Example 1 with ConfigBuilder
use of org.wso2.carbon.identity.mgt.config.ConfigBuilder in project carbon-identity-framework by wso2.
the class NotificationManagementServiceComponent method addNotificationSendingModule.
/**
* Will register message sending modules dynamically. This method is used to bind the notification sending
* modules in to msg mgt component
*
* @param module MessageSendingModule
*/
@Reference(name = "ldap.tenant.manager.listener.service", service = NotificationSendingModule.class, cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC, unbind = "removeNotificationSendingModule")
protected void addNotificationSendingModule(NotificationSendingModule module) throws MessageRemovedException {
ModuleConfiguration moduleConfiguration;
if (StringUtils.isEmpty(module.getModuleName())) {
if (log.isDebugEnabled()) {
log.debug("Cannot register module without a valid module name");
}
return;
}
if (log.isDebugEnabled()) {
log.debug("Registering a message sending module " + module.getModuleName());
}
if (configBuilder != null) {
moduleConfiguration = configBuilder.getModuleConfigurations(module.getModuleName());
} else {
moduleConfiguration = new ModuleConfiguration();
}
try {
module.init(moduleConfiguration);
notificationSendingModules.add(module);
} catch (NotificationManagementException e) {
log.error("Error while initializing Notification sending module " + module.getModuleName(), e);
}
}
Also used :
ModuleConfiguration(org.wso2.carbon.identity.notification.mgt.bean.ModuleConfiguration)
NotificationManagementException(org.wso2.carbon.identity.notification.mgt.NotificationManagementException)
Reference(org.osgi.service.component.annotations.Reference)
Example 2 with ConfigBuilder
use of org.wso2.carbon.identity.mgt.config.ConfigBuilder in project carbon-identity-framework by wso2.
the class AccountCredentialMgtConfigService method getEmailConfig.
/**
* This method is used to load the tenant specific Email template configurations.
*
* @return an array of templates.
* @throws IdentityMgtServiceException
*/
public EmailTemplateDTO[] getEmailConfig() throws IdentityMgtServiceException {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
Config emailConfig = null;
EmailTemplateDTO[] templates = null;
ConfigBuilder configBuilder = ConfigBuilder.getInstance();
try {
emailConfig = configBuilder.loadConfiguration(ConfigType.EMAIL, StorageType.REGISTRY, tenantId);
if (emailConfig != null) {
templates = EmailConfigTransformer.transform(emailConfig.getProperties());
}
} catch (Exception e) {
log.error("Error occurred while loading email configuration", e);
throw new IdentityMgtServiceException("Error occurred while loading email configuration");
}
return templates;
}
Also used :
EmailTemplateDTO(org.wso2.carbon.identity.mgt.dto.EmailTemplateDTO)
IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException)
Config(org.wso2.carbon.identity.mgt.config.Config)
EmailNotificationConfig(org.wso2.carbon.identity.mgt.config.EmailNotificationConfig)
ConfigBuilder(org.wso2.carbon.identity.mgt.config.ConfigBuilder)
IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException)
Example 3 with ConfigBuilder
use of org.wso2.carbon.identity.mgt.config.ConfigBuilder in project carbon-identity-framework by wso2.
the class AccountCredentialMgtConfigService method saveEmailConfig.
/**
* This method is used to save the Email template configurations which is specific to tenant.
*
* @param emailTemplates - Email templates to be saved.
* @throws IdentityMgtServiceException
*/
public void saveEmailConfig(EmailTemplateDTO[] emailTemplates) throws IdentityMgtServiceException {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
EmailNotificationConfig emailConfig = new EmailNotificationConfig();
ConfigBuilder configBuilder = ConfigBuilder.getInstance();
try {
Properties props = EmailConfigTransformer.transform(emailTemplates);
emailConfig.setProperties(props);
configBuilder.saveConfiguration(StorageType.REGISTRY, tenantId, emailConfig);
} catch (Exception e) {
log.error("Error occurred while saving email configuration", e);
throw new IdentityMgtServiceException("Error occurred while saving email configuration");
}
}
Also used :
EmailNotificationConfig(org.wso2.carbon.identity.mgt.config.EmailNotificationConfig)
IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException)
ConfigBuilder(org.wso2.carbon.identity.mgt.config.ConfigBuilder)
Properties(java.util.Properties)
IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException)
Example 4 with ConfigBuilder
use of org.wso2.carbon.identity.mgt.config.ConfigBuilder in project carbon-identity-framework by wso2.
the class IdentityMgtEventListener method doPostAuthenticate.
/**
* This method locks the accounts after a configured number of
* authentication failure attempts. And unlocks accounts based on successful
* authentications.
*/
@Override
public boolean doPostAuthenticate(String userName, boolean authenticated, UserStoreManager userStoreManager) throws UserStoreException {
if (!isEnable()) {
return true;
}
IdentityUtil.threadLocalProperties.get().remove(IdentityCoreConstants.USER_ACCOUNT_STATE);
String domainName = userStoreManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
String usernameWithDomain = IdentityUtil.addDomainToName(userName, domainName);
boolean isUserExistInCurrentDomain = userStoreManager.isExistingUser(usernameWithDomain);
if (authenticated && isUserExistInCurrentDomain) {
if (isUserExistInCurrentDomain) {
UserIdentityClaimsDO userIdentityDTO = module.load(userName, userStoreManager);
userIdentityDTO.setLastLogonTime(System.currentTimeMillis());
try {
module.store(userIdentityDTO, userStoreManager);
} catch (IdentityException e) {
throw new UserStoreException(String.format("Error while saving user store data : %s for user : %s.", UserIdentityDataStore.LAST_LOGON_TIME, userName), e);
}
}
}
// Top level try and finally blocks are used to unset thread local variables
try {
if (!IdentityUtil.threadLocalProperties.get().containsKey(DO_POST_AUTHENTICATE)) {
IdentityUtil.threadLocalProperties.get().put(DO_POST_AUTHENTICATE, true);
if (log.isDebugEnabled()) {
log.debug("Post authenticator is called in IdentityMgtEventListener");
}
IdentityMgtConfig config = IdentityMgtConfig.getInstance();
if (!config.isEnableAuthPolicy()) {
return true;
}
UserIdentityClaimsDO userIdentityDTO = module.load(userName, userStoreManager);
if (userIdentityDTO == null) {
userIdentityDTO = new UserIdentityClaimsDO(userName);
userIdentityDTO.setTenantId(userStoreManager.getTenantId());
}
boolean userOTPEnabled = userIdentityDTO.getOneTimeLogin();
// One time password check
if (authenticated && config.isAuthPolicyOneTimePasswordCheck() && (!userStoreManager.isReadOnly()) && userOTPEnabled) {
// reset password of the user and notify user of the new password
String password = new String(UserIdentityManagementUtil.generateTemporaryPassword());
userStoreManager.updateCredentialByAdmin(userName, password);
// Get email user claim value
String email = userStoreManager.getUserClaimValue(userName, UserCoreConstants.ClaimTypeURIs.EMAIL_ADDRESS, null);
if (StringUtils.isBlank(email)) {
throw new UserStoreException("No user email provided for user : " + userName);
}
List<NotificationSendingModule> notificationModules = config.getNotificationSendingModules();
if (notificationModules != null) {
NotificationDataDTO notificationData = new NotificationDataDTO();
if (MessageContext.getCurrentMessageContext() != null && MessageContext.getCurrentMessageContext().getProperty(MessageContext.TRANSPORT_HEADERS) != null) {
Map<String, String> transportHeaderMap = (Map) MessageContext.getCurrentMessageContext().getProperty(MessageContext.TRANSPORT_HEADERS);
if (MapUtils.isNotEmpty(transportHeaderMap)) {
TransportHeader[] transportHeadersArray = new TransportHeader[transportHeaderMap.size()];
int i = 0;
for (Map.Entry<String, String> entry : transportHeaderMap.entrySet()) {
TransportHeader transportHeader = new TransportHeader();
transportHeader.setHeaderName(entry.getKey());
transportHeader.setHeaderValue(entry.getValue());
transportHeadersArray[i] = transportHeader;
++i;
}
notificationData.setTransportHeaders(transportHeadersArray);
}
}
NotificationData emailNotificationData = new NotificationData();
String emailTemplate = null;
int tenantId = userStoreManager.getTenantId();
String firstName = null;
String userStoreDomain = userStoreManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
String domainSpecificUserName = UserCoreUtil.addDomainToName(userName, userStoreDomain);
String tenantDomain = IdentityTenantUtil.getTenantDomain(userStoreManager.getTenantId());
try {
firstName = Utils.getClaimFromUserStoreManager(domainSpecificUserName, tenantId, UserCoreConstants.ClaimTypeURIs.GIVEN_NAME);
} catch (IdentityException e2) {
throw new UserStoreException("Could not load user given name", e2);
}
emailNotificationData.setTagData("first-name", firstName);
emailNotificationData.setTagData("user-name", userName);
emailNotificationData.setTagData("otp-password", password);
emailNotificationData.setTagData("userstore-domain", userStoreDomain);
emailNotificationData.setTagData("tenant-domain", tenantDomain);
emailNotificationData.setSendTo(email);
Config emailConfig = null;
ConfigBuilder configBuilder = ConfigBuilder.getInstance();
try {
emailConfig = configBuilder.loadConfiguration(ConfigType.EMAIL, StorageType.REGISTRY, tenantId);
} catch (Exception e1) {
throw new UserStoreException("Could not load the email template configuration for user : " + userName, e1);
}
emailTemplate = emailConfig.getProperty("otp");
Notification emailNotification = null;
try {
emailNotification = NotificationBuilder.createNotification(EMAIL_NOTIFICATION_TYPE, emailTemplate, emailNotificationData);
} catch (Exception e) {
throw new UserStoreException("Could not create the email notification for template: " + emailTemplate, e);
}
NotificationSender sender = new NotificationSender();
for (NotificationSendingModule notificationSendingModule : notificationModules) {
if (IdentityMgtConfig.getInstance().isNotificationInternallyManaged()) {
notificationSendingModule.setNotificationData(notificationData);
notificationSendingModule.setNotification(emailNotification);
sender.sendNotification(notificationSendingModule);
notificationData.setNotificationSent(true);
}
}
} else {
throw new UserStoreException("No notification modules configured");
}
}
// Password expire check. Not for OTP enabled users.
if (authenticated && config.isAuthPolicyExpirePasswordCheck() && !userOTPEnabled && (!userStoreManager.isReadOnly())) {
// TODO - password expire impl
// Refactor adduser and change password api to stamp the time
// Check user's expire time in the claim
// if expired redirect to change password
// else pass through
}
if (!authenticated && config.isAuthPolicyAccountLockOnFailure()) {
// reading the max allowed #of failure attempts
if (isUserExistInCurrentDomain) {
userIdentityDTO.setFailAttempts();
if (userIdentityDTO.getFailAttempts() >= config.getAuthPolicyMaxLoginAttempts()) {
log.info("User, " + userName + " has exceed the max failed login attempts. " + "User account would be locked");
IdentityErrorMsgContext customErrorMessageContext = new IdentityErrorMsgContext(UserCoreConstants.ErrorCode.USER_IS_LOCKED + ":" + IdentityMgtConstants.LockedReason.MAX_ATTEMTS_EXCEEDED.toString(), userIdentityDTO.getFailAttempts(), config.getAuthPolicyMaxLoginAttempts());
IdentityUtil.setIdentityErrorMsg(customErrorMessageContext);
IdentityUtil.threadLocalProperties.get().put(IdentityCoreConstants.USER_ACCOUNT_STATE, UserCoreConstants.ErrorCode.USER_IS_LOCKED);
if (log.isDebugEnabled()) {
log.debug("Username :" + userName + "Exceeded the maximum login attempts. User locked, ErrorCode :" + UserCoreConstants.ErrorCode.USER_IS_LOCKED);
}
userIdentityDTO.getUserDataMap().put(UserIdentityDataStore.ACCOUNT_LOCKED_REASON, IdentityMgtConstants.LockedReason.MAX_ATTEMTS_EXCEEDED.toString());
userIdentityDTO.setAccountLock(true);
userIdentityDTO.setFailAttempts(0);
// lock time from the config
int lockTime = IdentityMgtConfig.getInstance().getAuthPolicyLockingTime();
if (lockTime != 0) {
userIdentityDTO.setUnlockTime(System.currentTimeMillis() + (lockTime * 60 * 1000L));
}
} else {
IdentityErrorMsgContext customErrorMessageContext = new IdentityErrorMsgContext(UserCoreConstants.ErrorCode.INVALID_CREDENTIAL, userIdentityDTO.getFailAttempts(), config.getAuthPolicyMaxLoginAttempts());
IdentityUtil.setIdentityErrorMsg(customErrorMessageContext);
if (log.isDebugEnabled()) {
log.debug("Username :" + userName + "Invalid Credential, ErrorCode :" + UserCoreConstants.ErrorCode.INVALID_CREDENTIAL);
}
}
try {
module.store(userIdentityDTO, userStoreManager);
} catch (IdentityException e) {
throw new UserStoreException("Error while saving user store data for user : " + userName, e);
}
} else {
if (log.isDebugEnabled()) {
log.debug("User, " + userName + " is not exists in " + domainName);
}
}
} else {
// the unlock the account and reset the number of failedAttempts
if (userIdentityDTO.isAccountLocked() || userIdentityDTO.getFailAttempts() > 0 || userIdentityDTO.getAccountLock()) {
userIdentityDTO.getUserDataMap().put(UserIdentityDataStore.ACCOUNT_LOCKED_REASON, "");
userIdentityDTO.setAccountLock(false);
userIdentityDTO.setFailAttempts(0);
userIdentityDTO.setUnlockTime(0);
try {
module.store(userIdentityDTO, userStoreManager);
} catch (IdentityException e) {
throw new UserStoreException("Error while saving user store data for user : " + userName, e);
}
}
}
}
return true;
} finally {
// Remove thread local variable
IdentityUtil.threadLocalProperties.get().remove(DO_POST_AUTHENTICATE);
}
}
Also used :
Config(org.wso2.carbon.identity.mgt.config.Config)
NotificationDataDTO(org.wso2.carbon.identity.mgt.dto.NotificationDataDTO)
IdentityException(org.wso2.carbon.identity.base.IdentityException)
IdentityErrorMsgContext(org.wso2.carbon.identity.core.model.IdentityErrorMsgContext)
RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException)
UserStoreException(org.wso2.carbon.user.core.UserStoreException)
IdentityException(org.wso2.carbon.identity.base.IdentityException)
PolicyViolationException(org.wso2.carbon.identity.mgt.policy.PolicyViolationException)
Notification(org.wso2.carbon.identity.mgt.mail.Notification)
TransportHeader(org.wso2.carbon.identity.mgt.mail.TransportHeader)
UserStoreException(org.wso2.carbon.user.core.UserStoreException)
ConfigBuilder(org.wso2.carbon.identity.mgt.config.ConfigBuilder)
UserIdentityClaimsDO(org.wso2.carbon.identity.mgt.dto.UserIdentityClaimsDO)
HashMap(java.util.HashMap)
Map(java.util.Map)
NotificationData(org.wso2.carbon.identity.mgt.mail.NotificationData)
Example 5 with ConfigBuilder
use of org.wso2.carbon.identity.mgt.config.ConfigBuilder in project carbon-apimgt by wso2.
the class KubernetesGatewayImpl method buildConfig.
/**
* Build configurations for Openshift client
*
* @throws ContainerBasedGatewayException if failed to configure Openshift client
*/
private Config buildConfig() throws ContainerBasedGatewayException {
System.setProperty(TRY_KUBE_CONFIG, "false");
System.setProperty(TRY_SERVICE_ACCOUNT, "true");
ConfigBuilder configBuilder;
if (masterURL != null) {
configBuilder = new ConfigBuilder().withMasterUrl(masterURL);
} else {
throw new ContainerBasedGatewayException("Kubernetes Master URL is not provided!", ExceptionCodes.ERROR_INITIALIZING_DEDICATED_CONTAINER_BASED_GATEWAY);
}
if (!StringUtils.isEmpty(saTokenFileName)) {
configBuilder.withOauthToken(resolveToken("encrypted" + saTokenFileName));
}
return configBuilder.build();
}
Also used :
ConfigBuilder(io.fabric8.kubernetes.client.ConfigBuilder)
ContainerBasedGatewayException(org.wso2.carbon.apimgt.core.exception.ContainerBasedGatewayException)
Aggregations
ConfigBuilder (org.wso2.carbon.identity.mgt.config.ConfigBuilder)5
Config (org.wso2.carbon.identity.mgt.config.Config)4
HashMap (java.util.HashMap)3
Map (java.util.Map)3
IdentityException (org.wso2.carbon.identity.base.IdentityException)3
NotificationDataDTO (org.wso2.carbon.identity.mgt.dto.NotificationDataDTO)3
Notification (org.wso2.carbon.identity.mgt.mail.Notification)3
NotificationData (org.wso2.carbon.identity.mgt.mail.NotificationData)3
TransportHeader (org.wso2.carbon.identity.mgt.mail.TransportHeader)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
IdentityMgtServiceException (org.wso2.carbon.identity.mgt.IdentityMgtServiceException)2
EmailNotificationConfig (org.wso2.carbon.identity.mgt.config.EmailNotificationConfig)2
NotificationManagementException (org.wso2.carbon.identity.notification.mgt.NotificationManagementException)2
UserStoreException (org.wso2.carbon.user.api.UserStoreException)2
ConfigBuilder (io.fabric8.kubernetes.client.ConfigBuilder)1
Properties (java.util.Properties)1
Activate (org.osgi.service.component.annotations.Activate)1
Reference (org.osgi.service.component.annotations.Reference)1
ContainerBasedGatewayException (org.wso2.carbon.apimgt.core.exception.ContainerBasedGatewayException)1
IdentityErrorMsgContext (org.wso2.carbon.identity.core.model.IdentityErrorMsgContext)1
