Search in sources :

Example 6 with IdentityRoleManagementServerException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method validateUserRemovalFromRole.

private void validateUserRemovalFromRole(List<String> deletedUserNamesList, String roleName, String tenantDomain) throws IdentityRoleManagementException {
    if (!IdentityUtil.isSystemRolesEnabled() || deletedUserNamesList.isEmpty()) {
        return;
    }
    try {
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
        String adminUserName = userRealm.getRealmConfiguration().getAdminUserName();
        org.wso2.carbon.user.core.UserStoreManager userStoreManager = (org.wso2.carbon.user.core.UserStoreManager) userRealm.getUserStoreManager();
        boolean isUseCaseSensitiveUsernameForCacheKeys = IdentityUtil.isUseCaseSensitiveUsernameForCacheKeys(userStoreManager);
        // Only the tenant owner can remove users from Administrator role.
        if (RoleConstants.ADMINISTRATOR.equalsIgnoreCase(roleName)) {
            if ((isUseCaseSensitiveUsernameForCacheKeys && !StringUtils.equals(username, adminUserName)) || (!isUseCaseSensitiveUsernameForCacheKeys && !StringUtils.equalsIgnoreCase(username, adminUserName))) {
                String errorMessage = "Invalid operation. Only the tenant owner can remove users from the role: %s";
                throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), String.format(errorMessage, RoleConstants.ADMINISTRATOR));
            } else {
                // Tenant owner cannot be removed from Administrator role.
                if (deletedUserNamesList.contains(adminUserName)) {
                    String errorMessage = "Invalid operation. Tenant owner cannot be removed from the role: %s";
                    throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), String.format(errorMessage, RoleConstants.ADMINISTRATOR));
                }
            }
        }
    } catch (UserStoreException e) {
        String errorMessage = "Error while validating user removal from the role: %s in the tenantDomain: %s";
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
    }
}
Also used : AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) UserStoreManager(org.wso2.carbon.user.api.UserStoreManager) UserRealm(org.wso2.carbon.user.api.UserRealm) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) UserStoreException(org.wso2.carbon.user.api.UserStoreException) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)

Example 7 with IdentityRoleManagementServerException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method deleteGroup.

@Override
public void deleteGroup(String groupID, String tenantDomain) throws IdentityRoleManagementException {
    String groupName = getGroupNameByID(groupID, tenantDomain);
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    String primaryDomainName = IdentityUtil.getPrimaryDomainName();
    if (primaryDomainName != null) {
        primaryDomainName = primaryDomainName.toUpperCase(Locale.ENGLISH);
    }
    try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(true)) {
        try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, DELETE_GROUP_SQL, RoleTableColumns.UM_ID)) {
            // Add domain if not set.
            groupName = UserCoreUtil.addDomainToName(groupName, primaryDomainName);
            // Get domain from name.
            String domainName = UserCoreUtil.extractDomainFromName(groupName);
            if (domainName != null) {
                domainName = domainName.toUpperCase(Locale.ENGLISH);
            }
            String nameWithoutDomain = UserCoreUtil.removeDomainFromName(groupName);
            statement.setString(RoleTableColumns.UM_GROUP_NAME, nameWithoutDomain);
            statement.setInt(RoleTableColumns.UM_TENANT_ID, tenantId);
            statement.setString(RoleTableColumns.UM_DOMAIN_NAME, domainName);
            statement.executeUpdate();
            IdentityDatabaseUtil.commitUserDBTransaction(connection);
        } catch (SQLException e) {
            IdentityDatabaseUtil.rollbackUserDBTransaction(connection);
            String errorMessage = "Error while removing the group: %s in the tenantDomain: %s";
            throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, groupName, tenantDomain), e);
        }
    } catch (SQLException e) {
        String errorMessage = "Error while removing the group: %s in the tenantDomain: %s";
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, groupName, tenantDomain), e);
    }
    clearUserRolesCacheByTenant(tenantId);
}
Also used : NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) SQLException(java.sql.SQLException) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) Connection(java.sql.Connection)

Example 8 with IdentityRoleManagementServerException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method updateUserListOfRole.

@Override
public RoleBasicInfo updateUserListOfRole(String roleID, List<String> newUserIDList, List<String> deletedUserIDList, String tenantDomain) throws IdentityRoleManagementException {
    if (!isExistingRoleID(roleID, tenantDomain)) {
        throw new IdentityRoleManagementClientException(ROLE_NOT_FOUND.getCode(), "Role id: " + roleID + " does not exist in the system.");
    }
    String roleName = getRoleNameByID(roleID, tenantDomain);
    if (CollectionUtils.isEmpty(newUserIDList) && CollectionUtils.isEmpty(deletedUserIDList)) {
        if (log.isDebugEnabled()) {
            log.debug("User lists are empty.");
        }
        return new RoleBasicInfo(roleID, roleName);
    }
    String primaryDomainName = IdentityUtil.getPrimaryDomainName();
    if (primaryDomainName != null) {
        primaryDomainName = primaryDomainName.toUpperCase(Locale.ENGLISH);
    }
    List<String> newUserNamesList = getUserNamesByIDs(newUserIDList, tenantDomain);
    List<String> deletedUserNamesList = getUserNamesByIDs(deletedUserIDList, tenantDomain);
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    // Validate the user removal operation based on the default system roles.
    validateUserRemovalFromRole(deletedUserNamesList, roleName, tenantDomain);
    try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(true)) {
        try {
            // Add new users to the role.
            String addUsersSQL = ADD_USER_TO_ROLE_SQL;
            String databaseProductName = connection.getMetaData().getDatabaseProductName();
            if (MICROSOFT.equals(databaseProductName)) {
                addUsersSQL = ADD_USER_TO_ROLE_SQL_MSSQL;
            }
            processBatchUpdateForUsers(roleName, newUserNamesList, tenantId, primaryDomainName, connection, addUsersSQL);
            // Delete existing users from the role.
            processBatchUpdateForUsers(roleName, deletedUserNamesList, tenantId, primaryDomainName, connection, REMOVE_USER_FROM_ROLE_SQL);
            IdentityDatabaseUtil.commitUserDBTransaction(connection);
        } catch (SQLException e) {
            IdentityDatabaseUtil.rollbackUserDBTransaction(connection);
            String errorMessage = "Error while updating users to the role: %s in the tenantDomain: %s";
            throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
        }
    } catch (SQLException e) {
        String errorMessage = "Error while updating users to the role: %s in the tenantDomain: %s";
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
    }
    if (CollectionUtils.isNotEmpty(deletedUserNamesList)) {
        for (String username : deletedUserNamesList) {
            clearUserRolesCache(username, tenantId);
        }
    }
    if (CollectionUtils.isNotEmpty(newUserNamesList)) {
        for (String username : newUserNamesList) {
            clearUserRolesCache(username, tenantId);
        }
    }
    return new RoleBasicInfo(roleID, roleName);
}
Also used : SQLException(java.sql.SQLException) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) Connection(java.sql.Connection) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException) RoleBasicInfo(org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)

Example 9 with IdentityRoleManagementServerException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method deleteSCIMRole.

protected void deleteSCIMRole(String roleName, String tenantDomain) throws IdentityRoleManagementException {
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    // Append internal domain in order to maintain the backward compatibility.
    roleName = appendInternalDomain(roleName);
    if (log.isDebugEnabled()) {
        log.debug("Deleting the role: " + roleName + " for the role: " + roleName + " in the tenantDomain: " + tenantDomain);
    }
    try (Connection connection = IdentityDatabaseUtil.getDBConnection(true)) {
        try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, DELETE_SCIM_ROLE_SQL)) {
            statement.setInt(RoleTableColumns.TENANT_ID, tenantId);
            statement.setString(RoleTableColumns.ROLE_NAME, roleName);
            statement.executeUpdate();
            IdentityDatabaseUtil.commitTransaction(connection);
        } catch (SQLException e) {
            IdentityDatabaseUtil.rollbackTransaction(connection);
            String errorMessage = "Error while deleting the the role: %s for the role: %s in the tenantDomain: %s";
            throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, roleName, tenantDomain), e);
        }
    } catch (SQLException e) {
        String errorMessage = "Error while deleting the the role: %s for the role: %s in the tenantDomain: %s";
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, roleName, tenantDomain), e);
    }
}
Also used : NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) SQLException(java.sql.SQLException) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) Connection(java.sql.Connection)

Example 10 with IdentityRoleManagementServerException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException in project carbon-identity-framework by wso2.

the class GroupDAOImpl method getGroupIDByName.

@Override
public String getGroupIDByName(String name, String tenantDomain) throws IdentityRoleManagementException {
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    String groupID = null;
    try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
        try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, GET_GROUP_ID_BY_NAME_SQL)) {
            statement.setInt(RoleConstants.RoleTableColumns.TENANT_ID, tenantId);
            statement.setString(RoleConstants.RoleTableColumns.ROLE_NAME, name);
            statement.setString(RoleConstants.RoleTableColumns.ATTR_NAME, RoleConstants.ID_URI);
            int count = 0;
            try (ResultSet resultSet = statement.executeQuery()) {
                while (resultSet.next()) {
                    // Handle multiple matching groups.
                    count++;
                    if (count > 1) {
                        String errorMessage = "Invalid scenario. Multiple groups found for the given group name: " + name + " " + "and tenantDomain: " + tenantDomain;
                        throw new IdentityRoleManagementClientException(INVALID_REQUEST.getCode(), errorMessage);
                    }
                    groupID = resultSet.getString(1);
                }
            }
        }
    } catch (SQLException e) {
        String errorMessage = "Error while resolving the group ID for the given group name: " + name + " and tenantDomain: " + tenantDomain;
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), errorMessage, e);
    }
    return groupID;
}
Also used : NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) SQLException(java.sql.SQLException) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) Connection(java.sql.Connection) ResultSet(java.sql.ResultSet) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)

Aggregations

IdentityRoleManagementServerException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)24 Connection (java.sql.Connection)19 SQLException (java.sql.SQLException)19 NamedPreparedStatement (org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)17 IdentityRoleManagementClientException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)13 ResultSet (java.sql.ResultSet)8 RoleBasicInfo (org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)6 UserStoreException (org.wso2.carbon.user.api.UserStoreException)6 ArrayList (java.util.ArrayList)5 UserRealm (org.wso2.carbon.user.api.UserRealm)5 IdentityRoleManagementException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException)3 AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)3 UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)2 UserAdminException (org.wso2.carbon.user.mgt.common.UserAdminException)2 PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)1 GroupBasicInfo (org.wso2.carbon.identity.role.mgt.core.GroupBasicInfo)1 UserBasicInfo (org.wso2.carbon.identity.role.mgt.core.UserBasicInfo)1 RealmConfiguration (org.wso2.carbon.user.api.RealmConfiguration)1