Examples with IdentityMgtEventListener org.wso2.carbon.identity.mgt.IdentityMgtEventListener used on opensource projects

Example 6 with IdentityMgtEventListener

use of org.wso2.carbon.identity.mgt.IdentityMgtEventListener in project identity-governance by wso2-extensions.

the class IdentityMgtServiceComponent method activate.

@Activate
protected void activate(ComponentContext context) {
    try {
        IdentityMgtEventListener listener = new IdentityMgtEventListener();
        context.getBundleContext().registerService(UserOperationEventListener.class, listener, null);
        context.getBundleContext().registerService(UserOperationEventListener.class, new IdentityStoreEventListener(), null);
        IdentityGovernanceServiceImpl identityGovernanceService = new IdentityGovernanceServiceImpl();
        context.getBundleContext().registerService(IdentityGovernanceService.class, identityGovernanceService, null);
        IdentityMgtServiceDataHolder.getInstance().setIdentityGovernanceService(identityGovernanceService);
        DefaultNotificationChannelManager defaultNotificationChannelManager = new DefaultNotificationChannelManager();
        context.getBundleContext().registerService(NotificationChannelManager.class.getName(), defaultNotificationChannelManager, null);
        if (log.isDebugEnabled()) {
            log.debug("Identity Management Listener is enabled");
        }
    } catch (Exception e) {
        log.error("Error while activating identity governance component.", e);
    }
}

Example 7 with IdentityMgtEventListener

use of org.wso2.carbon.identity.mgt.IdentityMgtEventListener in project carbon-identity-framework by wso2.

the class IdentityMgtEventListener method doPreAuthenticate.

/**
 * This method checks if the user account exist or is locked. If the account is
 * locked, the authentication process will be terminated after this method
 * returning false.
 */
@Override
public boolean doPreAuthenticate(String userName, Object credential, UserStoreManager userStoreManager) throws UserStoreException {
    if (!isEnable()) {
        return true;
    }
    // Top level try and finally blocks are used to unset thread local variables
    try {
        if (!IdentityUtil.threadLocalProperties.get().containsKey(DO_PRE_AUTHENTICATE)) {
            IdentityUtil.threadLocalProperties.get().put(DO_PRE_AUTHENTICATE, true);
            if (log.isDebugEnabled()) {
                log.debug("Pre authenticator is called in IdentityMgtEventListener");
            }
            IdentityUtil.clearIdentityErrorMsg();
            IdentityMgtConfig config = IdentityMgtConfig.getInstance();
            if (!config.isEnableAuthPolicy()) {
                return true;
            }
            String domainName = userStoreManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
            String usernameWithDomain = UserCoreUtil.addDomainToName(userName, domainName);
            boolean isUserExistInCurrentDomain = userStoreManager.isExistingUser(usernameWithDomain);
            if (!isUserExistInCurrentDomain) {
                IdentityErrorMsgContext customErrorMessageContext = new IdentityErrorMsgContext(UserCoreConstants.ErrorCode.USER_DOES_NOT_EXIST);
                IdentityUtil.setIdentityErrorMsg(customErrorMessageContext);
                if (log.isDebugEnabled()) {
                    log.debug("Username :" + userName + "does not exists in the system, ErrorCode :" + UserCoreConstants.ErrorCode.USER_DOES_NOT_EXIST);
                }
                if (config.isAuthPolicyAccountExistCheck()) {
                    throw new UserStoreException(UserCoreConstants.ErrorCode.USER_DOES_NOT_EXIST);
                }
            } else {
                UserIdentityClaimsDO userIdentityDTO = module.load(userName, userStoreManager);
                if (userIdentityDTO == null) {
                    return true;
                }
                // If account is disabled, user should not be able to log in
                if (userIdentityDTO.getIsAccountDisabled()) {
                    IdentityErrorMsgContext customErrorMessageContext = new IdentityErrorMsgContext(IdentityCoreConstants.USER_ACCOUNT_DISABLED);
                    IdentityUtil.setIdentityErrorMsg(customErrorMessageContext);
                    String errorMsg = "User account is disabled for user : " + userName;
                    log.warn(errorMsg);
                    throw new UserStoreException(IdentityCoreConstants.USER_ACCOUNT_DISABLED_ERROR_CODE + " " + errorMsg);
                }
                // if the account is locked, should not be able to log in
                if (userIdentityDTO.isAccountLocked()) {
                    // If unlock time is specified then unlock the account.
                    if ((userIdentityDTO.getUnlockTime() != 0) && (System.currentTimeMillis() >= userIdentityDTO.getUnlockTime())) {
                        userIdentityDTO.getUserDataMap().put(UserIdentityDataStore.ACCOUNT_LOCKED_REASON, "");
                        userIdentityDTO.setAccountLock(false);
                        userIdentityDTO.setUnlockTime(0);
                        try {
                            module.store(userIdentityDTO, userStoreManager);
                        } catch (IdentityException e) {
                            throw new UserStoreException("Error while saving user store data for user : " + userName, e);
                        }
                    } else {
                        IdentityErrorMsgContext customErrorMessageContext = new IdentityErrorMsgContext(UserCoreConstants.ErrorCode.USER_IS_LOCKED + ":" + userIdentityDTO.getUserDataMap().get(UserIdentityDataStore.ACCOUNT_LOCKED_REASON), userIdentityDTO.getFailAttempts(), config.getAuthPolicyMaxLoginAttempts());
                        if (IdentityMgtConstants.LockedReason.MAX_ATTEMTS_EXCEEDED.toString().equals(userIdentityDTO.getUserDataMap().get(UserIdentityDataStore.ACCOUNT_LOCKED_REASON))) {
                            customErrorMessageContext.setFailedLoginAttempts(config.getAuthPolicyMaxLoginAttempts());
                        }
                        IdentityUtil.setIdentityErrorMsg(customErrorMessageContext);
                        String errorMsg = "User account is locked for user : " + userName + ". cannot login until the account is unlocked ";
                        log.warn(errorMsg);
                        throw new UserStoreException(UserCoreConstants.ErrorCode.USER_IS_LOCKED + " " + errorMsg);
                    }
                }
            }
        }
        return true;
    } finally {
        // remove thread local variable
        IdentityUtil.threadLocalProperties.get().remove(DO_PRE_AUTHENTICATE);
    }
}

Example 8 with IdentityMgtEventListener

use of org.wso2.carbon.identity.mgt.IdentityMgtEventListener in project carbon-identity-framework by wso2.

the class IdentityMgtEventListener method doPreAddUser.

/**
 * This method will set the default/random password if the password provided is
 * null. The thread local parameter EMPTY_PASSWORD_USED will be used to
 * track if the password empty in the doPostAddUser.
 * This method will filter the security question URIs from claims and put those
 * to the thread local properties.
 */
@Override
public boolean doPreAddUser(String userName, Object credential, String[] roleList, Map<String, String> claims, String profile, UserStoreManager userStoreManager) throws UserStoreException {
    if (!isEnable()) {
        return true;
    }
    if (log.isDebugEnabled()) {
        log.debug("Pre add user is called in IdentityMgtEventListener");
    }
    // Removing existing thread local before setting
    IdentityUtil.threadLocalProperties.get().remove(EMPTY_PASSWORD_USED);
    IdentityUtil.threadLocalProperties.get().remove(USER_IDENTITY_DO);
    IdentityMgtConfig config = IdentityMgtConfig.getInstance();
    try {
        // Enforcing the password policies.
        if (credential != null && (credential instanceof StringBuffer && (credential.toString().trim().length() > 0))) {
            policyRegistry.enforcePasswordPolicies(credential.toString(), userName);
        }
    } catch (PolicyViolationException pe) {
        throw new UserStoreException(pe.getMessage(), pe);
    }
    // empty password account creation
    if (credential == null || (credential instanceof StringBuffer && (credential.toString().trim().length() < 1))) {
        if (!config.isEnableTemporaryPassword()) {
            log.error("Temporary password property is disabled");
            throw new UserStoreException(ASK_PASSWORD_FEATURE_IS_DISABLED);
        }
        if (log.isDebugEnabled()) {
            log.debug("Credentials are null. Using a temporary password as credentials");
        }
        // setting the thread-local to check in doPostAddUser
        IdentityUtil.threadLocalProperties.get().put(EMPTY_PASSWORD_USED, true);
        // temporary passwords will be used
        char[] temporaryPassword = null;
        temporaryPassword = UserIdentityManagementUtil.generateTemporaryPassword();
        // setting the password value
        ((StringBuffer) credential).replace(0, temporaryPassword.length, new String(temporaryPassword));
    }
    // Filtering security question URIs from claims and add them to the thread local dto
    Map<String, String> userDataMap = new HashMap<String, String>();
    // TODO why challenge Q
    Iterator<Entry<String, String>> it = claims.entrySet().iterator();
    while (it.hasNext()) {
        Entry<String, String> claim = it.next();
        if (claim.getKey().contains(UserCoreConstants.ClaimTypeURIs.CHALLENGE_QUESTION_URI) || claim.getKey().contains(UserCoreConstants.ClaimTypeURIs.IDENTITY_CLAIM_URI)) {
            userDataMap.put(claim.getKey(), claim.getValue());
            it.remove();
        }
    }
    UserIdentityClaimsDO identityDTO = new UserIdentityClaimsDO(userName, userDataMap);
    identityDTO.setTenantId(userStoreManager.getTenantId());
    // adding dto to thread local to be read again from the doPostAddUser method
    IdentityUtil.threadLocalProperties.get().put(USER_IDENTITY_DO, identityDTO);
    return true;
}

Example 9 with IdentityMgtEventListener

use of org.wso2.carbon.identity.mgt.IdentityMgtEventListener in project carbon-identity-framework by wso2.

the class UserIdentityManagementUtil method enableUserAccount.

/**
 * Enable the user account
 *
 * @param userName
 * @param userStoreManager
 * @throws IdentityException
 */
public static void enableUserAccount(String userName, UserStoreManager userStoreManager) throws IdentityException {
    if (!isIdentityMgtListenerEnable()) {
        throw IdentityException.error("Cannot enable account, IdentityMgtEventListener is not enabled.");
    }
    String domainName = ((org.wso2.carbon.user.core.UserStoreManager) userStoreManager).getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
    userName = UserCoreUtil.addDomainToName(userName, domainName);
    try {
        if (!userStoreManager.isExistingUser(userName)) {
            log.error("User " + userName + " does not exist in tenant " + userStoreManager.getTenantId());
            throw IdentityException.error("No user account found for user " + userName + "to enable");
        }
    } catch (UserStoreException e) {
        log.error("Error while reading user identity data", e);
        throw IdentityException.error("Error while enabling user account " + userName);
    }
    UserIdentityDataStore store = IdentityMgtConfig.getInstance().getIdentityDataStore();
    UserIdentityClaimsDO userIdentityDO = store.load(UserCoreUtil.removeDomainFromName(userName), userStoreManager);
    if (userIdentityDO != null) {
        userIdentityDO.setAccountDisabled(false);
        store.store(userIdentityDO, userStoreManager);
    } else {
        throw IdentityException.error("No user account found for user " + userName);
    }
}

Example 10 with IdentityMgtEventListener

use of org.wso2.carbon.identity.mgt.IdentityMgtEventListener in project carbon-identity-framework by wso2.

the class UserIdentityManagementUtil method disableUserAccount.

/**
 * Disable the user account.
 *
 * @param userName
 * @param userStoreManager
 * @throws IdentityException
 */
public static void disableUserAccount(String userName, UserStoreManager userStoreManager) throws IdentityException {
    if (!isIdentityMgtListenerEnable()) {
        throw IdentityException.error("Cannot lock account, IdentityMgtEventListener is not enabled.");
    }
    String domainName = ((org.wso2.carbon.user.core.UserStoreManager) userStoreManager).getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
    userName = UserCoreUtil.addDomainToName(userName, domainName);
    try {
        if (!userStoreManager.isExistingUser(userName)) {
            log.error("User " + userName + " does not exist in tenant " + userStoreManager.getTenantId());
            throw IdentityException.error("No user account found for user " + userName + "to disable");
        }
    } catch (UserStoreException e) {
        log.error("Error while reading user identity data", e);
        throw IdentityException.error("Error while disabling user account : " + userName);
    }
    UserIdentityDataStore store = IdentityMgtConfig.getInstance().getIdentityDataStore();
    UserIdentityClaimsDO userIdentityDO = store.load(UserCoreUtil.removeDomainFromName(userName), userStoreManager);
    if (userIdentityDO != null) {
        userIdentityDO.setAccountDisabled(true);
        store.store(userIdentityDO, userStoreManager);
    } else {
        throw IdentityException.error("No user account found for user " + userName);
    }
}