Examples with SCIMGroupHandler org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler used on opensource projects

Example 6 with SCIMGroupHandler

use of org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMUserManager method getRoleNamesForGroupsEndpoint.

/**
 * Get role names according to the given domain. If the domain is not specified, roles of all the user
 * stores will be returned.
 *
 * @param domainName Domain name
 * @return Roles List
 * @throws UserStoreException
 * @throws IdentitySCIMException
 */
private Set<String> getRoleNamesForGroupsEndpoint(String domainName) throws UserStoreException, IdentitySCIMException {
    SCIMGroupHandler groupHandler = new SCIMGroupHandler(carbonUM.getTenantId());
    if (StringUtils.isEmpty(domainName)) {
        Set<String> roleNames = new HashSet<>(Arrays.asList(carbonUM.getRoleNames()));
        Set<String> scimRoles = groupHandler.listSCIMRoles();
        List<String> scimDisabledHybridRoles = getSCIMDisabledHybridRoleList(roleNames, scimRoles);
        if (!scimDisabledHybridRoles.isEmpty()) {
            createSCIMAttributesForSCIMDisabledHybridRoles(scimDisabledHybridRoles);
            roleNames.addAll(scimDisabledHybridRoles);
        }
        return roleNames;
    } else {
        // If the domain is specified create a attribute value with the domain name.
        String searchValue = domainName + CarbonConstants.DOMAIN_SEPARATOR + SCIMCommonConstants.ANY;
        List<String> roleList;
        // Retrieve roles using the above search value.
        if (isInternalOrApplicationGroup(domainName)) {
            // Support for hybrid roles listing with domain parameter. ex: domain=Application.
            roleList = filterHybridRoles(domainName, searchValue);
        } else {
            // Retrieve roles using the above attribute value.
            roleList = Arrays.asList(((AbstractUserStoreManager) carbonUM).getRoleNames(searchValue, MAX_ITEM_LIMIT_UNLIMITED, true, true, true));
        }
        Set<String> roleNames = new HashSet<>(roleList);
        Set<String> scimRoles = groupHandler.listSCIMRoles();
        List<String> scimDisabledHybridRoles = getSCIMDisabledHybridRoleList(roleNames, scimRoles);
        if (!scimDisabledHybridRoles.isEmpty()) {
            createSCIMAttributesForSCIMDisabledHybridRoles(scimDisabledHybridRoles);
            roleNames.addAll(scimDisabledHybridRoles);
        }
        return roleNames;
    }
}

Example 7 with SCIMGroupHandler

use of org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMUserManager method checkForSCIMDisabledHybridRoles.

/**
 * Check for hybrid roles created while SCIM is disabled and create SCIM attributes for them.
 *
 * @param roles Role list.
 * @throws CharonException {@link CharonException}.
 */
private void checkForSCIMDisabledHybridRoles(List<String> roles) throws CharonException {
    try {
        SCIMGroupHandler groupHandler = new SCIMGroupHandler(carbonUM.getTenantId());
        Set<String> scimRoles = groupHandler.listSCIMRoles();
        List<String> scimDisabledHybridRoles = getSCIMDisabledHybridRoleList(new HashSet<>(roles), scimRoles);
        if (!scimDisabledHybridRoles.isEmpty()) {
            createSCIMAttributesForSCIMDisabledHybridRoles(scimDisabledHybridRoles);
        }
    } catch (org.wso2.carbon.user.core.UserStoreException e) {
        throw resolveError(e, "Error in retrieving SCIM Group information from database.");
    } catch (IdentitySCIMException e) {
        throw new CharonException("Error in retrieving SCIM Group information from database.", e);
    }
}

Example 8 with SCIMGroupHandler

use of org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMUserManager method deleteGroup.

@Override
public void deleteGroup(String groupId) throws NotFoundException, CharonException {
    if (log.isDebugEnabled()) {
        log.debug("Deleting group: " + groupId);
    }
    try {
        // Set thread local property to signal the downstream SCIMUserOperationListener
        // about the provisioning route.
        SCIMCommonUtils.setThreadLocalIsManagedThroughSCIMEP(true);
        // Get group name by id.
        SCIMGroupHandler groupHandler = new SCIMGroupHandler(carbonUM.getTenantId());
        String groupName = groupHandler.getGroupName(groupId);
        if (groupName != null) {
            String userStoreDomainFromSP = null;
            try {
                userStoreDomainFromSP = getUserStoreDomainFromSP();
            } catch (IdentityApplicationManagementException e) {
                throw new CharonException("Error retrieving User Store name. ", e);
            }
            if (userStoreDomainFromSP != null && !(userStoreDomainFromSP.equalsIgnoreCase(IdentityUtil.extractDomainFromName(groupName)))) {
                throw new CharonException("Group :" + groupName + "is not belong to user store " + userStoreDomainFromSP + "Hence group updating fail");
            }
            String userStoreDomainName = IdentityUtil.extractDomainFromName(groupName);
            if (!isInternalOrApplicationGroup(userStoreDomainName) && StringUtils.isNotBlank(userStoreDomainName) && !isSCIMEnabled(userStoreDomainName)) {
                throw new CharonException("Cannot delete group: " + groupName + " through scim from user store: " + userStoreDomainName + ". SCIM is not enabled for user store: " + userStoreDomainName);
            }
            // delete group in carbon UM
            carbonUM.deleteRole(groupName);
            // we do not update Identity_SCIM DB here since it is updated in SCIMUserOperationListener's methods.
            if (log.isDebugEnabled()) {
                log.debug("Group: " + groupName + " is deleted through SCIM.");
            }
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Group with SCIM id: " + groupId + " doesn't exist in the system.");
            }
            throw new NotFoundException();
        }
    } catch (UserStoreException e) {
        throw resolveError(e, "Error occurred while deleting group " + groupId);
    } catch (IdentitySCIMException e) {
        throw new CharonException("Error occurred while deleting group " + groupId, e);
    }
}

Example 9 with SCIMGroupHandler

use of org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMUserManager method getGroupOnlyWithMetaAttributes.

/**
 * Get group with only meta attributes.
 *
 * @param groupName
 * @return
 * @throws CharonException
 * @throws IdentitySCIMException
 * @throws org.wso2.carbon.user.core.UserStoreException
 */
private Group getGroupOnlyWithMetaAttributes(String groupName) throws CharonException, IdentitySCIMException, org.wso2.carbon.user.core.UserStoreException, BadRequestException {
    // get other group attributes and set.
    Group group = new Group();
    group.setDisplayName(groupName);
    SCIMGroupHandler groupHandler = new SCIMGroupHandler(carbonUM.getTenantId());
    return groupHandler.getGroupWithAttributes(group, groupName);
}

Example 10 with SCIMGroupHandler

use of org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class AdminAttributeUtilTest method testUpdateAdminGroup1.

@Test(expectedExceptions = IdentitySCIMException.class)
public void testUpdateAdminGroup1() throws Exception {
    String roleNameWithDomain = "TESTDOMAIN/admin";
    mockStatic(SCIMCommonComponentHolder.class);
    mockStatic(ClaimsMgtUtil.class);
    mockStatic(IdentityTenantUtil.class);
    mockStatic(UserCoreUtil.class);
    mockStatic(IdentityUtil.class);
    mockStatic(SCIMCommonUtils.class);
    when(SCIMCommonComponentHolder.getRealmService()).thenReturn(realmService);
    when(realmService.getTenantUserRealm(anyInt())).thenReturn(userRealm);
    when(userRealm.getUserStoreManager()).thenReturn(userStoreManager);
    when(userStoreManager.isSCIMEnabled()).thenReturn(true);
    when(userStoreManager.getTenantId()).thenReturn(1);
    when(userStoreManager.getRealmConfiguration()).thenReturn(realmConfiguration);
    when(realmConfiguration.getAdminRoleName()).thenReturn("admin");
    when(UserCoreUtil.getDomainName((RealmConfiguration) anyObject())).thenReturn("testDomain");
    when(IdentityUtil.getPrimaryDomainName()).thenReturn("TESTDOMAIN");
    when(UserCoreUtil.addDomainToName(anyString(), anyString())).thenReturn(roleNameWithDomain);
    when(SCIMCommonUtils.getGroupNameWithDomain(anyString())).thenReturn(roleNameWithDomain);
    whenNew(SCIMGroupHandler.class).withAnyArguments().thenReturn(scimGroupHandler);
    when(scimGroupHandler.isGroupExisting(anyString())).thenThrow(new IdentitySCIMException("testException"));
    adminAttributeUtil.updateAdminGroup(1);
    verify(scimGroupHandler.isGroupExisting(anyString()));
}