Example 1 with SCIMGroupHandler
use of org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler in project identity-inbound-provisioning-scim2 by wso2-extensions.
the class SCIMUserManager method createGroup.
@Override
public Group createGroup(Group group, Map<String, Boolean> requiredAttributes) throws CharonException, ConflictException, BadRequestException {
if (log.isDebugEnabled()) {
log.debug("Creating group: " + group.getDisplayName());
}
try {
// Modify display name if no domain is specified, in order to support multiple user store feature.
String originalName = group.getDisplayName();
String roleNameWithDomain = null;
String domainName = "";
try {
if (getUserStoreDomainFromSP() != null) {
domainName = getUserStoreDomainFromSP();
roleNameWithDomain = IdentityUtil.addDomainToName(UserCoreUtil.removeDomainFromName(originalName), domainName);
} else if (originalName.indexOf(CarbonConstants.DOMAIN_SEPARATOR) > 0) {
domainName = IdentityUtil.extractDomainFromName(originalName);
roleNameWithDomain = IdentityUtil.addDomainToName(UserCoreUtil.removeDomainFromName(originalName), domainName);
} else {
domainName = UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME;
roleNameWithDomain = SCIMCommonUtils.getGroupNameWithDomain(originalName);
}
} catch (IdentityApplicationManagementException e) {
throw new CharonException("Error retrieving User Store name. ", e);
}
if (!isInternalOrApplicationGroup(domainName) && StringUtils.isNotBlank(domainName) && !isSCIMEnabled(domainName)) {
CharonException charonException = new CharonException();
charonException.setDetail("Cannot create group through in userstore. SCIM is not " + "enabled for user store: " + domainName);
charonException.setStatus(HttpStatus.SC_BAD_REQUEST);
throw charonException;
}
group.setDisplayName(roleNameWithDomain);
// check if the group already exists
if (carbonUM.isExistingRole(group.getDisplayName(), false)) {
String error = "Group with name: " + group.getDisplayName() + " already exists in the system.";
throw new ConflictException(error);
}
// Set thread local property to signal the downstream SCIMUserOperationListener about the
// provisioning route.
SCIMCommonUtils.setThreadLocalIsManagedThroughSCIMEP(true);
// If members are sent when creating the group, check whether users already exist in the user store.
List<Object> userIds = group.getMembers();
List<String> userDisplayNames = group.getMembersWithDisplayName();
if (isNotEmpty(userIds)) {
List<String> members = new ArrayList<>();
for (Object userId : userIds) {
String userIdLocalClaim = SCIMCommonUtils.getSCIMtoLocalMappings().get(SCIMConstants.CommonSchemaConstants.ID_URI);
org.wso2.carbon.user.core.common.User coreUser = null;
if (StringUtils.isNotBlank(userIdLocalClaim)) {
coreUser = carbonUM.getUserWithID((String) userId, null, UserCoreConstants.DEFAULT_PROFILE);
}
if (coreUser == null) {
String error = "User: " + userId + " doesn't exist in the user store. " + "Hence, can not create the group: " + group.getDisplayName();
throw new IdentitySCIMException(error);
} else if (coreUser.getUsername().indexOf(UserCoreConstants.DOMAIN_SEPARATOR) > 0 && !StringUtils.containsIgnoreCase(coreUser.getUsername(), domainName)) {
String error = "User: " + userId + " doesn't exist in the same user store. " + "Hence, can not create the group: " + group.getDisplayName();
throw new IdentitySCIMException(error);
} else {
members.add(coreUser.getUserID());
if (isNotEmpty(userDisplayNames)) {
boolean userContains = false;
for (String user : userDisplayNames) {
user = user.indexOf(UserCoreConstants.DOMAIN_SEPARATOR) > 0 ? user.split(UserCoreConstants.DOMAIN_SEPARATOR)[1] : user;
if (isUserContains(coreUser, user)) {
userContains = true;
break;
}
}
if (!userContains) {
throw new IdentitySCIMException("Given SCIM user Id and name does not match..");
}
}
}
}
// Add other scim attributes in the identity DB since user store doesn't support some attributes.
SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId());
scimGroupHandler.createSCIMAttributes(group);
carbonUM.addRoleWithID(group.getDisplayName(), members.toArray(new String[0]), null, false);
if (log.isDebugEnabled()) {
log.debug("Group: " + group.getDisplayName() + " is created through SCIM.");
}
} else {
// Add other scim attributes in the identity DB since user store doesn't support some attributes.
SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId());
scimGroupHandler.createSCIMAttributes(group);
carbonUM.addRoleWithID(group.getDisplayName(), null, null, false);
if (log.isDebugEnabled()) {
log.debug("Group: " + group.getDisplayName() + " is created through SCIM.");
}
}
} catch (UserStoreException e) {
try {
SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId());
scimGroupHandler.deleteGroupAttributes(group.getDisplayName());
} catch (UserStoreException | IdentitySCIMException ex) {
throw resolveError(e, "Error occurred while doing rollback operation of the SCIM " + "table entry for role: " + group.getDisplayName());
}
handleErrorsOnRoleNamePolicy(e);
throw resolveError(e, "Error occurred while adding role : " + group.getDisplayName());
} catch (IdentitySCIMException | BadRequestException e) {
String error = "One or more group members do not exist in the same user store. " + "Hence, can not create the group: " + group.getDisplayName();
if (log.isDebugEnabled()) {
log.debug(error, e);
}
throw new BadRequestException(error, ResponseCodeConstants.INVALID_VALUE);
}
return group;
}
Also used :
ConflictException(org.wso2.charon3.core.exceptions.ConflictException)
IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)
ArrayList(java.util.ArrayList)
IdentitySCIMException(org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
SCIMUserStoreException(org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreException)
BadRequestException(org.wso2.charon3.core.exceptions.BadRequestException)
CharonException(org.wso2.charon3.core.exceptions.CharonException)
SCIMGroupHandler(org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler)
Example 2 with SCIMGroupHandler
use of org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler in project identity-inbound-provisioning-scim2 by wso2-extensions.
the class SCIMUserOperationListener method doPostUpdateRoleName.
@Override
public boolean doPostUpdateRoleName(String roleName, String newRoleName, UserStoreManager userStoreManager) throws UserStoreException {
try {
if (!isEnable() || userStoreManager == null || !userStoreManager.isSCIMEnabled()) {
return true;
}
} catch (org.wso2.carbon.user.api.UserStoreException e) {
throw new UserStoreException("Error while reading isScimEnabled from userstore manager", e);
}
try {
// TODO:set last update date
SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(userStoreManager.getTenantId());
String domainName = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration());
if (domainName == null) {
domainName = UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME;
}
String roleNameWithDomain = UserCoreUtil.addDomainToName(roleName, domainName);
String newRoleNameWithDomain = UserCoreUtil.addDomainToName(newRoleName, domainName);
try {
scimGroupHandler.updateRoleName(roleNameWithDomain, newRoleNameWithDomain);
} catch (IdentitySCIMException e) {
throw new UserStoreException("Error updating group information in SCIM Tables.", e);
}
return true;
} catch (org.wso2.carbon.user.api.UserStoreException e) {
throw new UserStoreException(e);
}
}
Also used :
UserStoreException(org.wso2.carbon.user.core.UserStoreException)
SCIMGroupHandler(org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler)
IdentitySCIMException(org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException)
Example 3 with SCIMGroupHandler
use of org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler in project identity-inbound-provisioning-scim2 by wso2-extensions.
the class SCIMUserOperationListener method doPreDeleteRole.
@Override
public boolean doPreDeleteRole(String roleName, UserStoreManager userStoreManager) throws UserStoreException {
try {
if (!isEnable() || userStoreManager == null || !userStoreManager.isSCIMEnabled()) {
return true;
}
} catch (org.wso2.carbon.user.api.UserStoreException e) {
throw new UserStoreException("Error while reading isScimEnabled from userstore manager", e);
}
try {
SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(userStoreManager.getTenantId());
String domainName = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration());
if (domainName == null) {
domainName = UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME;
}
String roleNameWithDomain = IdentityUtil.addDomainToName(roleName, domainName);
try {
// Delete group attributes - no need to check existence here, since it is checked in below method.
scimGroupHandler.deleteGroupAttributes(roleNameWithDomain);
} catch (IdentitySCIMException e) {
throw new UserStoreException("Error retrieving group information from SCIM Tables.", e);
}
return true;
} catch (org.wso2.carbon.user.api.UserStoreException e) {
throw new UserStoreException(e);
}
}
Also used :
UserStoreException(org.wso2.carbon.user.core.UserStoreException)
SCIMGroupHandler(org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler)
IdentitySCIMException(org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException)
Example 4 with SCIMGroupHandler
use of org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler in project identity-inbound-provisioning-scim2 by wso2-extensions.
the class SCIMGroupHandlerTest method testCreateSCIMAttributesExceptions.
@Test
public void testCreateSCIMAttributesExceptions() throws Exception {
mockStatic(IdentityDatabaseUtil.class);
mockStatic(SCIMCommonUtils.class);
ResultSet resultSet = mock(ResultSet.class);
Group group = new Group();
Date date = new Date();
group.setCreatedDate(date);
group.setLastModified(date);
group.setLocation("LOCATION_URI");
group.setDisplayName("testDisplayName");
when(IdentityDatabaseUtil.getDBConnection()).thenReturn(connection);
when(connection.prepareStatement(anyString())).thenReturn(mockedPreparedStatement);
when(mockedPreparedStatement.executeQuery()).thenReturn(resultSet);
when(resultSet.next()).thenReturn(true);
whenNew(GroupDAO.class).withNoArguments().thenReturn(mockedGroupDAO);
when(mockedGroupDAO.isExistingGroup(SCIMCommonUtils.getGroupNameWithDomain("ALREADY_EXISTANT_GROUP_NAME"), 1)).thenReturn(false);
SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(1);
ArgumentCaptor<String> argumentCaptor = ArgumentCaptor.forClass(String.class);
scimGroupHandler.createSCIMAttributes(group);
verify(mockedGroupDAO).addSCIMGroupAttributes(anyInt(), argumentCaptor.capture(), anyMap());
assertEquals("testDisplayName", argumentCaptor.getValue());
}
Also used :
Group(org.wso2.charon3.core.objects.Group)
ResultSet(java.sql.ResultSet)
Matchers.anyString(org.mockito.Matchers.anyString)
Date(java.util.Date)
Test(org.testng.annotations.Test)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Example 5 with SCIMGroupHandler
use of org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler in project identity-inbound-provisioning-scim2 by wso2-extensions.
the class SCIMGroupHandlerTest method testGetGroupWithAttributes.
@Test
public void testGetGroupWithAttributes() throws Exception {
Group group = new Group();
ResultSet resultSet = mock(ResultSet.class);
mockStatic(SCIMCommonUtils.class);
mockStatic(IdentityDatabaseUtil.class);
mockStatic(StringUtils.class);
Date date = new Date(2017, 10, 10, 10, 10, 10);
Map<String, String> attributes = new HashMap<String, String>();
attributes.put("urn:ietf:params:scim:schemas:core:2.0:id", "100");
attributes.put("urn:ietf:params:scim:schemas:core:2.0:meta.created", date.toString());
attributes.put("urn:ietf:params:scim:schemas:core:2.0:meta.lastModified", date.toString());
attributes.put("urn:ietf:params:scim:schemas:core:2.0:meta.location", "colombo");
when(IdentityDatabaseUtil.getDBConnection()).thenReturn(connection);
when(connection.prepareStatement(anyString())).thenReturn(mockedPreparedStatement);
when(resultSet.next()).thenReturn(false);
when(mockedPreparedStatement.executeQuery()).thenReturn(resultSet);
when(mockedGroupDAO.isExistingGroup("NON_EXISTING_GROUP_NAME", 1)).thenReturn(false);
assertEquals(new SCIMGroupHandler(1).getGroupWithAttributes(group, "NON_EXISTING_GROUP_NAME"), group);
}
Also used :
Group(org.wso2.charon3.core.objects.Group)
HashMap(java.util.HashMap)
ResultSet(java.sql.ResultSet)
Matchers.anyString(org.mockito.Matchers.anyString)
Date(java.util.Date)
Test(org.testng.annotations.Test)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Aggregations
SCIMGroupHandler (org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler)10
IdentitySCIMException (org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException)8
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)5
Test (org.testng.annotations.Test)5
Group (org.wso2.charon3.core.objects.Group)5
ResultSet (java.sql.ResultSet)4
Date (java.util.Date)4
Matchers.anyString (org.mockito.Matchers.anyString)4
UserStoreException (org.wso2.carbon.user.core.UserStoreException)4
CharonException (org.wso2.charon3.core.exceptions.CharonException)3
HashMap (java.util.HashMap)2
IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)2
SCIMUserStoreException (org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreException)2
UserStoreException (org.wso2.carbon.user.api.UserStoreException)2
AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)2
SimpleDateFormat (java.text.SimpleDateFormat)1
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
LinkedHashSet (java.util.LinkedHashSet)1
UserStoreManager (org.wso2.carbon.user.core.UserStoreManager)1
