Search in sources :

Example 21 with PermissionsAndRoleConfig

use of org.wso2.carbon.identity.application.common.model.xsd.PermissionsAndRoleConfig in project carbon-identity-framework by wso2.

the class ApplicationMgtUtilTest method testStorePermissions.

@Test
public void testStorePermissions() throws Exception {
    mockTenantRegistry();
    mockStatic(IdentityTenantUtil.class);
    doNothing().when(IdentityTenantUtil.class, "initializeRegistry", anyInt());
    when(mockCarbonContext.getTenantId()).thenReturn(SUPER_TENANT_ID);
    when(mockTenantRegistry.resourceExists(anyString())).thenReturn(FALSE);
    changeUserToAdmin();
    when(mockTenantRegistry.newCollection()).thenReturn(mockAppRootNode);
    PermissionsAndRoleConfig permissionsAndRoleConfig = new PermissionsAndRoleConfig();
    permissionsAndRoleConfig.setPermissions(applicationPermissions);
    Resource mockResource = mock(Resource.class);
    when(mockTenantRegistry.newResource()).thenReturn(mockResource);
    ApplicationMgtUtil.storePermissions(APPLICATION_NAME, USERNAME, permissionsAndRoleConfig);
    verify(mockTenantRegistry, times(1)).put(PERMISSION_PATH, mockAppRootNode);
    verify(mockTenantRegistry, times(1)).put(applicationNode, mockAppRootNode);
    verify(mockTenantRegistry, times(1)).put(applicationNode + PATH_CONSTANT + applicationPermission, mockResource);
}
Also used : PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig) Resource(org.wso2.carbon.registry.api.Resource) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 22 with PermissionsAndRoleConfig

use of org.wso2.carbon.identity.application.common.model.xsd.PermissionsAndRoleConfig in project carbon-identity-framework by wso2.

the class IdentityProviderManager method verifyAndUpdateRoleConfiguration.

private void verifyAndUpdateRoleConfiguration(String tenantDomain, int tenantId, PermissionsAndRoleConfig roleConfiguration) throws IdentityProviderManagementException {
    List<RoleMapping> validRoleMappings = new ArrayList<>();
    List<String> validIdPRoles = new ArrayList<>();
    for (RoleMapping mapping : roleConfiguration.getRoleMappings()) {
        try {
            if (mapping.getRemoteRole() == null || mapping.getLocalRole() == null || StringUtils.isBlank(mapping.getLocalRole().getLocalRoleName())) {
                continue;
            }
            UserStoreManager usm = IdPManagementServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
            String role = mapping.getLocalRole().getLocalRoleName();
            if (StringUtils.isNotBlank(mapping.getLocalRole().getUserStoreId())) {
                role = IdentityUtil.addDomainToName(role, mapping.getLocalRole().getUserStoreId());
            }
            if (IdentityUtil.isGroupsVsRolesSeparationImprovementsEnabled()) {
                // Only roles are allowed for role mapping.
                if (isGroup(role)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Groups including: " + role + ", are not allowed for the identity " + "provider role mapping.");
                    }
                    continue;
                }
            }
            // Remove invalid mappings if local role does not exists.
            if (usm.isExistingRole(role)) {
                validRoleMappings.add(mapping);
                validIdPRoles.add(mapping.getRemoteRole());
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Invalid local role name: " + role + " for the federated role: " + mapping.getRemoteRole());
                }
            }
        } catch (UserStoreException e) {
            throw new IdentityProviderManagementException("Error occurred while retrieving UserStoreManager for tenant " + tenantDomain, e);
        }
    }
    roleConfiguration.setRoleMappings(validRoleMappings.toArray(new RoleMapping[0]));
    roleConfiguration.setIdpRoles(validIdPRoles.toArray(new String[0]));
}
Also used : ArrayList(java.util.ArrayList) UserStoreException(org.wso2.carbon.user.api.UserStoreException) RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping) UserStoreManager(org.wso2.carbon.user.api.UserStoreManager)

Example 23 with PermissionsAndRoleConfig

use of org.wso2.carbon.identity.application.common.model.xsd.PermissionsAndRoleConfig in project carbon-identity-framework by wso2.

the class IdPManagementUIUtil method buildRoleConfiguration.

/**
 * @param fedIdp
 * @param paramMap
 * @param idpRoles
 * @param currentRoleMapping
 * @throws IdentityApplicationManagementException
 */
private static void buildRoleConfiguration(IdentityProvider fedIdp, Map<String, String> paramMap, List<String> idpRoles, RoleMapping[] currentRoleMapping) throws IdentityApplicationManagementException {
    PermissionsAndRoleConfig roleConfiguration = new PermissionsAndRoleConfig();
    roleConfiguration.setIdpRoles(idpRoles.toArray(new String[idpRoles.size()]));
    Set<RoleMapping> roleMappingList = new HashSet<RoleMapping>();
    String idpProvisioningRole = paramMap.get("idpProvisioningRole");
    fedIdp.setProvisioningRole(idpProvisioningRole);
    int attributesCount = 0;
    if (paramMap.get("rolemappingrow_name_count") != null) {
        attributesCount = Integer.parseInt(paramMap.get("rolemappingrow_name_count"));
    }
    for (int i = 0; i < attributesCount; i++) {
        String idPRoleName = paramMap.get("rolerowname_" + i);
        String localRoleString = paramMap.get("localrowname_" + i);
        if (idPRoleName != null && localRoleString != null) {
            String[] splitLocalRole = localRoleString.split("/");
            String userStoreId = null;
            String localRoleName = null;
            LocalRole localRole = null;
            if (splitLocalRole != null && splitLocalRole.length == 2) {
                userStoreId = splitLocalRole[0];
                localRoleName = splitLocalRole[1];
                localRole = new LocalRole();
                localRole.setUserStoreId(userStoreId);
                localRole.setLocalRoleName(localRoleName);
            } else {
                localRoleName = localRoleString;
                localRole = new LocalRole();
                localRole.setLocalRoleName(localRoleName);
            }
            RoleMapping roleMapping = new RoleMapping();
            roleMapping.setLocalRole(localRole);
            roleMapping.setRemoteRole(idPRoleName);
            roleMappingList.add(roleMapping);
        }
    }
    roleConfiguration.setRoleMappings(roleMappingList.toArray(new RoleMapping[roleMappingList.size()]));
    fedIdp.setPermissionAndRoleConfig(roleConfiguration);
}
Also used : PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.idp.xsd.PermissionsAndRoleConfig) LocalRole(org.wso2.carbon.identity.application.common.model.idp.xsd.LocalRole) RoleMapping(org.wso2.carbon.identity.application.common.model.idp.xsd.RoleMapping) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet)

Example 24 with PermissionsAndRoleConfig

use of org.wso2.carbon.identity.application.common.model.xsd.PermissionsAndRoleConfig in project identity-inbound-auth-oauth by wso2-extensions.

the class DefaultOIDCClaimsCallbackHandlerTest method getSpWithRequestedClaimsMappings.

private ServiceProvider getSpWithRequestedClaimsMappings(ClaimMapping[] claimMappings) {
    ServiceProvider serviceProvider = new ServiceProvider();
    serviceProvider.setApplicationName(SERVICE_PROVIDER_NAME);
    ClaimConfig claimConfig = new ClaimConfig();
    claimConfig.setClaimMappings(claimMappings);
    serviceProvider.setClaimConfig(claimConfig);
    PermissionsAndRoleConfig permissionsAndRoleConfig = new PermissionsAndRoleConfig();
    serviceProvider.setPermissionAndRoleConfig(permissionsAndRoleConfig);
    return serviceProvider;
}
Also used : ClaimConfig(org.wso2.carbon.identity.application.common.model.ClaimConfig) PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider)

Example 25 with PermissionsAndRoleConfig

use of org.wso2.carbon.identity.application.common.model.xsd.PermissionsAndRoleConfig in project identity-inbound-auth-oauth by wso2-extensions.

the class SAML2BearerGrantHandler method getUpdatedRoleClaimValue.

/**
 * This method will update the role claim value received from the IdP using the defined role claim configuration
 * for the IdP.
 * Also, if "ReturnOnlyMappedLocalRoles" configuration is enabled, then server will only return the mapped role
 * values.
 *
 * @param identityProvider      identity provider
 * @param currentRoleClaimValue current role claim value.
 * @return updated role claim string
 */
private String getUpdatedRoleClaimValue(IdentityProvider identityProvider, String currentRoleClaimValue) {
    if (StringUtils.equalsIgnoreCase(IdentityApplicationConstants.RESIDENT_IDP_RESERVED_NAME, identityProvider.getIdentityProviderName())) {
        return currentRoleClaimValue;
    }
    PermissionsAndRoleConfig permissionAndRoleConfig = identityProvider.getPermissionAndRoleConfig();
    if (permissionAndRoleConfig != null && ArrayUtils.isNotEmpty(permissionAndRoleConfig.getRoleMappings())) {
        String[] receivedRoles = currentRoleClaimValue.split(FrameworkUtils.getMultiAttributeSeparator());
        List<String> updatedRoleClaimValues = new ArrayList<>();
        loop: for (String receivedRole : receivedRoles) {
            for (RoleMapping roleMapping : permissionAndRoleConfig.getRoleMappings()) {
                if (roleMapping.getRemoteRole().equals(receivedRole)) {
                    updatedRoleClaimValues.add(roleMapping.getLocalRole().getLocalRoleName());
                    continue loop;
                }
            }
            if (!OAuthServerConfiguration.getInstance().isReturnOnlyMappedLocalRoles()) {
                updatedRoleClaimValues.add(receivedRole);
            }
        }
        if (!updatedRoleClaimValues.isEmpty()) {
            return StringUtils.join(updatedRoleClaimValues, FrameworkUtils.getMultiAttributeSeparator());
        }
        return null;
    }
    if (!OAuthServerConfiguration.getInstance().isReturnOnlyMappedLocalRoles()) {
        return currentRoleClaimValue;
    }
    return null;
}
Also used : PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig) ArrayList(java.util.ArrayList) RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping)

Aggregations

PermissionsAndRoleConfig (org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig)20 RoleMapping (org.wso2.carbon.identity.application.common.model.RoleMapping)16 ArrayList (java.util.ArrayList)10 LocalRole (org.wso2.carbon.identity.application.common.model.LocalRole)10 ClaimConfig (org.wso2.carbon.identity.application.common.model.ClaimConfig)9 IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)9 Claim (org.wso2.carbon.identity.application.common.model.Claim)7 ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)7 FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)7 ProvisioningConnectorConfig (org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig)7 IdentityProviderProperty (org.wso2.carbon.identity.application.common.model.IdentityProviderProperty)6 Property (org.wso2.carbon.identity.application.common.model.Property)6 DataProvider (org.testng.annotations.DataProvider)4 Test (org.testng.annotations.Test)4 ServiceProvider (org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider)4 HashSet (java.util.HashSet)3 IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)3 PermissionsAndRoleConfig (org.wso2.carbon.identity.application.common.model.xsd.PermissionsAndRoleConfig)3 Connection (java.sql.Connection)2 PreparedStatement (java.sql.PreparedStatement)2