use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method validateGroupRemovalFromRole.
private void validateGroupRemovalFromRole(List<String> deletedGroupIDList, String roleName, String tenantDomain) throws IdentityRoleManagementException {
if (!IdentityUtil.isSystemRolesEnabled() || deletedGroupIDList.isEmpty()) {
return;
}
try {
String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
String adminUserName = userRealm.getRealmConfiguration().getAdminUserName();
org.wso2.carbon.user.core.UserStoreManager userStoreManager = (org.wso2.carbon.user.core.UserStoreManager) userRealm.getUserStoreManager();
boolean isUseCaseSensitiveUsernameForCacheKeys = IdentityUtil.isUseCaseSensitiveUsernameForCacheKeys(userStoreManager);
// Only the tenant owner can remove groups from Administrator role.
if (RoleConstants.ADMINISTRATOR.equalsIgnoreCase(roleName)) {
if ((isUseCaseSensitiveUsernameForCacheKeys && !StringUtils.equals(username, adminUserName)) || (!isUseCaseSensitiveUsernameForCacheKeys && !StringUtils.equalsIgnoreCase(username, adminUserName))) {
String errorMessage = "Invalid operation. Only the tenant owner can remove groups from the role: " + "%s";
throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), String.format(errorMessage, RoleConstants.ADMINISTRATOR));
}
}
} catch (UserStoreException e) {
String errorMessage = "Error while validating group removal from the role: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
}
}
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method getUserListOfRole.
@Override
public List<UserBasicInfo> getUserListOfRole(String roleID, String tenantDomain) throws IdentityRoleManagementException {
if (!isExistingRoleID(roleID, tenantDomain)) {
throw new IdentityRoleManagementClientException(ROLE_NOT_FOUND.getCode(), "Role id: " + roleID + " does not exist in the system.");
}
List<UserBasicInfo> userList = new ArrayList<>();
String roleName = getRoleNameByID(roleID, tenantDomain);
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
try {
UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
if (UserCoreUtil.isEveryoneRole(roleName, userRealm.getRealmConfiguration())) {
List<org.wso2.carbon.user.core.common.User> users = ((AbstractUserStoreManager) userRealm.getUserStoreManager()).listUsersWithID(RoleConstants.WILDCARD_CHARACTER, -1);
for (org.wso2.carbon.user.core.common.User user : users) {
userList.add(new UserBasicInfo(user.getUserID(), user.getDomainQualifiedUsername()));
}
}
} catch (UserStoreException e) {
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "Error while getting the realmConfiguration.", e);
}
List<String> disabledDomainName = getDisabledDomainNames();
try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(false)) {
try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, GET_USER_LIST_OF_ROLE_SQL, RoleTableColumns.UM_ID)) {
statement.setString(RoleTableColumns.UM_ROLE_NAME, roleName);
statement.setInt(RoleTableColumns.UM_TENANT_ID, tenantId);
try (ResultSet resultSet = statement.executeQuery()) {
while (resultSet.next()) {
String name = resultSet.getString(1);
String domain = resultSet.getString(2);
if (!disabledDomainName.contains(domain)) {
if (StringUtils.isNotEmpty(domain)) {
name = UserCoreUtil.addDomainToName(name, domain);
}
userList.add(new UserBasicInfo(getUserIDByName(name, tenantDomain), name));
}
}
}
}
} catch (SQLException e) {
String errorMessage = "Error while while getting the user list of role for role name: %s in the " + "tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
}
return userList;
}
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method batchProcessRoleNames.
private Map<String, String> batchProcessRoleNames(List<String> roleNames, String tenantDomain, Connection connection) throws SQLException, IdentityRoleManagementException {
Map<String, String> roleNamesToIDs = new HashMap<>();
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
String roleID;
for (String roleName : roleNames) {
try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, GET_ROLE_ID_BY_NAME_SQL)) {
statement.setInt(RoleConstants.RoleTableColumns.TENANT_ID, tenantId);
statement.setString(RoleConstants.RoleTableColumns.ROLE_NAME, roleName);
statement.setString(RoleConstants.RoleTableColumns.ATTR_NAME, RoleConstants.ID_URI);
int count = 0;
try (ResultSet resultSet = statement.executeQuery()) {
while (resultSet.next()) {
// Handle multiple matching roles.
count++;
if (count > 1) {
String errorMessage = "Invalid scenario. Multiple roles found for the given role name: " + roleName + " and tenantDomain: " + tenantDomain;
throw new IdentityRoleManagementClientException(INVALID_REQUEST.getCode(), errorMessage);
}
roleID = resultSet.getString(1);
roleNamesToIDs.put(roleName, roleID);
}
}
}
}
return roleNamesToIDs;
}
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method deleteRole.
@Override
public void deleteRole(String roleID, String tenantDomain) throws IdentityRoleManagementException {
String roleName = getRoleNameByID(roleID, tenantDomain);
if (systemRoles.contains(roleName)) {
throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), "Invalid operation. Role: " + roleName + " Cannot be deleted since it's a read only system role.");
}
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
UserRealm userRealm;
try {
userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
if (UserCoreUtil.isEveryoneRole(roleName, userRealm.getRealmConfiguration())) {
throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), "Invalid operation. Role: " + roleName + " Cannot be deleted.");
}
} catch (UserStoreException e) {
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "Error while getting the realmConfiguration.", e);
}
try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(true)) {
try {
try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, DELETE_ROLE_SQL, RoleTableColumns.UM_ID)) {
statement.setString(RoleTableColumns.UM_ROLE_NAME, roleName);
statement.setInt(RoleTableColumns.UM_TENANT_ID, tenantId);
statement.executeUpdate();
}
// Delete the role from IDN_SCIM_GROUP table.
deleteSCIMRole(roleName, tenantDomain);
/* UM_ROLE_PERMISSION Table, roles are associated with Domain ID.
At this moment Role name doesn't contain the Domain prefix.
clearRoleAuthorization() expects domain qualified name.
Hence we add the "Internal" Domain name explicitly here. */
if (!roleName.contains(UserCoreConstants.DOMAIN_SEPARATOR)) {
roleName = UserCoreUtil.addDomainToName(roleName, UserCoreConstants.INTERNAL_DOMAIN);
}
// Also need to clear role authorization.
try {
userRealm.getAuthorizationManager().clearRoleAuthorization(roleName);
} catch (UserStoreException e) {
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "Error while getting the authorizationManager.", e);
}
IdentityDatabaseUtil.commitUserDBTransaction(connection);
} catch (SQLException | IdentityRoleManagementException e) {
IdentityDatabaseUtil.rollbackUserDBTransaction(connection);
String message = "Error while deleting the role name: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(message, roleName, tenantDomain), e);
}
} catch (SQLException e) {
String message = "Error while deleting the role name: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(message, roleName, tenantDomain), e);
}
clearUserRolesCacheByTenant(tenantId);
}
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method getRoleIDByName.
@Override
public String getRoleIDByName(String roleName, String tenantDomain) throws IdentityRoleManagementException {
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
String roleID = null;
try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, GET_ROLE_ID_BY_NAME_SQL)) {
statement.setInt(RoleConstants.RoleTableColumns.TENANT_ID, tenantId);
statement.setString(RoleConstants.RoleTableColumns.ROLE_NAME, roleName);
statement.setString(RoleConstants.RoleTableColumns.ATTR_NAME, RoleConstants.ID_URI);
int count = 0;
try (ResultSet resultSet = statement.executeQuery()) {
while (resultSet.next()) {
// Handle multiple matching roles.
count++;
if (count > 1) {
String errorMessage = "Invalid scenario. Multiple roles found for the given role name: " + roleName + " and tenantDomain: " + tenantDomain;
throw new IdentityRoleManagementClientException(INVALID_REQUEST.getCode(), errorMessage);
}
roleID = resultSet.getString(1);
}
}
}
} catch (SQLException e) {
String errorMessage = "Error while resolving the role ID for the given role name: " + roleName + " and tenantDomain: " + tenantDomain;
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), errorMessage, e);
}
if (roleID == null) {
String errorMessage = "A role doesn't exist with name: " + roleName + " in the tenantDomain: " + tenantDomain;
throw new IdentityRoleManagementClientException(INVALID_REQUEST.getCode(), errorMessage);
}
return roleID;
}
Aggregations