Search in sources :

Example 11 with PermissionsAndRoleConfig

use of org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig in project carbon-identity-framework by wso2.

the class ApplicationMgtUtil method storePermissions.

/**
 * Stores the permissions to applications.
 *
 * @param applicationName
 * @param permissionsConfig
 * @throws IdentityApplicationManagementException
 */
public static void storePermissions(String applicationName, String username, PermissionsAndRoleConfig permissionsConfig) throws IdentityApplicationManagementException {
    int tenantId = MultitenantConstants.INVALID_TENANT_ID;
    try {
        tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        IdentityTenantUtil.initializeRegistry(tenantId);
    } catch (IdentityException e) {
        throw new IdentityApplicationManagementException("Error loading tenant registry for tenant domain: " + IdentityTenantUtil.getTenantDomain(tenantId), e);
    }
    Registry tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
    String permissionResourcePath = getApplicationPermissionPath();
    try {
        if (!tenantGovReg.resourceExists(permissionResourcePath)) {
            boolean loggedInUserChanged = false;
            UserRealm realm = (UserRealm) CarbonContext.getThreadLocalCarbonContext().getUserRealm();
            if (!realm.getAuthorizationManager().isUserAuthorized(username, permissionResourcePath, UserMgtConstants.EXECUTE_ACTION)) {
                // Logged in user is not authorized to create the permission.
                // Temporarily change the user to the admin for creating the permission
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(realm.getRealmConfiguration().getAdminUserName());
                tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
                loggedInUserChanged = true;
            }
            Collection appRootNode = tenantGovReg.newCollection();
            appRootNode.setProperty("name", "Applications");
            tenantGovReg.put(permissionResourcePath, appRootNode);
            if (loggedInUserChanged) {
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username);
            }
        }
        if (permissionsConfig != null) {
            ApplicationPermission[] permissions = permissionsConfig.getPermissions();
            if (permissions == null || permissions.length < 1) {
                return;
            }
            // creating the application node in the tree
            String appNode = permissionResourcePath + PATH_CONSTANT + applicationName;
            Collection appNodeColl = tenantGovReg.newCollection();
            tenantGovReg.put(appNode, appNodeColl);
            // now start storing the permissions
            for (ApplicationPermission permission : permissions) {
                String permissinPath = appNode + PATH_CONSTANT + permission;
                Resource permissionNode = tenantGovReg.newResource();
                permissionNode.setProperty("name", permission.getValue());
                tenantGovReg.put(permissinPath, permissionNode);
            }
        }
    } catch (Exception e) {
        throw new IdentityApplicationManagementException("Error while storing permissions for application " + applicationName, e);
    }
}
Also used : UserRealm(org.wso2.carbon.user.core.UserRealm) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) Resource(org.wso2.carbon.registry.api.Resource) Collection(org.wso2.carbon.registry.api.Collection) Registry(org.wso2.carbon.registry.api.Registry) IdentityException(org.wso2.carbon.identity.base.IdentityException) ApplicationPermission(org.wso2.carbon.identity.application.common.model.ApplicationPermission) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) JAXBException(javax.xml.bind.JAXBException) IdentityException(org.wso2.carbon.identity.base.IdentityException) UserStoreException(org.wso2.carbon.user.api.UserStoreException) RegistryException(org.wso2.carbon.registry.api.RegistryException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)

Example 12 with PermissionsAndRoleConfig

use of org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig in project carbon-identity-framework by wso2.

the class ApplicationManagementServiceImplTest method addApplicationConfigurations.

private void addApplicationConfigurations(ServiceProvider serviceProvider) {
    serviceProvider.setDescription("Created for testing");
    serviceProvider.setSaasApp(TRUE);
    // Inbound Authentication Configurations.
    InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
    InboundAuthenticationRequestConfig authRequestConfig = new InboundAuthenticationRequestConfig();
    authRequestConfig.setInboundAuthKey("auth key");
    authRequestConfig.setInboundAuthType("oauth2");
    InboundAuthenticationRequestConfig[] authRequests = new InboundAuthenticationRequestConfig[] { authRequestConfig };
    inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(authRequests);
    serviceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
    // Inbound Provisioning Configurations.
    InboundProvisioningConfig provisioningConfig = new InboundProvisioningConfig();
    provisioningConfig.setProvisioningUserStore("UserStore");
    serviceProvider.setInboundProvisioningConfig(provisioningConfig);
    // OutBound Provisioning Configurations.
    IdentityProvider provisioningIdP = new IdentityProvider();
    provisioningIdP.setIdentityProviderName("Provisioning IdP");
    OutboundProvisioningConfig outboundProvisioningConfig = new OutboundProvisioningConfig();
    outboundProvisioningConfig.setProvisioningIdentityProviders(new IdentityProvider[] { provisioningIdP });
    ProvisioningConnectorConfig provisioningConnectorConfig = new ProvisioningConnectorConfig();
    provisioningConnectorConfig.setName("Provisioning connector");
    provisioningIdP.setDefaultProvisioningConnectorConfig(provisioningConnectorConfig);
    serviceProvider.setOutboundProvisioningConfig(outboundProvisioningConfig);
    // Local And OutBound Authentication Configuration.
    LocalAndOutboundAuthenticationConfig authenticationConfig = new LocalAndOutboundAuthenticationConfig();
    AuthenticationStep authenticationStep = new AuthenticationStep();
    IdentityProvider identityProvider = new IdentityProvider();
    identityProvider.setIdentityProviderName(IDP_NAME_1);
    FederatedAuthenticatorConfig federatedAuthenticatorConfig = new FederatedAuthenticatorConfig();
    federatedAuthenticatorConfig.setName("Federated authenticator");
    identityProvider.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { federatedAuthenticatorConfig });
    authenticationStep.setFederatedIdentityProviders(new IdentityProvider[] { identityProvider });
    LocalAuthenticatorConfig localAuthenticatorConfig = new LocalAuthenticatorConfig();
    localAuthenticatorConfig.setName("Local authenticator");
    authenticationStep.setLocalAuthenticatorConfigs(new LocalAuthenticatorConfig[] { localAuthenticatorConfig });
    authenticationConfig.setAuthenticationSteps(new AuthenticationStep[] { authenticationStep });
    serviceProvider.setLocalAndOutBoundAuthenticationConfig(authenticationConfig);
    // Request Path Authenticator Configuration.
    RequestPathAuthenticatorConfig requestPathAuthenticatorConfig = new RequestPathAuthenticatorConfig();
    requestPathAuthenticatorConfig.setName("Request path authenticator");
    serviceProvider.setRequestPathAuthenticatorConfigs(new RequestPathAuthenticatorConfig[] { requestPathAuthenticatorConfig });
    // Claim Configurations.
    ClaimConfig claimConfig = new ClaimConfig();
    claimConfig.setRoleClaimURI("Role claim uri");
    claimConfig.setSpClaimDialects(new String[] { "SP claim dialect" });
    ClaimMapping claimMapping = new ClaimMapping();
    Claim localClaim = new Claim();
    localClaim.setClaimUri("Local claim uri");
    Claim remoteClaim = new Claim();
    remoteClaim.setClaimUri("Remote claim uri");
    claimMapping.setLocalClaim(localClaim);
    claimMapping.setRemoteClaim(remoteClaim);
    claimConfig.setClaimMappings(new ClaimMapping[] { claimMapping });
    serviceProvider.setClaimConfig(claimConfig);
    // Permission Role Configurations.
    PermissionsAndRoleConfig permissionsAndRoleConfig = new PermissionsAndRoleConfig();
    RoleMapping roleMapping = new RoleMapping();
    LocalRole localRole = new LocalRole("Local role");
    roleMapping.setLocalRole(localRole);
    roleMapping.setRemoteRole("Remote role");
    RoleMapping[] roleMappings = new RoleMapping[] { roleMapping };
    permissionsAndRoleConfig.setRoleMappings(roleMappings);
}
Also used : InboundProvisioningConfig(org.wso2.carbon.identity.application.common.model.InboundProvisioningConfig) InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) AuthenticationStep(org.wso2.carbon.identity.application.common.model.AuthenticationStep) InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping) OutboundProvisioningConfig(org.wso2.carbon.identity.application.common.model.OutboundProvisioningConfig) ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) LocalAndOutboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig) ClaimConfig(org.wso2.carbon.identity.application.common.model.ClaimConfig) PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig) RequestPathAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig) LocalRole(org.wso2.carbon.identity.application.common.model.LocalRole) ProvisioningConnectorConfig(org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig) Claim(org.wso2.carbon.identity.application.common.model.Claim)

Example 13 with PermissionsAndRoleConfig

use of org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig in project product-is by wso2.

the class IdentityProviderManagementTestCase method createIdpWithRoleMappings.

private void createIdpWithRoleMappings(String idpName) {
    try {
        IdentityProvider identityProvider = new IdentityProvider();
        identityProvider.setIdentityProviderName(idpName);
        PermissionsAndRoleConfig permissionsAndRoleConfig = new PermissionsAndRoleConfig();
        RoleMapping roleMapping = new RoleMapping();
        LocalRole localRole = new LocalRole();
        localRole.setLocalRoleName("umRole1");
        localRole.setUserStoreId("primary");
        roleMapping.setLocalRole(localRole);
        roleMapping.setRemoteRole("role1");
        permissionsAndRoleConfig.addRoleMappings(roleMapping);
        identityProvider.setPermissionAndRoleConfig(permissionsAndRoleConfig);
        identityProviderMgtServiceClient.addIdP(identityProvider);
    } catch (Exception e) {
        Assert.fail("Error while trying to create identity provider", e);
    }
}
Also used : PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.idp.xsd.PermissionsAndRoleConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.idp.xsd.IdentityProvider) LocalRole(org.wso2.carbon.identity.application.common.model.idp.xsd.LocalRole) RoleMapping(org.wso2.carbon.identity.application.common.model.idp.xsd.RoleMapping)

Example 14 with PermissionsAndRoleConfig

use of org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig in project product-is by wso2.

the class ApplicationManagementTestCase method testUpdateRoles.

@Test(alwaysRun = true, description = "Testing update Roles")
public void testUpdateRoles() {
    String applicationName = "TestServiceProvider";
    try {
        ServiceProvider serviceProvider = applicationManagementServiceClient.getApplication(applicationName);
        PermissionsAndRoleConfig permAndRoleConfig = new PermissionsAndRoleConfig();
        List<RoleMapping> roleMappingList = new ArrayList<RoleMapping>();
        RoleMapping mapping = new RoleMapping();
        LocalRole localRole = new LocalRole();
        localRole.setLocalRoleName("idpRole_1");
        mapping.setLocalRole(localRole);
        mapping.setRemoteRole("spRole_1");
        roleMappingList.add(mapping);
        permAndRoleConfig.setRoleMappings(roleMappingList.toArray(new RoleMapping[roleMappingList.size()]));
        serviceProvider.setPermissionAndRoleConfig(permAndRoleConfig);
        applicationManagementServiceClient.updateApplicationData(serviceProvider);
        ServiceProvider updatedServiceProvider = applicationManagementServiceClient.getApplication(applicationName);
        PermissionsAndRoleConfig updatedPermissionsAndRoleConfig = updatedServiceProvider.getPermissionAndRoleConfig();
        Assert.assertEquals(updatedPermissionsAndRoleConfig.getRoleMappings()[0].getLocalRole().getLocalRoleName(), "idpRole_1", "Failed update local role");
        Assert.assertEquals(updatedPermissionsAndRoleConfig.getRoleMappings()[0].getRemoteRole(), "spRole_1", "Failed update remote role");
    } catch (Exception e) {
        Assert.fail("Error while trying to update Roles", e);
    }
}
Also used : ServiceProvider(org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider) ArrayList(java.util.ArrayList) ISIntegrationTest(org.wso2.identity.integration.common.utils.ISIntegrationTest)

Example 15 with PermissionsAndRoleConfig

use of org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig in project identity-api-server by wso2.

the class ServerIdpManagementService method createRoleResponse.

private Roles createRoleResponse(IdentityProvider identityProvider) {
    PermissionsAndRoleConfig permissionsAndRoleConfig = identityProvider.getPermissionAndRoleConfig();
    Roles roleConfig = new Roles();
    List<org.wso2.carbon.identity.api.server.idp.v1.model.RoleMapping> apiRoleMappings = new ArrayList<>();
    if (permissionsAndRoleConfig != null) {
        if (permissionsAndRoleConfig.getRoleMappings() != null) {
            for (RoleMapping roleMapping : permissionsAndRoleConfig.getRoleMappings()) {
                org.wso2.carbon.identity.api.server.idp.v1.model.RoleMapping apiRoleMapping = new org.wso2.carbon.identity.api.server.idp.v1.model.RoleMapping();
                apiRoleMapping.setIdpRole(roleMapping.getRemoteRole());
                apiRoleMapping.setLocalRole(IdentityUtil.addDomainToName(roleMapping.getLocalRole().getLocalRoleName(), roleMapping.getLocalRole().getUserStoreId()));
                apiRoleMappings.add(apiRoleMapping);
            }
        }
    }
    roleConfig.setMappings(apiRoleMappings);
    String provRoles = identityProvider.getProvisioningRole();
    if (StringUtils.isNotBlank(provRoles)) {
        roleConfig.setOutboundProvisioningRoles(Arrays.asList(provRoles.split(",")));
    }
    return roleConfig;
}
Also used : ArrayList(java.util.ArrayList) Roles(org.wso2.carbon.identity.api.server.idp.v1.model.Roles) RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping) PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig)

Aggregations

PermissionsAndRoleConfig (org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig)20 RoleMapping (org.wso2.carbon.identity.application.common.model.RoleMapping)16 ArrayList (java.util.ArrayList)10 LocalRole (org.wso2.carbon.identity.application.common.model.LocalRole)10 ClaimConfig (org.wso2.carbon.identity.application.common.model.ClaimConfig)9 IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)9 Claim (org.wso2.carbon.identity.application.common.model.Claim)7 ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)7 FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)7 ProvisioningConnectorConfig (org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig)7 IdentityProviderProperty (org.wso2.carbon.identity.application.common.model.IdentityProviderProperty)6 Property (org.wso2.carbon.identity.application.common.model.Property)6 DataProvider (org.testng.annotations.DataProvider)4 Test (org.testng.annotations.Test)4 ServiceProvider (org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider)4 HashSet (java.util.HashSet)3 IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)3 PermissionsAndRoleConfig (org.wso2.carbon.identity.application.common.model.xsd.PermissionsAndRoleConfig)3 Connection (java.sql.Connection)2 PreparedStatement (java.sql.PreparedStatement)2