use of org.wso2.carbon.identity.application.common.model.xsd.PermissionsAndRoleConfig in project carbon-identity-framework by wso2.
the class ApplicationMgtUtilTest method testStorePermissions.
@Test
public void testStorePermissions() throws Exception {
mockTenantRegistry();
mockStatic(IdentityTenantUtil.class);
doNothing().when(IdentityTenantUtil.class, "initializeRegistry", anyInt());
when(mockCarbonContext.getTenantId()).thenReturn(SUPER_TENANT_ID);
when(mockTenantRegistry.resourceExists(anyString())).thenReturn(FALSE);
changeUserToAdmin();
when(mockTenantRegistry.newCollection()).thenReturn(mockAppRootNode);
PermissionsAndRoleConfig permissionsAndRoleConfig = new PermissionsAndRoleConfig();
permissionsAndRoleConfig.setPermissions(applicationPermissions);
Resource mockResource = mock(Resource.class);
when(mockTenantRegistry.newResource()).thenReturn(mockResource);
ApplicationMgtUtil.storePermissions(APPLICATION_NAME, USERNAME, permissionsAndRoleConfig);
verify(mockTenantRegistry, times(1)).put(PERMISSION_PATH, mockAppRootNode);
verify(mockTenantRegistry, times(1)).put(applicationNode, mockAppRootNode);
verify(mockTenantRegistry, times(1)).put(applicationNode + PATH_CONSTANT + applicationPermission, mockResource);
}
use of org.wso2.carbon.identity.application.common.model.xsd.PermissionsAndRoleConfig in project carbon-identity-framework by wso2.
the class IdentityProviderManager method verifyAndUpdateRoleConfiguration.
private void verifyAndUpdateRoleConfiguration(String tenantDomain, int tenantId, PermissionsAndRoleConfig roleConfiguration) throws IdentityProviderManagementException {
List<RoleMapping> validRoleMappings = new ArrayList<>();
List<String> validIdPRoles = new ArrayList<>();
for (RoleMapping mapping : roleConfiguration.getRoleMappings()) {
try {
if (mapping.getRemoteRole() == null || mapping.getLocalRole() == null || StringUtils.isBlank(mapping.getLocalRole().getLocalRoleName())) {
continue;
}
UserStoreManager usm = IdPManagementServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
String role = mapping.getLocalRole().getLocalRoleName();
if (StringUtils.isNotBlank(mapping.getLocalRole().getUserStoreId())) {
role = IdentityUtil.addDomainToName(role, mapping.getLocalRole().getUserStoreId());
}
if (IdentityUtil.isGroupsVsRolesSeparationImprovementsEnabled()) {
// Only roles are allowed for role mapping.
if (isGroup(role)) {
if (log.isDebugEnabled()) {
log.debug("Groups including: " + role + ", are not allowed for the identity " + "provider role mapping.");
}
continue;
}
}
// Remove invalid mappings if local role does not exists.
if (usm.isExistingRole(role)) {
validRoleMappings.add(mapping);
validIdPRoles.add(mapping.getRemoteRole());
} else {
if (log.isDebugEnabled()) {
log.debug("Invalid local role name: " + role + " for the federated role: " + mapping.getRemoteRole());
}
}
} catch (UserStoreException e) {
throw new IdentityProviderManagementException("Error occurred while retrieving UserStoreManager for tenant " + tenantDomain, e);
}
}
roleConfiguration.setRoleMappings(validRoleMappings.toArray(new RoleMapping[0]));
roleConfiguration.setIdpRoles(validIdPRoles.toArray(new String[0]));
}
use of org.wso2.carbon.identity.application.common.model.xsd.PermissionsAndRoleConfig in project carbon-identity-framework by wso2.
the class IdPManagementUIUtil method buildRoleConfiguration.
/**
* @param fedIdp
* @param paramMap
* @param idpRoles
* @param currentRoleMapping
* @throws IdentityApplicationManagementException
*/
private static void buildRoleConfiguration(IdentityProvider fedIdp, Map<String, String> paramMap, List<String> idpRoles, RoleMapping[] currentRoleMapping) throws IdentityApplicationManagementException {
PermissionsAndRoleConfig roleConfiguration = new PermissionsAndRoleConfig();
roleConfiguration.setIdpRoles(idpRoles.toArray(new String[idpRoles.size()]));
Set<RoleMapping> roleMappingList = new HashSet<RoleMapping>();
String idpProvisioningRole = paramMap.get("idpProvisioningRole");
fedIdp.setProvisioningRole(idpProvisioningRole);
int attributesCount = 0;
if (paramMap.get("rolemappingrow_name_count") != null) {
attributesCount = Integer.parseInt(paramMap.get("rolemappingrow_name_count"));
}
for (int i = 0; i < attributesCount; i++) {
String idPRoleName = paramMap.get("rolerowname_" + i);
String localRoleString = paramMap.get("localrowname_" + i);
if (idPRoleName != null && localRoleString != null) {
String[] splitLocalRole = localRoleString.split("/");
String userStoreId = null;
String localRoleName = null;
LocalRole localRole = null;
if (splitLocalRole != null && splitLocalRole.length == 2) {
userStoreId = splitLocalRole[0];
localRoleName = splitLocalRole[1];
localRole = new LocalRole();
localRole.setUserStoreId(userStoreId);
localRole.setLocalRoleName(localRoleName);
} else {
localRoleName = localRoleString;
localRole = new LocalRole();
localRole.setLocalRoleName(localRoleName);
}
RoleMapping roleMapping = new RoleMapping();
roleMapping.setLocalRole(localRole);
roleMapping.setRemoteRole(idPRoleName);
roleMappingList.add(roleMapping);
}
}
roleConfiguration.setRoleMappings(roleMappingList.toArray(new RoleMapping[roleMappingList.size()]));
fedIdp.setPermissionAndRoleConfig(roleConfiguration);
}
use of org.wso2.carbon.identity.application.common.model.xsd.PermissionsAndRoleConfig in project identity-inbound-auth-oauth by wso2-extensions.
the class DefaultOIDCClaimsCallbackHandlerTest method getSpWithRequestedClaimsMappings.
private ServiceProvider getSpWithRequestedClaimsMappings(ClaimMapping[] claimMappings) {
ServiceProvider serviceProvider = new ServiceProvider();
serviceProvider.setApplicationName(SERVICE_PROVIDER_NAME);
ClaimConfig claimConfig = new ClaimConfig();
claimConfig.setClaimMappings(claimMappings);
serviceProvider.setClaimConfig(claimConfig);
PermissionsAndRoleConfig permissionsAndRoleConfig = new PermissionsAndRoleConfig();
serviceProvider.setPermissionAndRoleConfig(permissionsAndRoleConfig);
return serviceProvider;
}
use of org.wso2.carbon.identity.application.common.model.xsd.PermissionsAndRoleConfig in project identity-inbound-auth-oauth by wso2-extensions.
the class SAML2BearerGrantHandler method getUpdatedRoleClaimValue.
/**
* This method will update the role claim value received from the IdP using the defined role claim configuration
* for the IdP.
* Also, if "ReturnOnlyMappedLocalRoles" configuration is enabled, then server will only return the mapped role
* values.
*
* @param identityProvider identity provider
* @param currentRoleClaimValue current role claim value.
* @return updated role claim string
*/
private String getUpdatedRoleClaimValue(IdentityProvider identityProvider, String currentRoleClaimValue) {
if (StringUtils.equalsIgnoreCase(IdentityApplicationConstants.RESIDENT_IDP_RESERVED_NAME, identityProvider.getIdentityProviderName())) {
return currentRoleClaimValue;
}
PermissionsAndRoleConfig permissionAndRoleConfig = identityProvider.getPermissionAndRoleConfig();
if (permissionAndRoleConfig != null && ArrayUtils.isNotEmpty(permissionAndRoleConfig.getRoleMappings())) {
String[] receivedRoles = currentRoleClaimValue.split(FrameworkUtils.getMultiAttributeSeparator());
List<String> updatedRoleClaimValues = new ArrayList<>();
loop: for (String receivedRole : receivedRoles) {
for (RoleMapping roleMapping : permissionAndRoleConfig.getRoleMappings()) {
if (roleMapping.getRemoteRole().equals(receivedRole)) {
updatedRoleClaimValues.add(roleMapping.getLocalRole().getLocalRoleName());
continue loop;
}
}
if (!OAuthServerConfiguration.getInstance().isReturnOnlyMappedLocalRoles()) {
updatedRoleClaimValues.add(receivedRole);
}
}
if (!updatedRoleClaimValues.isEmpty()) {
return StringUtils.join(updatedRoleClaimValues, FrameworkUtils.getMultiAttributeSeparator());
}
return null;
}
if (!OAuthServerConfiguration.getInstance().isReturnOnlyMappedLocalRoles()) {
return currentRoleClaimValue;
}
return null;
}
Aggregations