Examples with IdentityRoleManagementException org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException used on opensource projects

Search in sources :

Example 46 with IdentityRoleManagementException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method getDisabledDomainNames.

/**
 * Get the disabled domain names.
 *
 * @return disabled domain names.
 */
private List<String> getDisabledDomainNames() throws IdentityRoleManagementException {
    RealmConfiguration secondaryRealmConfiguration;
    try {
        if (CarbonContext.getThreadLocalCarbonContext().getUserRealm() == null || (CarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration() == null)) {
            return new ArrayList<>();
        }
        secondaryRealmConfiguration = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getSecondaryRealmConfig();
    } catch (UserStoreException e) {
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "Error while retrieving user store configurations", e);
    }
    List<String> disableDomainName = new ArrayList<>();
    if (secondaryRealmConfiguration != null) {
        do {
            if (Boolean.parseBoolean(secondaryRealmConfiguration.getUserStoreProperty(RoleConstants.DISABLED))) {
                String domainName = secondaryRealmConfiguration.getUserStoreProperty(UserStoreConfigConstants.DOMAIN_NAME);
                disableDomainName.add(domainName.toUpperCase(Locale.ENGLISH));
            }
            secondaryRealmConfiguration = secondaryRealmConfiguration.getSecondaryRealmConfig();
        } while (secondaryRealmConfiguration != null);
    }
    return disableDomainName;
}
Also used : RealmConfiguration(org.wso2.carbon.user.api.RealmConfiguration) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) ArrayList(java.util.ArrayList) UserStoreException(org.wso2.carbon.user.api.UserStoreException)

Example 47 with IdentityRoleManagementException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method deleteRole.

@Override
public void deleteRole(String roleID, String tenantDomain) throws IdentityRoleManagementException {
    String roleName = getRoleNameByID(roleID, tenantDomain);
    if (systemRoles.contains(roleName)) {
        throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), "Invalid operation. Role: " + roleName + " Cannot be deleted since it's a read only system role.");
    }
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    UserRealm userRealm;
    try {
        userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
        if (UserCoreUtil.isEveryoneRole(roleName, userRealm.getRealmConfiguration())) {
            throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), "Invalid operation. Role: " + roleName + " Cannot be deleted.");
        }
    } catch (UserStoreException e) {
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "Error while getting the realmConfiguration.", e);
    }
    try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(true)) {
        try {
            try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, DELETE_ROLE_SQL, RoleTableColumns.UM_ID)) {
                statement.setString(RoleTableColumns.UM_ROLE_NAME, roleName);
                statement.setInt(RoleTableColumns.UM_TENANT_ID, tenantId);
                statement.executeUpdate();
            }
            // Delete the role from IDN_SCIM_GROUP table.
            deleteSCIMRole(roleName, tenantDomain);
            /* UM_ROLE_PERMISSION Table, roles are associated with Domain ID.
                   At this moment Role name doesn't contain the Domain prefix.
                   clearRoleAuthorization() expects domain qualified name.
                   Hence we add the "Internal" Domain name explicitly here. */
            if (!roleName.contains(UserCoreConstants.DOMAIN_SEPARATOR)) {
                roleName = UserCoreUtil.addDomainToName(roleName, UserCoreConstants.INTERNAL_DOMAIN);
            }
            // Also need to clear role authorization.
            try {
                userRealm.getAuthorizationManager().clearRoleAuthorization(roleName);
            } catch (UserStoreException e) {
                throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "Error while getting the authorizationManager.", e);
            }
            IdentityDatabaseUtil.commitUserDBTransaction(connection);
        } catch (SQLException | IdentityRoleManagementException e) {
            IdentityDatabaseUtil.rollbackUserDBTransaction(connection);
            String message = "Error while deleting the role name: %s in the tenantDomain: %s";
            throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(message, roleName, tenantDomain), e);
        }
    } catch (SQLException e) {
        String message = "Error while deleting the role name: %s in the tenantDomain: %s";
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(message, roleName, tenantDomain), e);
    }
    clearUserRolesCacheByTenant(tenantId);
}
Also used : NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) UserRealm(org.wso2.carbon.user.api.UserRealm) SQLException(java.sql.SQLException) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) UserStoreException(org.wso2.carbon.user.api.UserStoreException) Connection(java.sql.Connection) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException) IdentityRoleManagementException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException)

Example 48 with IdentityRoleManagementException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method getRoleIDByName.

@Override
public String getRoleIDByName(String roleName, String tenantDomain) throws IdentityRoleManagementException {
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    String roleID = null;
    try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
        try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, GET_ROLE_ID_BY_NAME_SQL)) {
            statement.setInt(RoleConstants.RoleTableColumns.TENANT_ID, tenantId);
            statement.setString(RoleConstants.RoleTableColumns.ROLE_NAME, roleName);
            statement.setString(RoleConstants.RoleTableColumns.ATTR_NAME, RoleConstants.ID_URI);
            int count = 0;
            try (ResultSet resultSet = statement.executeQuery()) {
                while (resultSet.next()) {
                    // Handle multiple matching roles.
                    count++;
                    if (count > 1) {
                        String errorMessage = "Invalid scenario. Multiple roles found for the given role name: " + roleName + " and tenantDomain: " + tenantDomain;
                        throw new IdentityRoleManagementClientException(INVALID_REQUEST.getCode(), errorMessage);
                    }
                    roleID = resultSet.getString(1);
                }
            }
        }
    } catch (SQLException e) {
        String errorMessage = "Error while resolving the role ID for the given role name: " + roleName + " and tenantDomain: " + tenantDomain;
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), errorMessage, e);
    }
    if (roleID == null) {
        String errorMessage = "A role doesn't exist with name: " + roleName + " in the tenantDomain: " + tenantDomain;
        throw new IdentityRoleManagementClientException(INVALID_REQUEST.getCode(), errorMessage);
    }
    return roleID;
}
Also used : NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) SQLException(java.sql.SQLException) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) Connection(java.sql.Connection) ResultSet(java.sql.ResultSet) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)

Example 49 with IdentityRoleManagementException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method getRoleNameByID.

@Override
public String getRoleNameByID(String roleID, String tenantDomain) throws IdentityRoleManagementException {
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    String roleName = null;
    try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
        try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, GET_ROLE_NAME_BY_ID_SQL)) {
            statement.setInt(RoleConstants.RoleTableColumns.TENANT_ID, tenantId);
            statement.setString(RoleConstants.RoleTableColumns.ATTR_NAME, RoleConstants.ID_URI);
            statement.setString(RoleConstants.RoleTableColumns.ATTR_VALUE, roleID);
            int count = 0;
            try (ResultSet resultSet = statement.executeQuery()) {
                while (resultSet.next()) {
                    // Handle multiple matching roles.
                    count++;
                    if (count > 1) {
                        String message = "Invalid scenario. Multiple roles found for the given role ID: " + roleID + " and " + "tenantDomain: " + tenantDomain;
                        log.warn(message);
                    }
                    roleName = resultSet.getString(1);
                }
            }
        }
    } catch (SQLException e) {
        String errorMessage = "Error while resolving the role name for the given role ID: " + roleID + " and tenantDomain: " + tenantDomain;
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), errorMessage, e);
    }
    if (roleName == null) {
        String errorMessage = "A role doesn't exist with id: " + roleID + " in the tenantDomain: " + tenantDomain;
        throw new IdentityRoleManagementClientException(ROLE_NOT_FOUND.getCode(), errorMessage);
    }
    return removeInternalDomain(roleName);
}
Also used : NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) SQLException(java.sql.SQLException) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) Connection(java.sql.Connection) ResultSet(java.sql.ResultSet) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)

Example 50 with IdentityRoleManagementException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method updateRoleName.

@Override
public RoleBasicInfo updateRoleName(String roleID, String newRoleName, String tenantDomain) throws IdentityRoleManagementException {
    String roleName = getRoleNameByID(roleID, tenantDomain);
    if (systemRoles.contains(roleName)) {
        throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), "Invalid operation. Role: " + roleName + " Cannot be renamed since it's a read only system role.");
    }
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    if (!isExistingRoleID(roleID, tenantDomain)) {
        throw new IdentityRoleManagementClientException(ROLE_NOT_FOUND.getCode(), "Role id: " + roleID + " does not exist in the system.");
    }
    if (!StringUtils.equalsIgnoreCase(roleName, newRoleName) && isExistingRoleName(newRoleName, tenantDomain)) {
        throw new IdentityRoleManagementClientException(ROLE_ALREADY_EXISTS.getCode(), "Role name: " + newRoleName + " is already there in the system. Please pick another role name.");
    }
    if (log.isDebugEnabled()) {
        log.debug("Updating the roleName: " + roleName + " to :" + newRoleName + " in the tenantDomain: " + tenantDomain);
    }
    try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(true)) {
        try {
            try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, UPDATE_ROLE_NAME_SQL, RoleTableColumns.UM_ID)) {
                statement.setString(RoleTableColumns.NEW_UM_ROLE_NAME, newRoleName);
                statement.setString(RoleTableColumns.UM_ROLE_NAME, roleName);
                statement.setInt(RoleTableColumns.UM_TENANT_ID, tenantId);
                statement.executeUpdate();
            }
            // Update the role name in IDN_SCIM_GROUP table.
            updateSCIMRoleName(roleName, newRoleName, tenantDomain);
            /* UM_ROLE_PERMISSION Table, roles are associated with Domain ID.
                   At this moment Role name doesn't contain the Domain prefix.
                   resetPermissionOnUpdateRole() expects domain qualified name.
                   Hence we add the "Internal" Domain name explicitly here. */
            if (!roleName.contains(UserCoreConstants.DOMAIN_SEPARATOR)) {
                roleName = UserCoreUtil.addDomainToName(roleName, UserCoreConstants.INTERNAL_DOMAIN);
            }
            if (!newRoleName.contains(UserCoreConstants.DOMAIN_SEPARATOR)) {
                newRoleName = UserCoreUtil.addDomainToName(newRoleName, UserCoreConstants.INTERNAL_DOMAIN);
            }
            // Reset role authorization.
            try {
                UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
                userRealm.getAuthorizationManager().resetPermissionOnUpdateRole(roleName, newRoleName);
            } catch (UserStoreException e) {
                throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "Error while getting the authorizationManager.", e);
            }
            IdentityDatabaseUtil.commitUserDBTransaction(connection);
        } catch (SQLException | IdentityRoleManagementException e) {
            IdentityDatabaseUtil.rollbackUserDBTransaction(connection);
            String message = "Error while updating the role name: %s in the tenantDomain: %s";
            throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(message, roleName, tenantDomain), e);
        }
    } catch (SQLException e) {
        String message = "Error while updating the role name: %s in the tenantDomain: %s";
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(message, roleName, tenantDomain), e);
    }
    clearUserRolesCacheByTenant(tenantId);
    return new RoleBasicInfo(roleID, newRoleName);
}
Also used : NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) UserRealm(org.wso2.carbon.user.api.UserRealm) SQLException(java.sql.SQLException) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) Connection(java.sql.Connection) UserStoreException(org.wso2.carbon.user.api.UserStoreException) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException) IdentityRoleManagementException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException) RoleBasicInfo(org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)

Aggregations

IdentityRoleManagementClientException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)29 IdentityRoleManagementServerException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)23 RoleBasicInfo (org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)22 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)20 Test (org.testng.annotations.Test)20 NamedPreparedStatement (org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)20 Connection (java.sql.Connection)19 SQLException (java.sql.SQLException)19 Matchers.anyString (org.mockito.Matchers.anyString)14 IdentityRoleManagementException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException)14 Role (org.wso2.charon3.core.objects.Role)13 ResultSet (java.sql.ResultSet)12 RoleManagementEventPublisherProxy (org.wso2.carbon.identity.role.mgt.core.RoleManagementEventPublisherProxy)11 ArrayList (java.util.ArrayList)9 CharonException (org.wso2.charon3.core.exceptions.CharonException)8 ExpressionNode (org.wso2.charon3.core.utils.codeutils.ExpressionNode)8 Node (org.wso2.charon3.core.utils.codeutils.Node)8 OperationNode (org.wso2.charon3.core.utils.codeutils.OperationNode)8 UserStoreException (org.wso2.carbon.user.api.UserStoreException)6 BadRequestException (org.wso2.charon3.core.exceptions.BadRequestException)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial