use of org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException in project identity-inbound-auth-oauth by wso2-extensions.
the class IdentityOauthEventHandler method terminateSession.
/**
* To revoke access tokens and terminate sessions of given list of user IDs.
*
* @param userIDList List of user IDs
* @throws IdentityEventException
*/
private void terminateSession(List<String> userIDList) throws IdentityEventException {
try {
UserStoreManager userStoreManager = (UserStoreManager) CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager();
String userName;
if (CollectionUtils.isNotEmpty(userIDList)) {
for (String userId : userIDList) {
try {
userName = FrameworkUtils.resolveUserNameFromUserId(userStoreManager, userId);
OAuthUtil.revokeTokens(userName, userStoreManager);
OAuthUtil.removeUserClaimsFromCache(userName, userStoreManager);
OAuth2ServiceComponentHolder.getUserSessionManagementService().terminateSessionsByUserId(userId);
} catch (UserSessionException e) {
String errorMsg = "Error occurred while revoking access token for user Id: " + userId;
log.error(errorMsg, e);
throw new IdentityEventException(errorMsg, e);
} catch (SessionManagementException e) {
String errorMsg = "Failed to terminate active sessions of user Id: " + userId;
log.error(errorMsg, e);
throw new IdentityEventException(errorMsg, e);
}
}
}
} catch (org.wso2.carbon.user.api.UserStoreException e) {
String errorMsg = "Error occurred while retrieving user manager";
log.error(errorMsg, e);
throw new IdentityEventException(errorMsg, e);
}
}
use of org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException in project identity-inbound-provisioning-scim2 by wso2-extensions.
the class SCIMUserOperationListener method validateClaimUpdate.
/**
* Validate whether the claim update request is from a provisioned user.
*
* @param username Username.
* @throws UserStoreException if an error occurred while retrieving the user claim list.
*/
private void validateClaimUpdate(String username) throws UserStoreException {
boolean isAttributeSyncingEnabled = true;
/*
If attribute syncing is disabled, blocking the attribute editing is not required.
ToDo: There should be an option to disable attribute syncing.
(https://github.com/wso2/product-is/issues/12414)
*/
if (!isAttributeSyncingEnabled) {
return;
}
/*
Check whether this is an attribute syncing flow by checking the PROVISIONED_USER thread local property.
If it is an attribute syncing flow, blocking the attribute editing is not required.
*/
if (IdentityUtil.threadLocalProperties.get().get(FrameworkConstants.JIT_PROVISIONING_FLOW) != null && (Boolean) IdentityUtil.threadLocalProperties.get().get(FrameworkConstants.JIT_PROVISIONING_FLOW)) {
return;
}
boolean isExistingJITProvisionedUser;
try {
isExistingJITProvisionedUser = UserSessionStore.getInstance().isExistingUser(username);
} catch (UserSessionException e) {
throw new UserStoreException("Error while checking the federated user existence for the user: " + username);
}
// If federated user is already provisioned, block that user's synced attribute editing.
if (isExistingJITProvisionedUser) {
throw new UserStoreClientException(SCIMCommonConstants.ErrorMessages.ERROR_CODE_INVALID_ATTRIBUTE_UPDATE.getMessage(), SCIMCommonConstants.ErrorMessages.ERROR_CODE_INVALID_ATTRIBUTE_UPDATE.getCode());
}
}
use of org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException in project carbon-identity-framework by wso2.
the class UserSessionStore method storeUserData.
/**
* Method to store user and session mapping.
*
* @param userName Name of the authenticated user
* @param tenantId Id of the tenant domain
* @param userDomain Name of the user Store domain
* @param idPId Identity Provider id
* @throws UserSessionException if an error occurs when storing the authenticated user details to the database
*/
public void storeUserData(String userId, String userName, int tenantId, String userDomain, int idPId) throws UserSessionException {
try (Connection connection = IdentityDatabaseUtil.getSessionDBConnection(true)) {
try (PreparedStatement preparedStatement = connection.prepareStatement(SQLQueries.SQL_INSERT_USER_STORE_OPERATION)) {
preparedStatement.setString(1, userId);
preparedStatement.setString(2, userName);
preparedStatement.setInt(3, tenantId);
preparedStatement.setString(4, (userDomain == null) ? FEDERATED_USER_DOMAIN : userDomain.toUpperCase());
preparedStatement.setInt(5, idPId);
preparedStatement.executeUpdate();
IdentityDatabaseUtil.commitTransaction(connection);
} catch (SQLException e1) {
IdentityDatabaseUtil.rollbackTransaction(connection);
throw new DuplicatedAuthUserException("Error when store user data.", e1);
}
} catch (SQLIntegrityConstraintViolationException e) {
// mapping is already stored from another node.
throw new DuplicatedAuthUserException("Duplicated user entry found in IDN_AUTH_USER table. Username: " + userName + " Tenant Id: " + tenantId + " User Store Domain: " + userDomain + " Identity Provider " + "Id: " + idPId, e);
} catch (SQLException e) {
// SQLIntegrityConstraintViolationException
if (StringUtils.containsIgnoreCase(e.getMessage(), "USER_STORE_CONSTRAINT")) {
throw new DuplicatedAuthUserException("Duplicated user entry found in IDN_AUTH_USER table. Username: " + userName + " Tenant Id: " + tenantId + " User Store Domain: " + userDomain + " Identity " + "Provider Id: " + idPId, e);
} else {
throw new UserSessionException("Error while storing authenticated user details to the database table " + "IDN_AUTH_USER_STORE of user: " + userName + ", Tenant Id: " + tenantId + ", User domain: " + userDomain + ", Identity provider id: " + idPId, e);
}
}
}
use of org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException in project carbon-identity-framework by wso2.
the class UserSessionStore method updateFederatedAuthSessionInfo.
/**
* Update session details of a given session context key to map the current session context key with
* the federated IdP's session ID.
*
* @param sessionContextKey Session Context Key.
* @param authHistory History of the authentication flow.
* @throws UserSessionException Error while storing session details.
*/
public void updateFederatedAuthSessionInfo(String sessionContextKey, AuthHistory authHistory) throws UserSessionException {
JdbcTemplate jdbcTemplate = JdbcUtils.getNewTemplate();
try {
jdbcTemplate.executeUpdate(SQLQueries.SQL_UPDATE_FEDERATED_AUTH_SESSION_INFO, preparedStatement -> {
preparedStatement.setString(1, sessionContextKey);
preparedStatement.setString(2, authHistory.getIdpSessionIndex());
});
} catch (DataAccessException e) {
throw new UserSessionException("Error while updating " + sessionContextKey + " of session:" + authHistory.getIdpSessionIndex() + " in table " + IDN_AUTH_SESSION_META_DATA_TABLE + ".", e);
}
}
use of org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException in project carbon-identity-framework by wso2.
the class UserSessionStore method isExistingMapping.
/**
* Method to check whether the user id and session id mapping is already exists in the database.
*
* @param userId Id of the user
* @param sessionId Id of the authenticated session
* @return the boolean decision
* @throws UserSessionException if an error occurs when retrieving the mapping from the database
*/
public boolean isExistingMapping(String userId, String sessionId) throws UserSessionException {
Boolean isExisting = false;
try (Connection connection = IdentityDatabaseUtil.getSessionDBConnection(false)) {
try (PreparedStatement preparedStatement = connection.prepareStatement(SQLQueries.SQL_SELECT_USER_SESSION_MAP)) {
preparedStatement.setString(1, userId);
preparedStatement.setString(2, sessionId);
try (ResultSet resultSet = preparedStatement.executeQuery()) {
if (resultSet.next()) {
isExisting = true;
}
}
} catch (SQLException e1) {
throw new UserSessionException("Error while retrieving existing mapping between user Id: " + userId + " and session Id: " + sessionId, e1);
}
} catch (SQLException e) {
throw new UserSessionException("Error while retrieving existing mapping between user Id: " + userId + " and session Id: " + sessionId, e);
}
return isExisting;
}
Aggregations