Example 41 with IdentityRoleManagementException
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project identity-inbound-provisioning-scim2 by wso2-extensions.
the class SCIMRoleManager method getRole.
@Override
public Role getRole(String roleID, Map<String, Boolean> requiredAttributes) throws BadRequestException, CharonException, NotFoundException {
try {
org.wso2.carbon.identity.role.mgt.core.Role role = roleManagementService.getRole(roleID, tenantDomain);
Role scimRole = new Role();
scimRole.setId(role.getId());
scimRole.setDisplayName(role.getName());
String locationURI = SCIMCommonUtils.getSCIMRoleURL(role.getId());
scimRole.setLocation(locationURI);
scimRole.setPermissions(role.getPermissions());
scimRole.setSchemas();
if (systemRoles.contains(role.getName())) {
scimRole.setSystemRole(true);
}
if (CollectionUtils.isNotEmpty(role.getUsers())) {
for (UserBasicInfo userInfo : role.getUsers()) {
String userLocationURI = SCIMCommonUtils.getSCIMUserURL(userInfo.getId());
User user = new User();
user.setUserName(userInfo.getName());
user.setId(userInfo.getId());
user.setLocation(userLocationURI);
scimRole.setUser(user);
}
}
if (CollectionUtils.isNotEmpty(role.getGroups())) {
for (GroupBasicInfo groupInfo : role.getGroups()) {
String groupLocationURI = SCIMCommonUtils.getSCIMGroupURL(groupInfo.getId());
Group group = new Group();
group.setDisplayName(groupInfo.getName());
group.setId(groupInfo.getId());
group.setLocation(groupLocationURI);
scimRole.setGroup(group);
}
}
return scimRole;
} catch (IdentityRoleManagementException e) {
if (StringUtils.equals(ROLE_NOT_FOUND.getCode(), e.getErrorCode())) {
throw new NotFoundException(e.getMessage());
}
throw new CharonException(String.format("Error occurred while getting the role: %s", roleID), e);
}
}
Also used :
Group(org.wso2.charon3.core.objects.Group)
User(org.wso2.charon3.core.objects.User)
NotFoundException(org.wso2.charon3.core.exceptions.NotFoundException)
Role(org.wso2.charon3.core.objects.Role)
UserBasicInfo(org.wso2.carbon.identity.role.mgt.core.UserBasicInfo)
GroupBasicInfo(org.wso2.carbon.identity.role.mgt.core.GroupBasicInfo)
CharonException(org.wso2.charon3.core.exceptions.CharonException)
IdentityRoleManagementException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException)
Example 42 with IdentityRoleManagementException
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method updateGroupListOfRole.
@Override
public RoleBasicInfo updateGroupListOfRole(String roleID, List<String> newGroupIDList, List<String> deletedGroupIDList, String tenantDomain) throws IdentityRoleManagementException {
if (!isExistingRoleID(roleID, tenantDomain)) {
throw new IdentityRoleManagementClientException(ROLE_NOT_FOUND.getCode(), "Role id: " + roleID + " does not exist in the system.");
}
String roleName = getRoleNameByID(roleID, tenantDomain);
// Validate the group removal operation based on the default system roles.
validateGroupRemovalFromRole(deletedGroupIDList, roleName, tenantDomain);
if (CollectionUtils.isEmpty(newGroupIDList) && CollectionUtils.isEmpty(deletedGroupIDList)) {
if (log.isDebugEnabled()) {
log.debug("Group lists are empty.");
}
return new RoleBasicInfo(roleID, roleName);
}
String primaryDomainName = IdentityUtil.getPrimaryDomainName();
if (primaryDomainName != null) {
primaryDomainName = primaryDomainName.toUpperCase(Locale.ENGLISH);
}
// Resolve group names from group IDs.
Map<String, String> newGroupIdsToNames = getGroupNamesByIDs(newGroupIDList, tenantDomain);
List<String> newGroupNamesList = new ArrayList<>(newGroupIdsToNames.values());
Map<String, String> deletedGroupIdsToNames = getGroupNamesByIDs(deletedGroupIDList, tenantDomain);
List<String> deletedGroupNamesList = new ArrayList<>(deletedGroupIdsToNames.values());
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(true)) {
try {
// Add new groups to the role.
String addGroupsSQL = ADD_GROUP_TO_ROLE_SQL;
String databaseProductName = connection.getMetaData().getDatabaseProductName();
if (MICROSOFT.equals(databaseProductName)) {
addGroupsSQL = ADD_GROUP_TO_ROLE_SQL_MSSQL;
}
processBatchUpdateForGroups(roleName, newGroupNamesList, tenantId, primaryDomainName, connection, addGroupsSQL);
// Delete existing groups from the role.
processBatchUpdateForGroups(roleName, deletedGroupNamesList, tenantId, primaryDomainName, connection, REMOVE_GROUP_FROM_ROLE_SQL);
IdentityDatabaseUtil.commitUserDBTransaction(connection);
} catch (SQLException e) {
IdentityDatabaseUtil.rollbackUserDBTransaction(connection);
String errorMessage = "Error while updating groups to the role: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
}
} catch (SQLException e) {
String errorMessage = "Error while updating groups to the role: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
}
clearUserRolesCacheByTenant(tenantId);
return new RoleBasicInfo(roleID, roleName);
}
Also used :
SQLException(java.sql.SQLException)
IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)
ArrayList(java.util.ArrayList)
Connection(java.sql.Connection)
IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)
RoleBasicInfo(org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)
Example 43 with IdentityRoleManagementException
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method validateGroupRemovalFromRole.
private void validateGroupRemovalFromRole(List<String> deletedGroupIDList, String roleName, String tenantDomain) throws IdentityRoleManagementException {
if (!IdentityUtil.isSystemRolesEnabled() || deletedGroupIDList.isEmpty()) {
return;
}
try {
String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
String adminUserName = userRealm.getRealmConfiguration().getAdminUserName();
org.wso2.carbon.user.core.UserStoreManager userStoreManager = (org.wso2.carbon.user.core.UserStoreManager) userRealm.getUserStoreManager();
boolean isUseCaseSensitiveUsernameForCacheKeys = IdentityUtil.isUseCaseSensitiveUsernameForCacheKeys(userStoreManager);
// Only the tenant owner can remove groups from Administrator role.
if (RoleConstants.ADMINISTRATOR.equalsIgnoreCase(roleName)) {
if ((isUseCaseSensitiveUsernameForCacheKeys && !StringUtils.equals(username, adminUserName)) || (!isUseCaseSensitiveUsernameForCacheKeys && !StringUtils.equalsIgnoreCase(username, adminUserName))) {
String errorMessage = "Invalid operation. Only the tenant owner can remove groups from the role: " + "%s";
throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), String.format(errorMessage, RoleConstants.ADMINISTRATOR));
}
}
} catch (UserStoreException e) {
String errorMessage = "Error while validating group removal from the role: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
}
}
Also used :
AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)
UserStoreManager(org.wso2.carbon.user.api.UserStoreManager)
UserRealm(org.wso2.carbon.user.api.UserRealm)
IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)
Example 44 with IdentityRoleManagementException
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method getUserListOfRole.
@Override
public List<UserBasicInfo> getUserListOfRole(String roleID, String tenantDomain) throws IdentityRoleManagementException {
if (!isExistingRoleID(roleID, tenantDomain)) {
throw new IdentityRoleManagementClientException(ROLE_NOT_FOUND.getCode(), "Role id: " + roleID + " does not exist in the system.");
}
List<UserBasicInfo> userList = new ArrayList<>();
String roleName = getRoleNameByID(roleID, tenantDomain);
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
try {
UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
if (UserCoreUtil.isEveryoneRole(roleName, userRealm.getRealmConfiguration())) {
List<org.wso2.carbon.user.core.common.User> users = ((AbstractUserStoreManager) userRealm.getUserStoreManager()).listUsersWithID(RoleConstants.WILDCARD_CHARACTER, -1);
for (org.wso2.carbon.user.core.common.User user : users) {
userList.add(new UserBasicInfo(user.getUserID(), user.getDomainQualifiedUsername()));
}
}
} catch (UserStoreException e) {
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "Error while getting the realmConfiguration.", e);
}
List<String> disabledDomainName = getDisabledDomainNames();
try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(false)) {
try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, GET_USER_LIST_OF_ROLE_SQL, RoleTableColumns.UM_ID)) {
statement.setString(RoleTableColumns.UM_ROLE_NAME, roleName);
statement.setInt(RoleTableColumns.UM_TENANT_ID, tenantId);
try (ResultSet resultSet = statement.executeQuery()) {
while (resultSet.next()) {
String name = resultSet.getString(1);
String domain = resultSet.getString(2);
if (!disabledDomainName.contains(domain)) {
if (StringUtils.isNotEmpty(domain)) {
name = UserCoreUtil.addDomainToName(name, domain);
}
userList.add(new UserBasicInfo(getUserIDByName(name, tenantDomain), name));
}
}
}
}
} catch (SQLException e) {
String errorMessage = "Error while while getting the user list of role for role name: %s in the " + "tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
}
return userList;
}
Also used :
SQLException(java.sql.SQLException)
ArrayList(java.util.ArrayList)
Connection(java.sql.Connection)
NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)
UserBasicInfo(org.wso2.carbon.identity.role.mgt.core.UserBasicInfo)
UserRealm(org.wso2.carbon.user.api.UserRealm)
IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
ResultSet(java.sql.ResultSet)
AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)
IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)
Example 45 with IdentityRoleManagementException
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method batchProcessRoleNames.
private Map<String, String> batchProcessRoleNames(List<String> roleNames, String tenantDomain, Connection connection) throws SQLException, IdentityRoleManagementException {
Map<String, String> roleNamesToIDs = new HashMap<>();
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
String roleID;
for (String roleName : roleNames) {
try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, GET_ROLE_ID_BY_NAME_SQL)) {
statement.setInt(RoleConstants.RoleTableColumns.TENANT_ID, tenantId);
statement.setString(RoleConstants.RoleTableColumns.ROLE_NAME, roleName);
statement.setString(RoleConstants.RoleTableColumns.ATTR_NAME, RoleConstants.ID_URI);
int count = 0;
try (ResultSet resultSet = statement.executeQuery()) {
while (resultSet.next()) {
// Handle multiple matching roles.
count++;
if (count > 1) {
String errorMessage = "Invalid scenario. Multiple roles found for the given role name: " + roleName + " and tenantDomain: " + tenantDomain;
throw new IdentityRoleManagementClientException(INVALID_REQUEST.getCode(), errorMessage);
}
roleID = resultSet.getString(1);
roleNamesToIDs.put(roleName, roleID);
}
}
}
}
return roleNamesToIDs;
}
Also used :
NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)
HashMap(java.util.HashMap)
ResultSet(java.sql.ResultSet)
IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)
Aggregations
IdentityRoleManagementClientException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)29
IdentityRoleManagementServerException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)23
RoleBasicInfo (org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)22
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)20
Test (org.testng.annotations.Test)20
NamedPreparedStatement (org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)20
Connection (java.sql.Connection)19
SQLException (java.sql.SQLException)19
Matchers.anyString (org.mockito.Matchers.anyString)14
IdentityRoleManagementException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException)14
Role (org.wso2.charon3.core.objects.Role)13
ResultSet (java.sql.ResultSet)12
RoleManagementEventPublisherProxy (org.wso2.carbon.identity.role.mgt.core.RoleManagementEventPublisherProxy)11
ArrayList (java.util.ArrayList)9
CharonException (org.wso2.charon3.core.exceptions.CharonException)8
ExpressionNode (org.wso2.charon3.core.utils.codeutils.ExpressionNode)8
Node (org.wso2.charon3.core.utils.codeutils.Node)8
OperationNode (org.wso2.charon3.core.utils.codeutils.OperationNode)8
UserStoreException (org.wso2.carbon.user.api.UserStoreException)6
BadRequestException (org.wso2.charon3.core.exceptions.BadRequestException)6
