use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method getDisabledDomainNames.
/**
* Get the disabled domain names.
*
* @return disabled domain names.
*/
private List<String> getDisabledDomainNames() throws IdentityRoleManagementException {
RealmConfiguration secondaryRealmConfiguration;
try {
if (CarbonContext.getThreadLocalCarbonContext().getUserRealm() == null || (CarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration() == null)) {
return new ArrayList<>();
}
secondaryRealmConfiguration = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getSecondaryRealmConfig();
} catch (UserStoreException e) {
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "Error while retrieving user store configurations", e);
}
List<String> disableDomainName = new ArrayList<>();
if (secondaryRealmConfiguration != null) {
do {
if (Boolean.parseBoolean(secondaryRealmConfiguration.getUserStoreProperty(RoleConstants.DISABLED))) {
String domainName = secondaryRealmConfiguration.getUserStoreProperty(UserStoreConfigConstants.DOMAIN_NAME);
disableDomainName.add(domainName.toUpperCase(Locale.ENGLISH));
}
secondaryRealmConfiguration = secondaryRealmConfiguration.getSecondaryRealmConfig();
} while (secondaryRealmConfiguration != null);
}
return disableDomainName;
}
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method deleteRole.
@Override
public void deleteRole(String roleID, String tenantDomain) throws IdentityRoleManagementException {
String roleName = getRoleNameByID(roleID, tenantDomain);
if (systemRoles.contains(roleName)) {
throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), "Invalid operation. Role: " + roleName + " Cannot be deleted since it's a read only system role.");
}
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
UserRealm userRealm;
try {
userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
if (UserCoreUtil.isEveryoneRole(roleName, userRealm.getRealmConfiguration())) {
throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), "Invalid operation. Role: " + roleName + " Cannot be deleted.");
}
} catch (UserStoreException e) {
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "Error while getting the realmConfiguration.", e);
}
try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(true)) {
try {
try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, DELETE_ROLE_SQL, RoleTableColumns.UM_ID)) {
statement.setString(RoleTableColumns.UM_ROLE_NAME, roleName);
statement.setInt(RoleTableColumns.UM_TENANT_ID, tenantId);
statement.executeUpdate();
}
// Delete the role from IDN_SCIM_GROUP table.
deleteSCIMRole(roleName, tenantDomain);
/* UM_ROLE_PERMISSION Table, roles are associated with Domain ID.
At this moment Role name doesn't contain the Domain prefix.
clearRoleAuthorization() expects domain qualified name.
Hence we add the "Internal" Domain name explicitly here. */
if (!roleName.contains(UserCoreConstants.DOMAIN_SEPARATOR)) {
roleName = UserCoreUtil.addDomainToName(roleName, UserCoreConstants.INTERNAL_DOMAIN);
}
// Also need to clear role authorization.
try {
userRealm.getAuthorizationManager().clearRoleAuthorization(roleName);
} catch (UserStoreException e) {
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "Error while getting the authorizationManager.", e);
}
IdentityDatabaseUtil.commitUserDBTransaction(connection);
} catch (SQLException | IdentityRoleManagementException e) {
IdentityDatabaseUtil.rollbackUserDBTransaction(connection);
String message = "Error while deleting the role name: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(message, roleName, tenantDomain), e);
}
} catch (SQLException e) {
String message = "Error while deleting the role name: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(message, roleName, tenantDomain), e);
}
clearUserRolesCacheByTenant(tenantId);
}
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method getRoleIDByName.
@Override
public String getRoleIDByName(String roleName, String tenantDomain) throws IdentityRoleManagementException {
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
String roleID = null;
try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, GET_ROLE_ID_BY_NAME_SQL)) {
statement.setInt(RoleConstants.RoleTableColumns.TENANT_ID, tenantId);
statement.setString(RoleConstants.RoleTableColumns.ROLE_NAME, roleName);
statement.setString(RoleConstants.RoleTableColumns.ATTR_NAME, RoleConstants.ID_URI);
int count = 0;
try (ResultSet resultSet = statement.executeQuery()) {
while (resultSet.next()) {
// Handle multiple matching roles.
count++;
if (count > 1) {
String errorMessage = "Invalid scenario. Multiple roles found for the given role name: " + roleName + " and tenantDomain: " + tenantDomain;
throw new IdentityRoleManagementClientException(INVALID_REQUEST.getCode(), errorMessage);
}
roleID = resultSet.getString(1);
}
}
}
} catch (SQLException e) {
String errorMessage = "Error while resolving the role ID for the given role name: " + roleName + " and tenantDomain: " + tenantDomain;
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), errorMessage, e);
}
if (roleID == null) {
String errorMessage = "A role doesn't exist with name: " + roleName + " in the tenantDomain: " + tenantDomain;
throw new IdentityRoleManagementClientException(INVALID_REQUEST.getCode(), errorMessage);
}
return roleID;
}
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method getRoleNameByID.
@Override
public String getRoleNameByID(String roleID, String tenantDomain) throws IdentityRoleManagementException {
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
String roleName = null;
try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, GET_ROLE_NAME_BY_ID_SQL)) {
statement.setInt(RoleConstants.RoleTableColumns.TENANT_ID, tenantId);
statement.setString(RoleConstants.RoleTableColumns.ATTR_NAME, RoleConstants.ID_URI);
statement.setString(RoleConstants.RoleTableColumns.ATTR_VALUE, roleID);
int count = 0;
try (ResultSet resultSet = statement.executeQuery()) {
while (resultSet.next()) {
// Handle multiple matching roles.
count++;
if (count > 1) {
String message = "Invalid scenario. Multiple roles found for the given role ID: " + roleID + " and " + "tenantDomain: " + tenantDomain;
log.warn(message);
}
roleName = resultSet.getString(1);
}
}
}
} catch (SQLException e) {
String errorMessage = "Error while resolving the role name for the given role ID: " + roleID + " and tenantDomain: " + tenantDomain;
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), errorMessage, e);
}
if (roleName == null) {
String errorMessage = "A role doesn't exist with id: " + roleID + " in the tenantDomain: " + tenantDomain;
throw new IdentityRoleManagementClientException(ROLE_NOT_FOUND.getCode(), errorMessage);
}
return removeInternalDomain(roleName);
}
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method updateRoleName.
@Override
public RoleBasicInfo updateRoleName(String roleID, String newRoleName, String tenantDomain) throws IdentityRoleManagementException {
String roleName = getRoleNameByID(roleID, tenantDomain);
if (systemRoles.contains(roleName)) {
throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), "Invalid operation. Role: " + roleName + " Cannot be renamed since it's a read only system role.");
}
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
if (!isExistingRoleID(roleID, tenantDomain)) {
throw new IdentityRoleManagementClientException(ROLE_NOT_FOUND.getCode(), "Role id: " + roleID + " does not exist in the system.");
}
if (!StringUtils.equalsIgnoreCase(roleName, newRoleName) && isExistingRoleName(newRoleName, tenantDomain)) {
throw new IdentityRoleManagementClientException(ROLE_ALREADY_EXISTS.getCode(), "Role name: " + newRoleName + " is already there in the system. Please pick another role name.");
}
if (log.isDebugEnabled()) {
log.debug("Updating the roleName: " + roleName + " to :" + newRoleName + " in the tenantDomain: " + tenantDomain);
}
try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(true)) {
try {
try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, UPDATE_ROLE_NAME_SQL, RoleTableColumns.UM_ID)) {
statement.setString(RoleTableColumns.NEW_UM_ROLE_NAME, newRoleName);
statement.setString(RoleTableColumns.UM_ROLE_NAME, roleName);
statement.setInt(RoleTableColumns.UM_TENANT_ID, tenantId);
statement.executeUpdate();
}
// Update the role name in IDN_SCIM_GROUP table.
updateSCIMRoleName(roleName, newRoleName, tenantDomain);
/* UM_ROLE_PERMISSION Table, roles are associated with Domain ID.
At this moment Role name doesn't contain the Domain prefix.
resetPermissionOnUpdateRole() expects domain qualified name.
Hence we add the "Internal" Domain name explicitly here. */
if (!roleName.contains(UserCoreConstants.DOMAIN_SEPARATOR)) {
roleName = UserCoreUtil.addDomainToName(roleName, UserCoreConstants.INTERNAL_DOMAIN);
}
if (!newRoleName.contains(UserCoreConstants.DOMAIN_SEPARATOR)) {
newRoleName = UserCoreUtil.addDomainToName(newRoleName, UserCoreConstants.INTERNAL_DOMAIN);
}
// Reset role authorization.
try {
UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
userRealm.getAuthorizationManager().resetPermissionOnUpdateRole(roleName, newRoleName);
} catch (UserStoreException e) {
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "Error while getting the authorizationManager.", e);
}
IdentityDatabaseUtil.commitUserDBTransaction(connection);
} catch (SQLException | IdentityRoleManagementException e) {
IdentityDatabaseUtil.rollbackUserDBTransaction(connection);
String message = "Error while updating the role name: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(message, roleName, tenantDomain), e);
}
} catch (SQLException e) {
String message = "Error while updating the role name: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(message, roleName, tenantDomain), e);
}
clearUserRolesCacheByTenant(tenantId);
return new RoleBasicInfo(roleID, newRoleName);
}
Aggregations