegistry) registry).getTenantId());
RegistryPersistenceUtil.setResourcePermissions(api.getId().getProviderName(), api.getVisibility(), visibleRoles, resourcePath);
}
// doc visibility change
String apiOrAPIProductDocPath = RegistryPersistenceDocUtil.getDocumentPath(api.getId().getProviderName(), api.getId().getApiName(), api.getId().getVersion());
String pathToContent = apiOrAPIProductDocPath + APIConstants.INLINE_DOCUMENT_CONTENT_DIR;
String pathToDocFile = apiOrAPIProductDocPath + APIConstants.DOCUMENT_FILE_DIR;
if (registry.resourceExists(apiOrAPIProductDocPath)) {
Resource resource = registry.get(apiOrAPIProductDocPath);
if (resource instanceof org.wso2.carbon.registry.core.Collection) {
String[] docsPaths = ((org.wso2.carbon.registry.core.Collection) resource).getChildren();
for (String docPath : docsPaths) {
if (!(docPath.equalsIgnoreCase(pathToContent) || docPath.equalsIgnoreCase(pathToDocFile))) {
Resource docResource = registry.get(docPath);
GenericArtifactManager docArtifactManager = RegistryPersistenceDocUtil.getDocumentArtifactManager(registry);
GenericArtifact docArtifact = docArtifactManager.getGenericArtifact(docResource.getUUID());
Documentation doc = RegistryPersistenceDocUtil.getDocumentation(docArtifact);
if ((APIConstants.DOC_API_BASED_VISIBILITY).equalsIgnoreCase(doc.getVisibility().name())) {
String documentationPath = RegistryPersistenceDocUtil.getAPIDocPath(api.getId()) + doc.getName();
RegistryPersistenceUtil.setResourcePermissions(api.getId().getProviderName(), api.getVisibility(), visibleRoles, documentationPath, registry);
if (Documentation.DocumentSourceType.INLINE.equals(doc.getSourceType()) || Documentation.DocumentSourceType.MARKDOWN.equals(doc.getSourceType())) {
String contentPath = RegistryPersistenceDocUtil.getAPIDocPath(api.getId()) + APIConstants.INLINE_DOCUMENT_CONTENT_DIR + RegistryConstants.PATH_SEPARATOR + doc.getName();
RegistryPersistenceUtil.setResourcePermissions(api.getId().getProviderName(), api.getVisibility(), visibleRoles, contentPath, registry);
} else if (Documentation.DocumentSourceType.FILE.equals(doc.getSourceType()) && doc.getFilePath() != null) {
String filePath = RegistryPersistenceDocUtil.getDocumentationFilePath(api.getId(), doc.getFilePath().split("files" + RegistryConstants.PATH_SEPARATOR)[1]);
RegistryPersistenceUtil.setResourcePermissions(api.getId().getProviderName(), api.getVisibility(), visibleRoles, filePath, registry);
}
}
}
}
}
}
setSoapToRestSequences(publisherAPI, registry);
registry.commitTransaction();
transactionCommitted = true;
return APIMapper.INSTANCE.toPublisherApi(api);
} catch (Exception e) {
try {
registry.rollbackTransaction();
} catch (RegistryException re) {
// Throwing an error from this level will mask the original exception
log.error("Error while rolling back the transaction for API: " + api.getId().getApiName(), re);
}
throw new APIPersistenceException("Error while performing registry transaction operation ", e);
} finally {
if (tenantFlowStarted) {
RegistryPersistenceUtil.endTenantFlow();
}
try {
if (!transactionCommitted) {
registry.rollbackTransaction();
}
} catch (RegistryException ex) {
throw new APIPersistenceException("Error occurred while rolling back the transaction. ", ex);
}
}
}
Also used :
GenericArtifact(org.wso2.carbon.governance.api.generic.dataobjects.GenericArtifact)
APIPersistenceException(org.wso2.carbon.apimgt.persistence.exceptions.APIPersistenceException)
GenericArtifactManager(org.wso2.carbon.governance.api.generic.GenericArtifactManager)
Documentation(org.wso2.carbon.apimgt.persistence.dto.Documentation)
Resource(org.wso2.carbon.registry.core.Resource)
UserRegistry(org.wso2.carbon.registry.core.session.UserRegistry)
Registry(org.wso2.carbon.registry.core.Registry)
RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException)
APIPersistenceException(org.wso2.carbon.apimgt.persistence.exceptions.APIPersistenceException)
XMLStreamException(javax.xml.stream.XMLStreamException)
RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException)
PersistenceException(org.wso2.carbon.apimgt.persistence.exceptions.PersistenceException)
GraphQLPersistenceException(org.wso2.carbon.apimgt.persistence.exceptions.GraphQLPersistenceException)
PersistenceUtil.handleException(org.wso2.carbon.apimgt.persistence.utils.PersistenceUtil.handleException)
IOException(java.io.IOException)
MediationPolicyPersistenceException(org.wso2.carbon.apimgt.persistence.exceptions.MediationPolicyPersistenceException)
APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)
ThumbnailPersistenceException(org.wso2.carbon.apimgt.persistence.exceptions.ThumbnailPersistenceException)
IndexerException(org.wso2.carbon.registry.indexing.indexer.IndexerException)
WSDLPersistenceException(org.wso2.carbon.apimgt.persistence.exceptions.WSDLPersistenceException)
OASPersistenceException(org.wso2.carbon.apimgt.persistence.exceptions.OASPersistenceException)
AsyncSpecPersistenceException(org.wso2.carbon.apimgt.persistence.exceptions.AsyncSpecPersistenceException)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
GovernanceException(org.wso2.carbon.governance.api.exception.GovernanceException)
DocumentationPersistenceException(org.wso2.carbon.apimgt.persistence.exceptions.DocumentationPersistenceException)
APIMgtResourceNotFoundException(org.wso2.carbon.apimgt.api.APIMgtResourceNotFoundException)
Collection(org.wso2.carbon.registry.core.Collection)
DevPortalAPI(org.wso2.carbon.apimgt.persistence.dto.DevPortalAPI)
PublisherAPI(org.wso2.carbon.apimgt.persistence.dto.PublisherAPI)
API(org.wso2.carbon.apimgt.api.model.API)
Tag(org.wso2.carbon.apimgt.api.model.Tag)
APICategory(org.wso2.carbon.apimgt.api.model.APICategory)
Example 19 with Roles
use of org.wso2.carbon.identity.api.server.idp.v1.model.Roles in project carbon-apimgt by wso2.
the class OAS2Parser method processLegacyScopes.
/**
* This method will extract scopes from legacy x-wso2-security and add them to default scheme
* @param swagger swagger definition
* @return
* @throws APIManagementException
*/
private Swagger processLegacyScopes(Swagger swagger) throws APIManagementException {
Map<String, SecuritySchemeDefinition> securityDefinitions = swagger.getSecurityDefinitions();
OAuth2Definition oAuth2Definition = new OAuth2Definition();
if (securityDefinitions != null && securityDefinitions.get(APIConstants.OAUTH2_DEFAULT_SCOPE) != null) {
oAuth2Definition = (OAuth2Definition) securityDefinitions.get(APIConstants.OAUTH2_DEFAULT_SCOPE);
}
Map<String, String> scopeBindings = new HashMap<>();
Map<String, Object> vendorExtensions = oAuth2Definition.getVendorExtensions();
if (vendorExtensions != null && vendorExtensions.get(APIConstants.SWAGGER_X_SCOPES_BINDINGS) != null) {
scopeBindings = (Map<String, String>) vendorExtensions.get(APIConstants.SWAGGER_X_SCOPES_BINDINGS);
}
Set<Scope> scopes = getScopesFromExtensions(swagger);
if (scopes != null && !scopes.isEmpty()) {
for (Scope scope : scopes) {
oAuth2Definition.addScope(scope.getKey(), scope.getDescription());
String roles = (StringUtils.isNotBlank(scope.getRoles()) && scope.getRoles().trim().split(",").length > 0) ? scope.getRoles() : StringUtils.EMPTY;
scopeBindings.put(scope.getKey(), roles);
}
oAuth2Definition.setVendorExtension(APIConstants.SWAGGER_X_SCOPES_BINDINGS, scopeBindings);
}
swagger.addSecurityDefinition(APIConstants.SWAGGER_APIM_DEFAULT_SECURITY, oAuth2Definition);
return swagger;
}
Also used :
Scope(org.wso2.carbon.apimgt.api.model.Scope)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
OAuth2Definition(io.swagger.models.auth.OAuth2Definition)
SecuritySchemeDefinition(io.swagger.models.auth.SecuritySchemeDefinition)
Example 20 with Roles
use of org.wso2.carbon.identity.api.server.idp.v1.model.Roles in project carbon-apimgt by wso2.
the class OAS2Parser method updateSwaggerSecurityDefinition.
/**
* Update swagger with security definition
*
* @param swagger swagger object
* @param swaggerData Swagger related data
*/
private void updateSwaggerSecurityDefinition(Swagger swagger, SwaggerData swaggerData, String authUrl) {
OAuth2Definition oAuth2Definition = new OAuth2Definition().implicit(authUrl);
Set<Scope> scopes = swaggerData.getScopes();
if (scopes != null && !scopes.isEmpty()) {
Map<String, String> scopeBindings = new HashMap<>();
for (Scope scope : scopes) {
String description = scope.getDescription() != null ? scope.getDescription() : "";
oAuth2Definition.addScope(scope.getKey(), description);
String roles = (StringUtils.isNotBlank(scope.getRoles()) && scope.getRoles().trim().split(",").length > 0) ? scope.getRoles() : StringUtils.EMPTY;
scopeBindings.put(scope.getKey(), roles);
}
oAuth2Definition.setVendorExtension(APIConstants.SWAGGER_X_SCOPES_BINDINGS, scopeBindings);
}
swagger.addSecurityDefinition(APIConstants.SWAGGER_APIM_DEFAULT_SECURITY, oAuth2Definition);
if (swagger.getSecurity() == null) {
SecurityRequirement securityRequirement = new SecurityRequirement();
securityRequirement.setRequirements(APIConstants.SWAGGER_APIM_DEFAULT_SECURITY, new ArrayList<String>());
swagger.addSecurity(securityRequirement);
}
}
Also used :
Scope(org.wso2.carbon.apimgt.api.model.Scope)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
OAuth2Definition(io.swagger.models.auth.OAuth2Definition)
SecurityRequirement(io.swagger.models.SecurityRequirement)
Aggregations
ArrayList (java.util.ArrayList)72
HashMap (java.util.HashMap)60
Test (org.testng.annotations.Test)36
UserStoreException (org.wso2.carbon.user.api.UserStoreException)36
SQLException (java.sql.SQLException)27
HashSet (java.util.HashSet)26
Map (java.util.Map)25
Connection (java.sql.Connection)23
APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)23
PreparedStatement (java.sql.PreparedStatement)21
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)20
APIMgtDAOException (org.wso2.carbon.apimgt.core.exception.APIMgtDAOException)18
JSONObject (org.json.simple.JSONObject)17
UserStoreException (org.wso2.carbon.user.core.UserStoreException)17
RoleBasicInfo (org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)16
UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)16
RealmService (org.wso2.carbon.user.core.service.RealmService)15
API (org.wso2.carbon.apimgt.core.models.API)14
RoleMapping (org.wso2.carbon.identity.application.common.model.RoleMapping)14
AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)14
