Example 11 with IdentityRoleManagementServerException
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method addRole.
@Override
public RoleBasicInfo addRole(String roleName, List<String> userList, List<String> groupList, List<String> permissions, String tenantDomain) throws IdentityRoleManagementException {
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
if (log.isDebugEnabled()) {
log.debug("Creating the role: " + roleName + " in the tenantDomain: " + tenantDomain);
}
String primaryDomainName = IdentityUtil.getPrimaryDomainName();
if (primaryDomainName != null) {
primaryDomainName = primaryDomainName.toUpperCase(Locale.ENGLISH);
}
// Remove internal domain before persisting in order to maintain the backward compatibility.
roleName = removeInternalDomain(roleName);
String roleID;
if (!isExistingRoleName(roleName, tenantDomain)) {
try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(true)) {
try {
try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, ADD_ROLE_SQL, RoleTableColumns.UM_ID)) {
statement.setString(RoleTableColumns.UM_ROLE_NAME, roleName);
statement.setInt(RoleTableColumns.UM_TENANT_ID, tenantId);
statement.executeUpdate();
}
String databaseProductName = connection.getMetaData().getDatabaseProductName();
// Add users to the created role.
if (CollectionUtils.isNotEmpty(userList)) {
List<String> userNamesList = getUserNamesByIDs(userList, tenantDomain);
String addUsersSQL = ADD_USER_TO_ROLE_SQL;
if (MICROSOFT.equals(databaseProductName)) {
addUsersSQL = ADD_USER_TO_ROLE_SQL_MSSQL;
}
processBatchUpdateForUsers(roleName, userNamesList, tenantId, primaryDomainName, connection, addUsersSQL);
for (String username : userNamesList) {
clearUserRolesCache(username, tenantId);
}
}
// Add groups to the created role.
if (CollectionUtils.isNotEmpty(groupList)) {
Map<String, String> groupIdsToNames = getGroupNamesByIDs(groupList, tenantDomain);
List<String> groupNamesList = new ArrayList<>(groupIdsToNames.values());
String addGroupsSQL = ADD_GROUP_TO_ROLE_SQL;
if (MICROSOFT.equals(databaseProductName)) {
addGroupsSQL = ADD_GROUP_TO_ROLE_SQL_MSSQL;
}
processBatchUpdateForGroups(roleName, groupNamesList, tenantId, primaryDomainName, connection, addGroupsSQL);
}
// Add role ID.
roleID = addRoleID(roleName, tenantDomain);
// Add role permissions.
if (CollectionUtils.isNotEmpty(permissions)) {
setPermissions(roleID, permissions, tenantDomain, roleName);
}
IdentityDatabaseUtil.commitUserDBTransaction(connection);
} catch (SQLException | IdentityRoleManagementException e) {
IdentityDatabaseUtil.rollbackTransaction(connection);
String errorMessage = "Error while creating the role: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
}
} catch (SQLException e) {
String errorMessage = "Error while creating the role: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
}
} else {
throw new IdentityRoleManagementClientException(ROLE_ALREADY_EXISTS.getCode(), "Role already exist for the role name: " + roleName);
}
return new RoleBasicInfo(roleID, roleName);
}
Also used :
SQLException(java.sql.SQLException)
Connection(java.sql.Connection)
ArrayList(java.util.ArrayList)
NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)
IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)
IdentityRoleManagementException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException)
IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)
RoleBasicInfo(org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)
Example 12 with IdentityRoleManagementServerException
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method updateGroupListOfRole.
@Override
public RoleBasicInfo updateGroupListOfRole(String roleID, List<String> newGroupIDList, List<String> deletedGroupIDList, String tenantDomain) throws IdentityRoleManagementException {
if (!isExistingRoleID(roleID, tenantDomain)) {
throw new IdentityRoleManagementClientException(ROLE_NOT_FOUND.getCode(), "Role id: " + roleID + " does not exist in the system.");
}
String roleName = getRoleNameByID(roleID, tenantDomain);
// Validate the group removal operation based on the default system roles.
validateGroupRemovalFromRole(deletedGroupIDList, roleName, tenantDomain);
if (CollectionUtils.isEmpty(newGroupIDList) && CollectionUtils.isEmpty(deletedGroupIDList)) {
if (log.isDebugEnabled()) {
log.debug("Group lists are empty.");
}
return new RoleBasicInfo(roleID, roleName);
}
String primaryDomainName = IdentityUtil.getPrimaryDomainName();
if (primaryDomainName != null) {
primaryDomainName = primaryDomainName.toUpperCase(Locale.ENGLISH);
}
// Resolve group names from group IDs.
Map<String, String> newGroupIdsToNames = getGroupNamesByIDs(newGroupIDList, tenantDomain);
List<String> newGroupNamesList = new ArrayList<>(newGroupIdsToNames.values());
Map<String, String> deletedGroupIdsToNames = getGroupNamesByIDs(deletedGroupIDList, tenantDomain);
List<String> deletedGroupNamesList = new ArrayList<>(deletedGroupIdsToNames.values());
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(true)) {
try {
// Add new groups to the role.
String addGroupsSQL = ADD_GROUP_TO_ROLE_SQL;
String databaseProductName = connection.getMetaData().getDatabaseProductName();
if (MICROSOFT.equals(databaseProductName)) {
addGroupsSQL = ADD_GROUP_TO_ROLE_SQL_MSSQL;
}
processBatchUpdateForGroups(roleName, newGroupNamesList, tenantId, primaryDomainName, connection, addGroupsSQL);
// Delete existing groups from the role.
processBatchUpdateForGroups(roleName, deletedGroupNamesList, tenantId, primaryDomainName, connection, REMOVE_GROUP_FROM_ROLE_SQL);
IdentityDatabaseUtil.commitUserDBTransaction(connection);
} catch (SQLException e) {
IdentityDatabaseUtil.rollbackUserDBTransaction(connection);
String errorMessage = "Error while updating groups to the role: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
}
} catch (SQLException e) {
String errorMessage = "Error while updating groups to the role: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
}
clearUserRolesCacheByTenant(tenantId);
return new RoleBasicInfo(roleID, roleName);
}
Also used :
SQLException(java.sql.SQLException)
IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)
ArrayList(java.util.ArrayList)
Connection(java.sql.Connection)
IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)
RoleBasicInfo(org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)
Example 13 with IdentityRoleManagementServerException
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method validateGroupRemovalFromRole.
private void validateGroupRemovalFromRole(List<String> deletedGroupIDList, String roleName, String tenantDomain) throws IdentityRoleManagementException {
if (!IdentityUtil.isSystemRolesEnabled() || deletedGroupIDList.isEmpty()) {
return;
}
try {
String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
String adminUserName = userRealm.getRealmConfiguration().getAdminUserName();
org.wso2.carbon.user.core.UserStoreManager userStoreManager = (org.wso2.carbon.user.core.UserStoreManager) userRealm.getUserStoreManager();
boolean isUseCaseSensitiveUsernameForCacheKeys = IdentityUtil.isUseCaseSensitiveUsernameForCacheKeys(userStoreManager);
// Only the tenant owner can remove groups from Administrator role.
if (RoleConstants.ADMINISTRATOR.equalsIgnoreCase(roleName)) {
if ((isUseCaseSensitiveUsernameForCacheKeys && !StringUtils.equals(username, adminUserName)) || (!isUseCaseSensitiveUsernameForCacheKeys && !StringUtils.equalsIgnoreCase(username, adminUserName))) {
String errorMessage = "Invalid operation. Only the tenant owner can remove groups from the role: " + "%s";
throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), String.format(errorMessage, RoleConstants.ADMINISTRATOR));
}
}
} catch (UserStoreException e) {
String errorMessage = "Error while validating group removal from the role: %s in the tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
}
}
Also used :
AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)
UserStoreManager(org.wso2.carbon.user.api.UserStoreManager)
UserRealm(org.wso2.carbon.user.api.UserRealm)
IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)
Example 14 with IdentityRoleManagementServerException
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method getUserListOfRole.
@Override
public List<UserBasicInfo> getUserListOfRole(String roleID, String tenantDomain) throws IdentityRoleManagementException {
if (!isExistingRoleID(roleID, tenantDomain)) {
throw new IdentityRoleManagementClientException(ROLE_NOT_FOUND.getCode(), "Role id: " + roleID + " does not exist in the system.");
}
List<UserBasicInfo> userList = new ArrayList<>();
String roleName = getRoleNameByID(roleID, tenantDomain);
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
try {
UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
if (UserCoreUtil.isEveryoneRole(roleName, userRealm.getRealmConfiguration())) {
List<org.wso2.carbon.user.core.common.User> users = ((AbstractUserStoreManager) userRealm.getUserStoreManager()).listUsersWithID(RoleConstants.WILDCARD_CHARACTER, -1);
for (org.wso2.carbon.user.core.common.User user : users) {
userList.add(new UserBasicInfo(user.getUserID(), user.getDomainQualifiedUsername()));
}
}
} catch (UserStoreException e) {
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "Error while getting the realmConfiguration.", e);
}
List<String> disabledDomainName = getDisabledDomainNames();
try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(false)) {
try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, GET_USER_LIST_OF_ROLE_SQL, RoleTableColumns.UM_ID)) {
statement.setString(RoleTableColumns.UM_ROLE_NAME, roleName);
statement.setInt(RoleTableColumns.UM_TENANT_ID, tenantId);
try (ResultSet resultSet = statement.executeQuery()) {
while (resultSet.next()) {
String name = resultSet.getString(1);
String domain = resultSet.getString(2);
if (!disabledDomainName.contains(domain)) {
if (StringUtils.isNotEmpty(domain)) {
name = UserCoreUtil.addDomainToName(name, domain);
}
userList.add(new UserBasicInfo(getUserIDByName(name, tenantDomain), name));
}
}
}
}
} catch (SQLException e) {
String errorMessage = "Error while while getting the user list of role for role name: %s in the " + "tenantDomain: %s";
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(errorMessage, roleName, tenantDomain), e);
}
return userList;
}
Also used :
SQLException(java.sql.SQLException)
ArrayList(java.util.ArrayList)
Connection(java.sql.Connection)
NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)
UserBasicInfo(org.wso2.carbon.identity.role.mgt.core.UserBasicInfo)
UserRealm(org.wso2.carbon.user.api.UserRealm)
IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
ResultSet(java.sql.ResultSet)
AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)
IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)
Example 15 with IdentityRoleManagementServerException
use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException in project carbon-identity-framework by wso2.
the class RoleDAOImpl method getDisabledDomainNames.
/**
* Get the disabled domain names.
*
* @return disabled domain names.
*/
private List<String> getDisabledDomainNames() throws IdentityRoleManagementException {
RealmConfiguration secondaryRealmConfiguration;
try {
if (CarbonContext.getThreadLocalCarbonContext().getUserRealm() == null || (CarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration() == null)) {
return new ArrayList<>();
}
secondaryRealmConfiguration = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getSecondaryRealmConfig();
} catch (UserStoreException e) {
throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "Error while retrieving user store configurations", e);
}
List<String> disableDomainName = new ArrayList<>();
if (secondaryRealmConfiguration != null) {
do {
if (Boolean.parseBoolean(secondaryRealmConfiguration.getUserStoreProperty(RoleConstants.DISABLED))) {
String domainName = secondaryRealmConfiguration.getUserStoreProperty(UserStoreConfigConstants.DOMAIN_NAME);
disableDomainName.add(domainName.toUpperCase(Locale.ENGLISH));
}
secondaryRealmConfiguration = secondaryRealmConfiguration.getSecondaryRealmConfig();
} while (secondaryRealmConfiguration != null);
}
return disableDomainName;
}
Also used :
RealmConfiguration(org.wso2.carbon.user.api.RealmConfiguration)
IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)
ArrayList(java.util.ArrayList)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
Aggregations
IdentityRoleManagementServerException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)24
Connection (java.sql.Connection)19
SQLException (java.sql.SQLException)19
NamedPreparedStatement (org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)17
IdentityRoleManagementClientException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)13
ResultSet (java.sql.ResultSet)8
RoleBasicInfo (org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)6
UserStoreException (org.wso2.carbon.user.api.UserStoreException)6
ArrayList (java.util.ArrayList)5
UserRealm (org.wso2.carbon.user.api.UserRealm)5
IdentityRoleManagementException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException)3
AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)3
UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)2
UserAdminException (org.wso2.carbon.user.mgt.common.UserAdminException)2
PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)1
GroupBasicInfo (org.wso2.carbon.identity.role.mgt.core.GroupBasicInfo)1
UserBasicInfo (org.wso2.carbon.identity.role.mgt.core.UserBasicInfo)1
RealmConfiguration (org.wso2.carbon.user.api.RealmConfiguration)1
