use of org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig in project carbon-identity-framework by wso2.
the class ApplicationMgtUtil method storePermissions.
/**
* Stores the permissions to applications.
*
* @param applicationName
* @param permissionsConfig
* @throws IdentityApplicationManagementException
*/
public static void storePermissions(String applicationName, String username, PermissionsAndRoleConfig permissionsConfig) throws IdentityApplicationManagementException {
int tenantId = MultitenantConstants.INVALID_TENANT_ID;
try {
tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
IdentityTenantUtil.initializeRegistry(tenantId);
} catch (IdentityException e) {
throw new IdentityApplicationManagementException("Error loading tenant registry for tenant domain: " + IdentityTenantUtil.getTenantDomain(tenantId), e);
}
Registry tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
String permissionResourcePath = getApplicationPermissionPath();
try {
if (!tenantGovReg.resourceExists(permissionResourcePath)) {
boolean loggedInUserChanged = false;
UserRealm realm = (UserRealm) CarbonContext.getThreadLocalCarbonContext().getUserRealm();
if (!realm.getAuthorizationManager().isUserAuthorized(username, permissionResourcePath, UserMgtConstants.EXECUTE_ACTION)) {
// Logged in user is not authorized to create the permission.
// Temporarily change the user to the admin for creating the permission
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(realm.getRealmConfiguration().getAdminUserName());
tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
loggedInUserChanged = true;
}
Collection appRootNode = tenantGovReg.newCollection();
appRootNode.setProperty("name", "Applications");
tenantGovReg.put(permissionResourcePath, appRootNode);
if (loggedInUserChanged) {
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username);
}
}
if (permissionsConfig != null) {
ApplicationPermission[] permissions = permissionsConfig.getPermissions();
if (permissions == null || permissions.length < 1) {
return;
}
// creating the application node in the tree
String appNode = permissionResourcePath + PATH_CONSTANT + applicationName;
Collection appNodeColl = tenantGovReg.newCollection();
tenantGovReg.put(appNode, appNodeColl);
// now start storing the permissions
for (ApplicationPermission permission : permissions) {
String permissinPath = appNode + PATH_CONSTANT + permission;
Resource permissionNode = tenantGovReg.newResource();
permissionNode.setProperty("name", permission.getValue());
tenantGovReg.put(permissinPath, permissionNode);
}
}
} catch (Exception e) {
throw new IdentityApplicationManagementException("Error while storing permissions for application " + applicationName, e);
}
}
use of org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig in project carbon-identity-framework by wso2.
the class ApplicationManagementServiceImplTest method addApplicationConfigurations.
private void addApplicationConfigurations(ServiceProvider serviceProvider) {
serviceProvider.setDescription("Created for testing");
serviceProvider.setSaasApp(TRUE);
// Inbound Authentication Configurations.
InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
InboundAuthenticationRequestConfig authRequestConfig = new InboundAuthenticationRequestConfig();
authRequestConfig.setInboundAuthKey("auth key");
authRequestConfig.setInboundAuthType("oauth2");
InboundAuthenticationRequestConfig[] authRequests = new InboundAuthenticationRequestConfig[] { authRequestConfig };
inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(authRequests);
serviceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
// Inbound Provisioning Configurations.
InboundProvisioningConfig provisioningConfig = new InboundProvisioningConfig();
provisioningConfig.setProvisioningUserStore("UserStore");
serviceProvider.setInboundProvisioningConfig(provisioningConfig);
// OutBound Provisioning Configurations.
IdentityProvider provisioningIdP = new IdentityProvider();
provisioningIdP.setIdentityProviderName("Provisioning IdP");
OutboundProvisioningConfig outboundProvisioningConfig = new OutboundProvisioningConfig();
outboundProvisioningConfig.setProvisioningIdentityProviders(new IdentityProvider[] { provisioningIdP });
ProvisioningConnectorConfig provisioningConnectorConfig = new ProvisioningConnectorConfig();
provisioningConnectorConfig.setName("Provisioning connector");
provisioningIdP.setDefaultProvisioningConnectorConfig(provisioningConnectorConfig);
serviceProvider.setOutboundProvisioningConfig(outboundProvisioningConfig);
// Local And OutBound Authentication Configuration.
LocalAndOutboundAuthenticationConfig authenticationConfig = new LocalAndOutboundAuthenticationConfig();
AuthenticationStep authenticationStep = new AuthenticationStep();
IdentityProvider identityProvider = new IdentityProvider();
identityProvider.setIdentityProviderName(IDP_NAME_1);
FederatedAuthenticatorConfig federatedAuthenticatorConfig = new FederatedAuthenticatorConfig();
federatedAuthenticatorConfig.setName("Federated authenticator");
identityProvider.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { federatedAuthenticatorConfig });
authenticationStep.setFederatedIdentityProviders(new IdentityProvider[] { identityProvider });
LocalAuthenticatorConfig localAuthenticatorConfig = new LocalAuthenticatorConfig();
localAuthenticatorConfig.setName("Local authenticator");
authenticationStep.setLocalAuthenticatorConfigs(new LocalAuthenticatorConfig[] { localAuthenticatorConfig });
authenticationConfig.setAuthenticationSteps(new AuthenticationStep[] { authenticationStep });
serviceProvider.setLocalAndOutBoundAuthenticationConfig(authenticationConfig);
// Request Path Authenticator Configuration.
RequestPathAuthenticatorConfig requestPathAuthenticatorConfig = new RequestPathAuthenticatorConfig();
requestPathAuthenticatorConfig.setName("Request path authenticator");
serviceProvider.setRequestPathAuthenticatorConfigs(new RequestPathAuthenticatorConfig[] { requestPathAuthenticatorConfig });
// Claim Configurations.
ClaimConfig claimConfig = new ClaimConfig();
claimConfig.setRoleClaimURI("Role claim uri");
claimConfig.setSpClaimDialects(new String[] { "SP claim dialect" });
ClaimMapping claimMapping = new ClaimMapping();
Claim localClaim = new Claim();
localClaim.setClaimUri("Local claim uri");
Claim remoteClaim = new Claim();
remoteClaim.setClaimUri("Remote claim uri");
claimMapping.setLocalClaim(localClaim);
claimMapping.setRemoteClaim(remoteClaim);
claimConfig.setClaimMappings(new ClaimMapping[] { claimMapping });
serviceProvider.setClaimConfig(claimConfig);
// Permission Role Configurations.
PermissionsAndRoleConfig permissionsAndRoleConfig = new PermissionsAndRoleConfig();
RoleMapping roleMapping = new RoleMapping();
LocalRole localRole = new LocalRole("Local role");
roleMapping.setLocalRole(localRole);
roleMapping.setRemoteRole("Remote role");
RoleMapping[] roleMappings = new RoleMapping[] { roleMapping };
permissionsAndRoleConfig.setRoleMappings(roleMappings);
}
use of org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig in project product-is by wso2.
the class IdentityProviderManagementTestCase method createIdpWithRoleMappings.
private void createIdpWithRoleMappings(String idpName) {
try {
IdentityProvider identityProvider = new IdentityProvider();
identityProvider.setIdentityProviderName(idpName);
PermissionsAndRoleConfig permissionsAndRoleConfig = new PermissionsAndRoleConfig();
RoleMapping roleMapping = new RoleMapping();
LocalRole localRole = new LocalRole();
localRole.setLocalRoleName("umRole1");
localRole.setUserStoreId("primary");
roleMapping.setLocalRole(localRole);
roleMapping.setRemoteRole("role1");
permissionsAndRoleConfig.addRoleMappings(roleMapping);
identityProvider.setPermissionAndRoleConfig(permissionsAndRoleConfig);
identityProviderMgtServiceClient.addIdP(identityProvider);
} catch (Exception e) {
Assert.fail("Error while trying to create identity provider", e);
}
}
use of org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig in project product-is by wso2.
the class ApplicationManagementTestCase method testUpdateRoles.
@Test(alwaysRun = true, description = "Testing update Roles")
public void testUpdateRoles() {
String applicationName = "TestServiceProvider";
try {
ServiceProvider serviceProvider = applicationManagementServiceClient.getApplication(applicationName);
PermissionsAndRoleConfig permAndRoleConfig = new PermissionsAndRoleConfig();
List<RoleMapping> roleMappingList = new ArrayList<RoleMapping>();
RoleMapping mapping = new RoleMapping();
LocalRole localRole = new LocalRole();
localRole.setLocalRoleName("idpRole_1");
mapping.setLocalRole(localRole);
mapping.setRemoteRole("spRole_1");
roleMappingList.add(mapping);
permAndRoleConfig.setRoleMappings(roleMappingList.toArray(new RoleMapping[roleMappingList.size()]));
serviceProvider.setPermissionAndRoleConfig(permAndRoleConfig);
applicationManagementServiceClient.updateApplicationData(serviceProvider);
ServiceProvider updatedServiceProvider = applicationManagementServiceClient.getApplication(applicationName);
PermissionsAndRoleConfig updatedPermissionsAndRoleConfig = updatedServiceProvider.getPermissionAndRoleConfig();
Assert.assertEquals(updatedPermissionsAndRoleConfig.getRoleMappings()[0].getLocalRole().getLocalRoleName(), "idpRole_1", "Failed update local role");
Assert.assertEquals(updatedPermissionsAndRoleConfig.getRoleMappings()[0].getRemoteRole(), "spRole_1", "Failed update remote role");
} catch (Exception e) {
Assert.fail("Error while trying to update Roles", e);
}
}
use of org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig in project identity-api-server by wso2.
the class ServerIdpManagementService method createRoleResponse.
private Roles createRoleResponse(IdentityProvider identityProvider) {
PermissionsAndRoleConfig permissionsAndRoleConfig = identityProvider.getPermissionAndRoleConfig();
Roles roleConfig = new Roles();
List<org.wso2.carbon.identity.api.server.idp.v1.model.RoleMapping> apiRoleMappings = new ArrayList<>();
if (permissionsAndRoleConfig != null) {
if (permissionsAndRoleConfig.getRoleMappings() != null) {
for (RoleMapping roleMapping : permissionsAndRoleConfig.getRoleMappings()) {
org.wso2.carbon.identity.api.server.idp.v1.model.RoleMapping apiRoleMapping = new org.wso2.carbon.identity.api.server.idp.v1.model.RoleMapping();
apiRoleMapping.setIdpRole(roleMapping.getRemoteRole());
apiRoleMapping.setLocalRole(IdentityUtil.addDomainToName(roleMapping.getLocalRole().getLocalRoleName(), roleMapping.getLocalRole().getUserStoreId()));
apiRoleMappings.add(apiRoleMapping);
}
}
}
roleConfig.setMappings(apiRoleMappings);
String provRoles = identityProvider.getProvisioningRole();
if (StringUtils.isNotBlank(provRoles)) {
roleConfig.setOutboundProvisioningRoles(Arrays.asList(provRoles.split(",")));
}
return roleConfig;
}
Aggregations