Search in sources :

Example 16 with IdentityRoleManagementServerException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method deleteRole.

@Override
public void deleteRole(String roleID, String tenantDomain) throws IdentityRoleManagementException {
    String roleName = getRoleNameByID(roleID, tenantDomain);
    if (systemRoles.contains(roleName)) {
        throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), "Invalid operation. Role: " + roleName + " Cannot be deleted since it's a read only system role.");
    }
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    UserRealm userRealm;
    try {
        userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
        if (UserCoreUtil.isEveryoneRole(roleName, userRealm.getRealmConfiguration())) {
            throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), "Invalid operation. Role: " + roleName + " Cannot be deleted.");
        }
    } catch (UserStoreException e) {
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "Error while getting the realmConfiguration.", e);
    }
    try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(true)) {
        try {
            try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, DELETE_ROLE_SQL, RoleTableColumns.UM_ID)) {
                statement.setString(RoleTableColumns.UM_ROLE_NAME, roleName);
                statement.setInt(RoleTableColumns.UM_TENANT_ID, tenantId);
                statement.executeUpdate();
            }
            // Delete the role from IDN_SCIM_GROUP table.
            deleteSCIMRole(roleName, tenantDomain);
            /* UM_ROLE_PERMISSION Table, roles are associated with Domain ID.
                   At this moment Role name doesn't contain the Domain prefix.
                   clearRoleAuthorization() expects domain qualified name.
                   Hence we add the "Internal" Domain name explicitly here. */
            if (!roleName.contains(UserCoreConstants.DOMAIN_SEPARATOR)) {
                roleName = UserCoreUtil.addDomainToName(roleName, UserCoreConstants.INTERNAL_DOMAIN);
            }
            // Also need to clear role authorization.
            try {
                userRealm.getAuthorizationManager().clearRoleAuthorization(roleName);
            } catch (UserStoreException e) {
                throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "Error while getting the authorizationManager.", e);
            }
            IdentityDatabaseUtil.commitUserDBTransaction(connection);
        } catch (SQLException | IdentityRoleManagementException e) {
            IdentityDatabaseUtil.rollbackUserDBTransaction(connection);
            String message = "Error while deleting the role name: %s in the tenantDomain: %s";
            throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(message, roleName, tenantDomain), e);
        }
    } catch (SQLException e) {
        String message = "Error while deleting the role name: %s in the tenantDomain: %s";
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(message, roleName, tenantDomain), e);
    }
    clearUserRolesCacheByTenant(tenantId);
}
Also used : NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) UserRealm(org.wso2.carbon.user.api.UserRealm) SQLException(java.sql.SQLException) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) UserStoreException(org.wso2.carbon.user.api.UserStoreException) Connection(java.sql.Connection) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException) IdentityRoleManagementException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException)

Example 17 with IdentityRoleManagementServerException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method getRoleIDByName.

@Override
public String getRoleIDByName(String roleName, String tenantDomain) throws IdentityRoleManagementException {
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    String roleID = null;
    try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
        try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, GET_ROLE_ID_BY_NAME_SQL)) {
            statement.setInt(RoleConstants.RoleTableColumns.TENANT_ID, tenantId);
            statement.setString(RoleConstants.RoleTableColumns.ROLE_NAME, roleName);
            statement.setString(RoleConstants.RoleTableColumns.ATTR_NAME, RoleConstants.ID_URI);
            int count = 0;
            try (ResultSet resultSet = statement.executeQuery()) {
                while (resultSet.next()) {
                    // Handle multiple matching roles.
                    count++;
                    if (count > 1) {
                        String errorMessage = "Invalid scenario. Multiple roles found for the given role name: " + roleName + " and tenantDomain: " + tenantDomain;
                        throw new IdentityRoleManagementClientException(INVALID_REQUEST.getCode(), errorMessage);
                    }
                    roleID = resultSet.getString(1);
                }
            }
        }
    } catch (SQLException e) {
        String errorMessage = "Error while resolving the role ID for the given role name: " + roleName + " and tenantDomain: " + tenantDomain;
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), errorMessage, e);
    }
    if (roleID == null) {
        String errorMessage = "A role doesn't exist with name: " + roleName + " in the tenantDomain: " + tenantDomain;
        throw new IdentityRoleManagementClientException(INVALID_REQUEST.getCode(), errorMessage);
    }
    return roleID;
}
Also used : NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) SQLException(java.sql.SQLException) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) Connection(java.sql.Connection) ResultSet(java.sql.ResultSet) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)

Example 18 with IdentityRoleManagementServerException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method getRoleNameByID.

@Override
public String getRoleNameByID(String roleID, String tenantDomain) throws IdentityRoleManagementException {
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    String roleName = null;
    try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
        try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, GET_ROLE_NAME_BY_ID_SQL)) {
            statement.setInt(RoleConstants.RoleTableColumns.TENANT_ID, tenantId);
            statement.setString(RoleConstants.RoleTableColumns.ATTR_NAME, RoleConstants.ID_URI);
            statement.setString(RoleConstants.RoleTableColumns.ATTR_VALUE, roleID);
            int count = 0;
            try (ResultSet resultSet = statement.executeQuery()) {
                while (resultSet.next()) {
                    // Handle multiple matching roles.
                    count++;
                    if (count > 1) {
                        String message = "Invalid scenario. Multiple roles found for the given role ID: " + roleID + " and " + "tenantDomain: " + tenantDomain;
                        log.warn(message);
                    }
                    roleName = resultSet.getString(1);
                }
            }
        }
    } catch (SQLException e) {
        String errorMessage = "Error while resolving the role name for the given role ID: " + roleID + " and tenantDomain: " + tenantDomain;
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), errorMessage, e);
    }
    if (roleName == null) {
        String errorMessage = "A role doesn't exist with id: " + roleID + " in the tenantDomain: " + tenantDomain;
        throw new IdentityRoleManagementClientException(ROLE_NOT_FOUND.getCode(), errorMessage);
    }
    return removeInternalDomain(roleName);
}
Also used : NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) SQLException(java.sql.SQLException) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) Connection(java.sql.Connection) ResultSet(java.sql.ResultSet) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)

Example 19 with IdentityRoleManagementServerException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException in project carbon-identity-framework by wso2.

the class RoleDAOImpl method updateRoleName.

@Override
public RoleBasicInfo updateRoleName(String roleID, String newRoleName, String tenantDomain) throws IdentityRoleManagementException {
    String roleName = getRoleNameByID(roleID, tenantDomain);
    if (systemRoles.contains(roleName)) {
        throw new IdentityRoleManagementClientException(OPERATION_FORBIDDEN.getCode(), "Invalid operation. Role: " + roleName + " Cannot be renamed since it's a read only system role.");
    }
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    if (!isExistingRoleID(roleID, tenantDomain)) {
        throw new IdentityRoleManagementClientException(ROLE_NOT_FOUND.getCode(), "Role id: " + roleID + " does not exist in the system.");
    }
    if (!StringUtils.equalsIgnoreCase(roleName, newRoleName) && isExistingRoleName(newRoleName, tenantDomain)) {
        throw new IdentityRoleManagementClientException(ROLE_ALREADY_EXISTS.getCode(), "Role name: " + newRoleName + " is already there in the system. Please pick another role name.");
    }
    if (log.isDebugEnabled()) {
        log.debug("Updating the roleName: " + roleName + " to :" + newRoleName + " in the tenantDomain: " + tenantDomain);
    }
    try (Connection connection = IdentityDatabaseUtil.getUserDBConnection(true)) {
        try {
            try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, UPDATE_ROLE_NAME_SQL, RoleTableColumns.UM_ID)) {
                statement.setString(RoleTableColumns.NEW_UM_ROLE_NAME, newRoleName);
                statement.setString(RoleTableColumns.UM_ROLE_NAME, roleName);
                statement.setInt(RoleTableColumns.UM_TENANT_ID, tenantId);
                statement.executeUpdate();
            }
            // Update the role name in IDN_SCIM_GROUP table.
            updateSCIMRoleName(roleName, newRoleName, tenantDomain);
            /* UM_ROLE_PERMISSION Table, roles are associated with Domain ID.
                   At this moment Role name doesn't contain the Domain prefix.
                   resetPermissionOnUpdateRole() expects domain qualified name.
                   Hence we add the "Internal" Domain name explicitly here. */
            if (!roleName.contains(UserCoreConstants.DOMAIN_SEPARATOR)) {
                roleName = UserCoreUtil.addDomainToName(roleName, UserCoreConstants.INTERNAL_DOMAIN);
            }
            if (!newRoleName.contains(UserCoreConstants.DOMAIN_SEPARATOR)) {
                newRoleName = UserCoreUtil.addDomainToName(newRoleName, UserCoreConstants.INTERNAL_DOMAIN);
            }
            // Reset role authorization.
            try {
                UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
                userRealm.getAuthorizationManager().resetPermissionOnUpdateRole(roleName, newRoleName);
            } catch (UserStoreException e) {
                throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), "Error while getting the authorizationManager.", e);
            }
            IdentityDatabaseUtil.commitUserDBTransaction(connection);
        } catch (SQLException | IdentityRoleManagementException e) {
            IdentityDatabaseUtil.rollbackUserDBTransaction(connection);
            String message = "Error while updating the role name: %s in the tenantDomain: %s";
            throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(message, roleName, tenantDomain), e);
        }
    } catch (SQLException e) {
        String message = "Error while updating the role name: %s in the tenantDomain: %s";
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), String.format(message, roleName, tenantDomain), e);
    }
    clearUserRolesCacheByTenant(tenantId);
    return new RoleBasicInfo(roleID, newRoleName);
}
Also used : NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) UserRealm(org.wso2.carbon.user.api.UserRealm) SQLException(java.sql.SQLException) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) Connection(java.sql.Connection) UserStoreException(org.wso2.carbon.user.api.UserStoreException) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException) IdentityRoleManagementException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException) RoleBasicInfo(org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)

Example 20 with IdentityRoleManagementServerException

use of org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException in project carbon-identity-framework by wso2.

the class GroupDAOImpl method getGroupNameByID.

@Override
public String getGroupNameByID(String id, String tenantDomain) throws IdentityRoleManagementException {
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    String groupName = null;
    try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
        try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, GET_GROUP_NAME_BY_ID_SQL)) {
            statement.setInt(RoleConstants.RoleTableColumns.TENANT_ID, tenantId);
            statement.setString(RoleConstants.RoleTableColumns.ATTR_NAME, RoleConstants.ID_URI);
            statement.setString(RoleConstants.RoleTableColumns.ATTR_VALUE, id);
            int count = 0;
            try (ResultSet resultSet = statement.executeQuery()) {
                while (resultSet.next()) {
                    // Handle multiple matching groups.
                    count++;
                    if (count > 1) {
                        String errorMessage = "Invalid scenario. Multiple groups found for the given group ID: " + id + " and " + "tenantDomain: " + tenantDomain;
                        throw new IdentityRoleManagementClientException(INVALID_REQUEST.getCode(), errorMessage);
                    }
                    groupName = resultSet.getString(1);
                }
            }
        }
    } catch (SQLException e) {
        String errorMessage = "Error while resolving the group name for the given group ID: " + id + " and tenantDomain: " + tenantDomain;
        throw new IdentityRoleManagementServerException(UNEXPECTED_SERVER_ERROR.getCode(), errorMessage, e);
    }
    return groupName;
}
Also used : NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) SQLException(java.sql.SQLException) IdentityRoleManagementServerException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException) Connection(java.sql.Connection) ResultSet(java.sql.ResultSet) IdentityRoleManagementClientException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)

Aggregations

IdentityRoleManagementServerException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementServerException)24 Connection (java.sql.Connection)19 SQLException (java.sql.SQLException)19 NamedPreparedStatement (org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)17 IdentityRoleManagementClientException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)13 ResultSet (java.sql.ResultSet)8 RoleBasicInfo (org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)6 UserStoreException (org.wso2.carbon.user.api.UserStoreException)6 ArrayList (java.util.ArrayList)5 UserRealm (org.wso2.carbon.user.api.UserRealm)5 IdentityRoleManagementException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException)3 AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)3 UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)2 UserAdminException (org.wso2.carbon.user.mgt.common.UserAdminException)2 PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)1 GroupBasicInfo (org.wso2.carbon.identity.role.mgt.core.GroupBasicInfo)1 UserBasicInfo (org.wso2.carbon.identity.role.mgt.core.UserBasicInfo)1 RealmConfiguration (org.wso2.carbon.user.api.RealmConfiguration)1