Example 71 with Role
use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-business-process by wso2.
the class TaskOperationsImpl method authoriseToLoadTask.
/**
* Throws an exception if the current user is not allowed to perform loadTask() operation
* @param taskId
*/
private void authoriseToLoadTask(TaskDAO task) throws Exception {
List<GenericHumanRoleDAO.GenericHumanRoleType> allowedRoles = new ArrayList<GenericHumanRoleDAO.GenericHumanRoleType>();
allowedRoles.add(GenericHumanRoleDAO.GenericHumanRoleType.ACTUAL_OWNER);
allowedRoles.add(GenericHumanRoleDAO.GenericHumanRoleType.BUSINESS_ADMINISTRATORS);
allowedRoles.add(GenericHumanRoleDAO.GenericHumanRoleType.NOTIFICATION_RECIPIENTS);
allowedRoles.add(GenericHumanRoleDAO.GenericHumanRoleType.POTENTIAL_OWNERS);
allowedRoles.add(GenericHumanRoleDAO.GenericHumanRoleType.STAKEHOLDERS);
allowedRoles.add(GenericHumanRoleDAO.GenericHumanRoleType.TASK_INITIATOR);
HumanTaskEngine taskEngine = HumanTaskServiceComponent.getHumanTaskServer().getTaskEngine();
PeopleQueryEvaluator pqe = taskEngine.getPeopleQueryEvaluator();
OrganizationalEntityDAO invoker = taskEngine.getScheduler().execTransaction(new Callable<OrganizationalEntityDAO>() {
@Override
public OrganizationalEntityDAO call() throws Exception {
return HumanTaskServiceComponent.getHumanTaskServer().getDaoConnectionFactory().getConnection().createNewOrgEntityObject(getCaller(), OrganizationalEntityDAO.OrganizationalEntityType.USER);
}
});
if (!OperationAuthorizationUtil.authoriseUser(task, invoker, allowedRoles, pqe)) {
String errorMsg = String.format("The user[%s] cannot perform loadTask()" + " operation as either he is in EXCLUDED_OWNERS role or he is not in task roles [%s]", invoker.getName(), allowedRoles);
log.error(errorMsg);
throw new HumanTaskIllegalAccessException("Access Denied. You are not authorized to perform this task");
}
}
Also used :
HumanTaskEngine(org.wso2.carbon.humantask.core.engine.HumanTaskEngine)
HumanTaskIllegalAccessException(org.wso2.carbon.humantask.core.engine.runtime.api.HumanTaskIllegalAccessException)
OrganizationalEntityDAO(org.wso2.carbon.humantask.core.dao.OrganizationalEntityDAO)
ArrayList(java.util.ArrayList)
PeopleQueryEvaluator(org.wso2.carbon.humantask.core.engine.PeopleQueryEvaluator)
GenericHumanRoleDAO(org.wso2.carbon.humantask.core.dao.GenericHumanRoleDAO)
HumanTaskIllegalArgumentException(org.wso2.carbon.humantask.core.engine.runtime.api.HumanTaskIllegalArgumentException)
RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException)
HumanTaskIllegalOperationException(org.wso2.carbon.humantask.core.engine.runtime.api.HumanTaskIllegalOperationException)
HumanTaskException(org.wso2.carbon.humantask.core.engine.HumanTaskException)
HumanTaskRuntimeException(org.wso2.carbon.humantask.core.engine.runtime.api.HumanTaskRuntimeException)
HumanTaskIllegalStateException(org.wso2.carbon.humantask.core.engine.runtime.api.HumanTaskIllegalStateException)
RecipientNotAllowedException(org.wso2.carbon.humantask.client.api.RecipientNotAllowedException)
UserStoreException(org.wso2.carbon.user.core.UserStoreException)
HumanTaskIllegalAccessException(org.wso2.carbon.humantask.core.engine.runtime.api.HumanTaskIllegalAccessException)
Example 72 with Role
use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-business-process by wso2.
the class LogicalPeopleGroupBasedOrgEntityProvider method getOrganizationalEntities.
public List<OrganizationalEntityDAO> getOrganizationalEntities(PeopleQueryEvaluator peopleQueryEvaluator, TFrom tFrom, EvaluationContext evaluationContext) throws HumanTaskException {
String roleName = null;
List<OrganizationalEntityDAO> orgEnties = new ArrayList<OrganizationalEntityDAO>();
for (TArgument tArgument : tFrom.getArgumentArray()) {
String expressionLanguage = (tArgument.getExpressionLanguage() == null) ? tFrom.getExpressionLanguage() : tArgument.getExpressionLanguage();
if (expressionLanguage == null) {
expressionLanguage = HumanTaskConstants.WSHT_EXP_LANG_XPATH20;
}
// TODO what about expression language
if ("role".equals(tArgument.getName())) {
roleName = tArgument.newCursor().getTextValue();
if (roleName != null && roleName.contains("htd:getInput")) {
roleName = CommonTaskUtil.calculateRole(evaluationContext, roleName, expressionLanguage);
}
if (StringUtils.isNotEmpty(roleName)) {
roleName = roleName.trim();
orgEnties.add(peopleQueryEvaluator.createGroupOrgEntityForRole(roleName));
}
}
}
if (orgEnties.size() == 0) {
throw new HumanTaskRuntimeException("There must be at least one role: " + tFrom.toString());
}
return orgEnties;
}
Also used :
OrganizationalEntityDAO(org.wso2.carbon.humantask.core.dao.OrganizationalEntityDAO)
ArrayList(java.util.ArrayList)
HumanTaskRuntimeException(org.wso2.carbon.humantask.core.engine.runtime.api.HumanTaskRuntimeException)
TArgument(org.wso2.carbon.humantask.TArgument)
Example 73 with Role
use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.
the class JsAuthenticatedUser method getLocalRoles.
private String[] getLocalRoles() {
if (idp == null || FrameworkConstants.LOCAL.equals(idp)) {
RealmService realmService = FrameworkServiceDataHolder.getInstance().getRealmService();
int usersTenantId = IdentityTenantUtil.getTenantId(getWrapped().getTenantDomain());
try {
UserRealm userRealm = realmService.getTenantUserRealm(usersTenantId);
List<String> roleListOfUser = ((AbstractUserStoreManager) userRealm.getUserStoreManager()).getRoleListOfUserWithID(getWrapped().getUserId());
return roleListOfUser.toArray(new String[0]);
} catch (UserStoreException e) {
LOG.error("Error when getting role list of user: " + getWrapped(), e);
} catch (UserIdNotFoundException e) {
LOG.error("User id is not available for user: " + getWrapped().getLoggableUserId(), e);
}
}
return ArrayUtils.EMPTY_STRING_ARRAY;
}
Also used :
UserRealm(org.wso2.carbon.user.api.UserRealm)
RealmService(org.wso2.carbon.user.core.service.RealmService)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)
UserIdNotFoundException(org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException)
Example 74 with Role
use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.
the class DefaultAttributeFinder method getAttributeValues.
/*
* (non-Javadoc)
*
* @see
* org.wso2.carbon.identity.entitlement.pip.PIPAttributeFinder#getAttributeValues(java.lang.
* String, java.lang.String, java.lang.String)
*/
public Set<String> getAttributeValues(String subjectId, String resourceId, String actionId, String environmentId, String attributeId, String issuer) throws Exception {
Set<String> values = new HashSet<String>();
if (log.isDebugEnabled()) {
log.debug("Retrieving attribute values of subjectId \'" + subjectId + "\'with attributeId \'" + attributeId + "\'");
}
if (StringUtils.isEmpty(subjectId)) {
if (log.isDebugEnabled()) {
log.debug("subjectId value is null or empty. Returning empty attribute set");
}
return values;
}
subjectId = MultitenantUtils.getTenantAwareUsername(subjectId);
if (UserCoreConstants.ClaimTypeURIs.ROLE.equals(attributeId)) {
if (log.isDebugEnabled()) {
log.debug("Looking for roles via DefaultAttributeFinder");
}
String[] roles = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager().getRoleListOfUser(subjectId);
if (roles != null && roles.length > 0) {
for (String role : roles) {
if (log.isDebugEnabled()) {
log.debug(String.format("User %1$s belongs to the Role %2$s", subjectId, role));
}
values.add(role);
}
}
} else {
String claimValue = null;
try {
claimValue = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager().getUserClaimValue(subjectId, attributeId, null);
if (log.isDebugEnabled()) {
log.debug("Claim \'" + claimValue + "\' retrieved for attributeId \'" + attributeId + "\' " + "for subjectId \'" + subjectId + "\'");
}
} catch (UserStoreException e) {
if (e.getMessage().startsWith(IdentityCoreConstants.USER_NOT_FOUND)) {
if (log.isDebugEnabled()) {
log.debug("User: " + subjectId + " not found in user store");
}
} else {
throw e;
}
}
if (claimValue == null && log.isDebugEnabled()) {
log.debug(String.format("Request attribute %1$s not found", attributeId));
}
// Fix for multiple claim values
if (claimValue != null) {
String claimSeparator = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getUserStoreProperty(IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR);
if (StringUtils.isBlank(claimSeparator)) {
claimSeparator = IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR_DEFAULT;
}
if (claimValue.contains(claimSeparator)) {
StringTokenizer st = new StringTokenizer(claimValue, claimSeparator);
while (st.hasMoreElements()) {
String attributeValue = st.nextElement().toString();
if (StringUtils.isNotBlank(attributeValue)) {
values.add(attributeValue);
}
}
} else {
values.add(claimValue);
}
}
}
return values;
}
Also used :
StringTokenizer(java.util.StringTokenizer)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
HashSet(java.util.HashSet)
Example 75 with Role
use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.
the class IdentityProviderManager method getMappedLocalRoles.
/**
* Retrieves Identity provider information about a given tenant
*
* @param idPName Unique name of the IdP to which the given IdP roles need to be mapped
* @param tenantDomain The tenant domain of whose local roles to be mapped
* @param idPRoles IdP roles which need to be mapped to local roles
* @throws IdentityProviderManagementException Error when getting role mappings
*/
@Override
public Set<RoleMapping> getMappedLocalRoles(String idPName, String tenantDomain, String[] idPRoles) throws IdentityProviderManagementException {
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
if (StringUtils.isEmpty(idPName)) {
String msg = "Invalid argument: Identity Provider Name value is empty";
throw new IdentityProviderManagementException(msg);
}
IdentityProvider identityProvider = dao.getIdPByName(null, idPName, tenantId, tenantDomain);
if (identityProvider == null) {
identityProvider = new FileBasedIdPMgtDAO().getIdPByName(idPName, tenantDomain);
}
if (identityProvider == null) {
identityProvider = IdPManagementServiceComponent.getFileBasedIdPs().get(IdentityApplicationConstants.DEFAULT_IDP_CONFIG);
}
PermissionsAndRoleConfig roleConfiguration = identityProvider.getPermissionAndRoleConfig();
if (roleConfiguration != null) {
RoleMapping[] roleMappings = roleConfiguration.getRoleMappings();
if (roleMappings != null && roleMappings.length > 0 && idPRoles != null) {
Set<RoleMapping> returnSet = new HashSet<RoleMapping>();
for (String idPRole : idPRoles) {
for (RoleMapping roleMapping : roleMappings) {
if (roleMapping.getRemoteRole().equals(idPRole)) {
returnSet.add(roleMapping);
break;
}
}
}
return returnSet;
}
}
return new HashSet<RoleMapping>();
}
Also used :
FileBasedIdPMgtDAO(org.wso2.carbon.idp.mgt.dao.FileBasedIdPMgtDAO)
PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig)
IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)
RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping)
HashSet(java.util.HashSet)
Aggregations
Test (org.testng.annotations.Test)85
ArrayList (java.util.ArrayList)74
UserStoreException (org.wso2.carbon.user.api.UserStoreException)56
HashMap (java.util.HashMap)52
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)42
Connection (java.sql.Connection)36
SQLException (java.sql.SQLException)34
Role (org.wso2.charon3.core.objects.Role)33
AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)31
CharonException (org.wso2.charon3.core.exceptions.CharonException)29
RoleBasicInfo (org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)26
PreparedStatement (java.sql.PreparedStatement)25
APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)24
RoleMapping (org.wso2.carbon.identity.application.common.model.RoleMapping)24
ISIntegrationTest (org.wso2.identity.integration.common.utils.ISIntegrationTest)23
HashSet (java.util.HashSet)20
UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)20
IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)19
IdentityRoleManagementClientException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)19
Matchers.anyString (org.mockito.Matchers.anyString)18
