Search in sources :

Example 16 with UserSessionException

use of org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException in project identity-inbound-auth-oauth by wso2-extensions.

the class IdentityOauthEventHandler method terminateSession.

/**
 * To revoke access tokens and terminate sessions of given list of user IDs.
 *
 * @param userIDList            List of user IDs
 * @throws IdentityEventException
 */
private void terminateSession(List<String> userIDList) throws IdentityEventException {
    try {
        UserStoreManager userStoreManager = (UserStoreManager) CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager();
        String userName;
        if (CollectionUtils.isNotEmpty(userIDList)) {
            for (String userId : userIDList) {
                try {
                    userName = FrameworkUtils.resolveUserNameFromUserId(userStoreManager, userId);
                    OAuthUtil.revokeTokens(userName, userStoreManager);
                    OAuthUtil.removeUserClaimsFromCache(userName, userStoreManager);
                    OAuth2ServiceComponentHolder.getUserSessionManagementService().terminateSessionsByUserId(userId);
                } catch (UserSessionException e) {
                    String errorMsg = "Error occurred while revoking access token for user Id: " + userId;
                    log.error(errorMsg, e);
                    throw new IdentityEventException(errorMsg, e);
                } catch (SessionManagementException e) {
                    String errorMsg = "Failed to terminate active sessions of user Id: " + userId;
                    log.error(errorMsg, e);
                    throw new IdentityEventException(errorMsg, e);
                }
            }
        }
    } catch (org.wso2.carbon.user.api.UserStoreException e) {
        String errorMsg = "Error occurred while retrieving user manager";
        log.error(errorMsg, e);
        throw new IdentityEventException(errorMsg, e);
    }
}
Also used : SessionManagementException(org.wso2.carbon.identity.application.authentication.framework.exception.session.mgt.SessionManagementException) IdentityEventException(org.wso2.carbon.identity.event.IdentityEventException) UserStoreManager(org.wso2.carbon.user.core.UserStoreManager) UserSessionException(org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException)

Example 17 with UserSessionException

use of org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMUserOperationListener method validateClaimUpdate.

/**
 * Validate whether the claim update request is from a provisioned user.
 *
 * @param username Username.
 * @throws UserStoreException if an error occurred while retrieving the user claim list.
 */
private void validateClaimUpdate(String username) throws UserStoreException {
    boolean isAttributeSyncingEnabled = true;
    /*
        If attribute syncing is disabled, blocking the attribute editing is not required.
        ToDo: There should be an option to disable attribute syncing.
        (https://github.com/wso2/product-is/issues/12414)
         */
    if (!isAttributeSyncingEnabled) {
        return;
    }
    /*
        Check whether this is an attribute syncing flow by checking the PROVISIONED_USER thread local property.
        If it is an attribute syncing flow, blocking the attribute editing is not required.
         */
    if (IdentityUtil.threadLocalProperties.get().get(FrameworkConstants.JIT_PROVISIONING_FLOW) != null && (Boolean) IdentityUtil.threadLocalProperties.get().get(FrameworkConstants.JIT_PROVISIONING_FLOW)) {
        return;
    }
    boolean isExistingJITProvisionedUser;
    try {
        isExistingJITProvisionedUser = UserSessionStore.getInstance().isExistingUser(username);
    } catch (UserSessionException e) {
        throw new UserStoreException("Error while checking the federated user existence for the user: " + username);
    }
    // If federated user is already provisioned, block that user's synced attribute editing.
    if (isExistingJITProvisionedUser) {
        throw new UserStoreClientException(SCIMCommonConstants.ErrorMessages.ERROR_CODE_INVALID_ATTRIBUTE_UPDATE.getMessage(), SCIMCommonConstants.ErrorMessages.ERROR_CODE_INVALID_ATTRIBUTE_UPDATE.getCode());
    }
}
Also used : UserStoreClientException(org.wso2.carbon.user.core.UserStoreClientException) UserStoreException(org.wso2.carbon.user.core.UserStoreException) UserSessionException(org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException)

Example 18 with UserSessionException

use of org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException in project carbon-identity-framework by wso2.

the class UserSessionStore method storeUserData.

/**
 * Method to store user and session mapping.
 *
 * @param userName   Name of the authenticated user
 * @param tenantId   Id of the tenant domain
 * @param userDomain Name of the user Store domain
 * @param idPId      Identity Provider id
 * @throws UserSessionException if an error occurs when storing the authenticated user details to the database
 */
public void storeUserData(String userId, String userName, int tenantId, String userDomain, int idPId) throws UserSessionException {
    try (Connection connection = IdentityDatabaseUtil.getSessionDBConnection(true)) {
        try (PreparedStatement preparedStatement = connection.prepareStatement(SQLQueries.SQL_INSERT_USER_STORE_OPERATION)) {
            preparedStatement.setString(1, userId);
            preparedStatement.setString(2, userName);
            preparedStatement.setInt(3, tenantId);
            preparedStatement.setString(4, (userDomain == null) ? FEDERATED_USER_DOMAIN : userDomain.toUpperCase());
            preparedStatement.setInt(5, idPId);
            preparedStatement.executeUpdate();
            IdentityDatabaseUtil.commitTransaction(connection);
        } catch (SQLException e1) {
            IdentityDatabaseUtil.rollbackTransaction(connection);
            throw new DuplicatedAuthUserException("Error when store user data.", e1);
        }
    } catch (SQLIntegrityConstraintViolationException e) {
        // mapping is already stored from another node.
        throw new DuplicatedAuthUserException("Duplicated user entry found in IDN_AUTH_USER table. Username: " + userName + " Tenant Id: " + tenantId + " User Store Domain: " + userDomain + " Identity Provider " + "Id: " + idPId, e);
    } catch (SQLException e) {
        // SQLIntegrityConstraintViolationException
        if (StringUtils.containsIgnoreCase(e.getMessage(), "USER_STORE_CONSTRAINT")) {
            throw new DuplicatedAuthUserException("Duplicated user entry found in IDN_AUTH_USER table. Username: " + userName + " Tenant Id: " + tenantId + " User Store Domain: " + userDomain + " Identity " + "Provider Id: " + idPId, e);
        } else {
            throw new UserSessionException("Error while storing authenticated user details to the database table " + "IDN_AUTH_USER_STORE of user: " + userName + ", Tenant Id: " + tenantId + ", User domain: " + userDomain + ", Identity provider id: " + idPId, e);
        }
    }
}
Also used : SQLException(java.sql.SQLException) DuplicatedAuthUserException(org.wso2.carbon.identity.application.authentication.framework.exception.DuplicatedAuthUserException) SQLIntegrityConstraintViolationException(java.sql.SQLIntegrityConstraintViolationException) Connection(java.sql.Connection) PreparedStatement(java.sql.PreparedStatement) UserSessionException(org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException)

Example 19 with UserSessionException

use of org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException in project carbon-identity-framework by wso2.

the class UserSessionStore method updateFederatedAuthSessionInfo.

/**
 * Update session details of a given session context key to map the current session context key with
 * the federated IdP's session ID.
 *
 * @param sessionContextKey Session Context Key.
 * @param authHistory       History of the authentication flow.
 * @throws UserSessionException Error while storing session details.
 */
public void updateFederatedAuthSessionInfo(String sessionContextKey, AuthHistory authHistory) throws UserSessionException {
    JdbcTemplate jdbcTemplate = JdbcUtils.getNewTemplate();
    try {
        jdbcTemplate.executeUpdate(SQLQueries.SQL_UPDATE_FEDERATED_AUTH_SESSION_INFO, preparedStatement -> {
            preparedStatement.setString(1, sessionContextKey);
            preparedStatement.setString(2, authHistory.getIdpSessionIndex());
        });
    } catch (DataAccessException e) {
        throw new UserSessionException("Error while updating " + sessionContextKey + " of session:" + authHistory.getIdpSessionIndex() + " in table " + IDN_AUTH_SESSION_META_DATA_TABLE + ".", e);
    }
}
Also used : JdbcTemplate(org.wso2.carbon.database.utils.jdbc.JdbcTemplate) UserSessionException(org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException) DataAccessException(org.wso2.carbon.database.utils.jdbc.exceptions.DataAccessException)

Example 20 with UserSessionException

use of org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException in project carbon-identity-framework by wso2.

the class UserSessionStore method isExistingMapping.

/**
 * Method to check whether the user id and session id mapping is already exists in the database.
 *
 * @param userId    Id of the user
 * @param sessionId Id of the authenticated session
 * @return the boolean decision
 * @throws UserSessionException if an error occurs when retrieving the mapping from the database
 */
public boolean isExistingMapping(String userId, String sessionId) throws UserSessionException {
    Boolean isExisting = false;
    try (Connection connection = IdentityDatabaseUtil.getSessionDBConnection(false)) {
        try (PreparedStatement preparedStatement = connection.prepareStatement(SQLQueries.SQL_SELECT_USER_SESSION_MAP)) {
            preparedStatement.setString(1, userId);
            preparedStatement.setString(2, sessionId);
            try (ResultSet resultSet = preparedStatement.executeQuery()) {
                if (resultSet.next()) {
                    isExisting = true;
                }
            }
        } catch (SQLException e1) {
            throw new UserSessionException("Error while retrieving existing mapping between user Id: " + userId + " and session Id: " + sessionId, e1);
        }
    } catch (SQLException e) {
        throw new UserSessionException("Error while retrieving existing mapping between user Id: " + userId + " and session Id: " + sessionId, e);
    }
    return isExisting;
}
Also used : SQLException(java.sql.SQLException) Connection(java.sql.Connection) ResultSet(java.sql.ResultSet) PreparedStatement(java.sql.PreparedStatement) UserSessionException(org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException)

Aggregations

UserSessionException (org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException)24 Connection (java.sql.Connection)14 PreparedStatement (java.sql.PreparedStatement)14 SQLException (java.sql.SQLException)14 ResultSet (java.sql.ResultSet)10 ArrayList (java.util.ArrayList)6 DataAccessException (org.wso2.carbon.database.utils.jdbc.exceptions.DataAccessException)6 AuthHistory (org.wso2.carbon.identity.application.authentication.framework.context.AuthHistory)6 JdbcTemplate (org.wso2.carbon.database.utils.jdbc.JdbcTemplate)5 DuplicatedAuthUserException (org.wso2.carbon.identity.application.authentication.framework.exception.DuplicatedAuthUserException)5 SQLIntegrityConstraintViolationException (java.sql.SQLIntegrityConstraintViolationException)4 HashSet (java.util.HashSet)4 List (java.util.List)4 AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)4 Map (java.util.Map)3 Set (java.util.Set)3 TimeUnit (java.util.concurrent.TimeUnit)3 StringUtils (org.apache.commons.lang.StringUtils)3 Log (org.apache.commons.logging.Log)3 LogFactory (org.apache.commons.logging.LogFactory)3