Search in sources :

Example 1 with SCIMGroupResolver

use of org.wso2.carbon.identity.scim2.common.listener.SCIMGroupResolver in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMCommonComponent method activate.

@Activate
protected void activate(ComponentContext ctx) {
    try {
        String filePath = IdentityUtil.getIdentityConfigDirPath() + File.separator + SCIMCommonConstants.CHARON_CONFIG_NAME;
        SCIMConfigProcessor scimConfigProcessor = SCIMConfigProcessor.getInstance();
        scimConfigProcessor.buildConfigFromFile(filePath);
        // reading user schema extension
        if (Boolean.parseBoolean(scimConfigProcessor.getProperty("user-schema-extension-enabled"))) {
            String schemaFilePath = CarbonUtils.getCarbonConfigDirPath() + File.separator + SCIMConfigConstants.SCIM_SCHEMA_EXTENSION_CONFIG;
            SCIMUserSchemaExtensionBuilder.getInstance().buildUserSchemaExtension(schemaFilePath);
        }
        // If custom schema is enabled, read it root attribute URI from the file config if it is configured.
        if (SCIMCommonUtils.isCustomSchemaEnabled()) {
            SCIMCustomSchemaExtensionBuilder.getInstance().setURI(SCIMCommonUtils.getCustomSchemaURI());
        }
        // register UserOperationEventListener implementation
        SCIMUserOperationListener scimUserOperationListener = new SCIMUserOperationListener();
        userOperationEventListenerServiceReg = ctx.getBundleContext().registerService(UserOperationEventListener.class, scimUserOperationListener, null);
        // register scimTenantMgtListener implementation
        SCIMTenantMgtListener scimTenantMgtListener = new SCIMTenantMgtListener();
        tenantMgtListenerServiceReg = ctx.getBundleContext().registerService(TenantMgtListener.class, scimTenantMgtListener, null);
        // Register claim operation event handler implementation.
        ctx.getBundleContext().registerService(AbstractEventHandler.class.getName(), new SCIMClaimOperationEventHandler(), null);
        if (logger.isDebugEnabled()) {
            logger.debug("SCIMClaimOperationEventHandler is successfully registered.");
        }
        // Register default implementation of SCIMUserStoreErrorResolver
        ctx.getBundleContext().registerService(SCIMUserStoreErrorResolver.class.getName(), new DefaultSCIMUserStoreErrorResolver(), null);
        // Register default implementation of SCIMGroupResolver.
        ctx.getBundleContext().registerService(GroupResolver.class.getName(), new SCIMGroupResolver(), null);
        // Update super tenant user/group attributes.
        AdminAttributeUtil.updateAdminUser(MultitenantConstants.SUPER_TENANT_ID, true);
        AdminAttributeUtil.updateAdminGroup(MultitenantConstants.SUPER_TENANT_ID);
        if (logger.isDebugEnabled()) {
            logger.debug("SCIM Common component activated successfully.");
        }
    } catch (CharonException e) {
        logger.error("Error in reading information from identity tables at SCIMCommonComponentStartup.", e);
    } catch (InternalErrorException e) {
        logger.error("Error in reading information from identity tables at SCIMCommonComponentStartup.", e);
    }
}
Also used : UserOperationEventListener(org.wso2.carbon.user.core.listener.UserOperationEventListener) SCIMUserOperationListener(org.wso2.carbon.identity.scim2.common.listener.SCIMUserOperationListener) InternalErrorException(org.wso2.charon3.core.exceptions.InternalErrorException) SCIMConfigProcessor(org.wso2.carbon.identity.scim2.common.utils.SCIMConfigProcessor) SCIMTenantMgtListener(org.wso2.carbon.identity.scim2.common.listener.SCIMTenantMgtListener) TenantMgtListener(org.wso2.carbon.stratos.common.listeners.TenantMgtListener) SCIMTenantMgtListener(org.wso2.carbon.identity.scim2.common.listener.SCIMTenantMgtListener) DefaultSCIMUserStoreErrorResolver(org.wso2.carbon.identity.scim2.common.impl.DefaultSCIMUserStoreErrorResolver) SCIMUserStoreErrorResolver(org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreErrorResolver) AbstractEventHandler(org.wso2.carbon.identity.event.handler.AbstractEventHandler) SCIMClaimOperationEventHandler(org.wso2.carbon.identity.scim2.common.handlers.SCIMClaimOperationEventHandler) SCIMGroupResolver(org.wso2.carbon.identity.scim2.common.listener.SCIMGroupResolver) SCIMGroupResolver(org.wso2.carbon.identity.scim2.common.listener.SCIMGroupResolver) GroupResolver(org.wso2.carbon.user.core.listener.GroupResolver) CharonException(org.wso2.charon3.core.exceptions.CharonException) DefaultSCIMUserStoreErrorResolver(org.wso2.carbon.identity.scim2.common.impl.DefaultSCIMUserStoreErrorResolver) Activate(org.osgi.service.component.annotations.Activate)

Example 2 with SCIMGroupResolver

use of org.wso2.carbon.identity.scim2.common.listener.SCIMGroupResolver in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMGroupResolver method getGroupNameById.

@Override
public boolean getGroupNameById(String groupID, Group group, UserStoreManager userStoreManager) throws UserStoreException {
    int tenantId = userStoreManager.getTenantId();
    AbstractUserStoreManager abstractUserStoreManager = ((AbstractUserStoreManager) userStoreManager);
    boolean isGroupIdEnabled = abstractUserStoreManager.isUniqueGroupIdEnabled();
    /*
         * isGroupIdEnabled equal to false indicates that the given userstore only support the legacy behaviour. In
         * that case we need to support getting group details from IDN_SCIM_GROUP table.
         */
    if (isGroupIdEnabled) {
        if (log.isDebugEnabled()) {
            log.debug(String.format("SCIMGroupResolver will not be executed for userstore: %s in " + "tenant %s since group id support is available in the userstore manager", abstractUserStoreManager.getRealmConfiguration().getRealmProperty(PROPERTY_DOMAIN_NAME), tenantId));
        }
        return true;
    }
    String groupName;
    GroupDAO groupDAO = new GroupDAO();
    try {
        groupName = groupDAO.getGroupNameById(tenantId, groupID);
        if (StringUtils.isBlank(groupName)) {
            log.error(String.format("No group found with id: %s in tenant: %s", groupID, tenantId));
            return true;
        }
    } catch (IdentitySCIMException e) {
        throw new UserStoreException(String.format("Error occurred while getting the group name of " + "group: %s in tenant: %s", groupID, tenantId), e);
    }
    if (group == null) {
        group = new Group(groupID);
    }
    String domainName = UserCoreUtil.extractDomainFromName(groupName);
    group.setGroupName(resolveGroupName(groupName, domainName));
    group.setUserStoreDomain(UserCoreUtil.extractDomainFromName(groupName));
    group.setDisplayName(UserCoreUtil.removeDomainFromName(groupName));
    return true;
}
Also used : Group(org.wso2.carbon.user.core.common.Group) UserStoreException(org.wso2.carbon.user.core.UserStoreException) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) GroupDAO(org.wso2.carbon.identity.scim2.common.DAO.GroupDAO) IdentitySCIMException(org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException)

Example 3 with SCIMGroupResolver

use of org.wso2.carbon.identity.scim2.common.listener.SCIMGroupResolver in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMGroupResolver method getGroupsListOfUserByUserId.

@Override
public boolean getGroupsListOfUserByUserId(String userId, List<Group> groupList, UserStoreManager userStoreManager) throws UserStoreException {
    if (CollectionUtils.isEmpty(groupList)) {
        // To do filtering in IDN_SCIM_GROUP, we need group names. If the list is empty, we cannot do that.
        return true;
    }
    int tenantId = userStoreManager.getTenantId();
    AbstractUserStoreManager abstractUserStoreManager = ((AbstractUserStoreManager) userStoreManager);
    boolean isGroupIdEnabled = abstractUserStoreManager.isUniqueGroupIdEnabled();
    /*
         * isGroupIdEnabled equal to false indicates that the given userstore only support the legacy behaviour. In
         * that case we need to support getting group details from IDN_SCIM_GROUP table.
         */
    if (isGroupIdEnabled) {
        if (log.isDebugEnabled()) {
            log.debug(String.format("SCIMGroupResolver will not be executed for userstore: %s in " + "tenant %s since group id support is available in the userstore manager", abstractUserStoreManager.getRealmConfiguration().getRealmProperty(PROPERTY_DOMAIN_NAME), tenantId));
        }
        return true;
    }
    GroupDAO groupDAO = new GroupDAO();
    for (Group group : groupList) {
        // We need to only provide the group name and group id.
        try {
            group.setGroupID(groupDAO.getGroupIdByName(tenantId, group.getGroupName()));
        } catch (IdentitySCIMException e) {
            throw new UserStoreException(String.format("Error occurred while getting the group id of " + "group: %s in tenant: %s", group.getGroupName(), tenantId), e);
        }
    }
    return true;
}
Also used : Group(org.wso2.carbon.user.core.common.Group) UserStoreException(org.wso2.carbon.user.core.UserStoreException) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) GroupDAO(org.wso2.carbon.identity.scim2.common.DAO.GroupDAO) IdentitySCIMException(org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException)

Example 4 with SCIMGroupResolver

use of org.wso2.carbon.identity.scim2.common.listener.SCIMGroupResolver in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMGroupResolver method getGroupIdByName.

@Override
public boolean getGroupIdByName(String groupName, Group group, UserStoreManager userStoreManager) throws UserStoreException {
    int tenantId = userStoreManager.getTenantId();
    AbstractUserStoreManager abstractUserStoreManager = ((AbstractUserStoreManager) userStoreManager);
    boolean isGroupIdEnabled = abstractUserStoreManager.isUniqueGroupIdEnabled();
    /*
         * isGroupIdEnabled equal to false indicates that the given userstore only support the legacy behaviour. In
         * that case we need to support getting group details from IDN_SCIM_GROUP table.
         */
    if (isGroupIdEnabled) {
        if (log.isDebugEnabled()) {
            log.debug(String.format("SCIMGroupResolver will not be executed for userstore: %s in " + "tenant %s since group id support is available in the userstore manager", abstractUserStoreManager.getRealmConfiguration().getRealmProperty(PROPERTY_DOMAIN_NAME), tenantId));
        }
        return true;
    }
    if (log.isDebugEnabled()) {
        log.debug(String.format("Retrieving group with name: %s from tenant: %s", groupName, tenantId));
    }
    String groupId;
    GroupDAO groupDAO = new GroupDAO();
    try {
        groupId = groupDAO.getGroupIdByName(tenantId, groupName);
    } catch (IdentitySCIMException e) {
        throw new UserStoreException(String.format("Error occurred while getting the group id of " + "group: %s in tenant: %s", groupName, tenantId), e);
    }
    if (StringUtils.isBlank(groupId)) {
        if (log.isDebugEnabled()) {
            log.debug(String.format("No group found with the group name: %s in tenant: %s", groupName, tenantId));
        }
        return true;
    }
    String domainName = UserCoreUtil.extractDomainFromName(groupName);
    if (group == null) {
        group = new Group(groupId);
        group.setGroupName(resolveGroupName(groupName, domainName));
        group.setUserStoreDomain(domainName);
        group.setDisplayName(UserCoreUtil.removeDomainFromName(groupName));
    } else {
        group.setGroupID(groupId);
    }
    return true;
}
Also used : Group(org.wso2.carbon.user.core.common.Group) UserStoreException(org.wso2.carbon.user.core.UserStoreException) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) GroupDAO(org.wso2.carbon.identity.scim2.common.DAO.GroupDAO) IdentitySCIMException(org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException)

Example 5 with SCIMGroupResolver

use of org.wso2.carbon.identity.scim2.common.listener.SCIMGroupResolver in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMGroupResolver method listGroups.

@Override
public boolean listGroups(Condition condition, int limit, int offset, String domain, String sortBy, String sortOrder, List<Group> groupsList, UserStoreManager userStoreManager) throws UserStoreException {
    int tenantId = userStoreManager.getTenantId();
    AbstractUserStoreManager abstractUserStoreManager = ((AbstractUserStoreManager) userStoreManager);
    boolean isGroupIdEnabled = abstractUserStoreManager.isUniqueGroupIdEnabled();
    /*
         * isGroupIdEnabled equal to false indicates that the given userstore only support the legacy behaviour. In
         * that case we need to support getting group details from IDN_SCIM_GROUP table.
         */
    if (isGroupIdEnabled) {
        if (log.isDebugEnabled()) {
            log.debug(String.format("SCIMGroupResolver will not be executed for userstore: %s in " + "tenant %s since group id support is available in the userstore manager", abstractUserStoreManager.getRealmConfiguration().getRealmProperty(PROPERTY_DOMAIN_NAME), tenantId));
        }
        return true;
    }
    /*
         * Following fill be executed for backward compatible userstores. Those userstores did not have multi
         * attribute filtering. Therefore, we do not need to provide support for that.
         */
    if (condition instanceof OperationalCondition) {
        throw new UserStoreException("OperationalCondition filtering is not supported by userstore: " + userStoreManager.getClass());
    }
    ExpressionCondition expressionCondition = (ExpressionCondition) condition;
    String attributeName = resolveGroupAttributeWithSCIMSchema(expressionCondition.getAttributeName(), tenantId);
    String attributeValue = buildSearchAttributeValue(attributeName, expressionCondition.getOperation(), expressionCondition.getAttributeValue(), SQL_FILTERING_DELIMITER);
    GroupDAO groupDAO = new GroupDAO();
    try {
        String[] groupNames = groupDAO.getGroupNameList(attributeName, attributeValue, tenantId, domain);
        if (ArrayUtils.isEmpty(groupNames)) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("No groups found for the filter in userstore: %s in tenant: %s", domain, tenantId));
            }
            return true;
        }
        // Get details of the groups.
        for (String groupName : groupNames) {
            Map<String, String> attributes = groupDAO.getSCIMGroupAttributes(tenantId, groupName);
            String groupId = attributes.get(SCIMConstants.CommonSchemaConstants.ID_URI);
            String domainName = UserCoreUtil.extractDomainFromName(groupName);
            Group group = new Group(groupId, resolveGroupName(groupName, domainName));
            for (Map.Entry<String, String> entry : attributes.entrySet()) {
                if (SCIMConstants.CommonSchemaConstants.CREATED_URI.equals(entry.getKey())) {
                    group.setCreatedDate(entry.getValue());
                } else if (SCIMConstants.CommonSchemaConstants.LAST_MODIFIED_URI.equals(entry.getKey())) {
                    group.setLastModifiedDate(entry.getValue());
                } else if (SCIMConstants.CommonSchemaConstants.LOCATION_URI.equals(entry.getKey())) {
                    group.setLocation(SCIMCommonUtils.getSCIMGroupURL(groupId));
                }
            }
            group.setDisplayName(UserCoreUtil.removeDomainFromName(groupName));
            group.setUserStoreDomain(domainName);
            groupsList.add(group);
        }
    } catch (IdentitySCIMException e) {
        throw new UserStoreException(String.format("Error occurred while getting the group list in userstore: %s " + "in tenant: %s", domain, tenantId), e);
    }
    return true;
}
Also used : Group(org.wso2.carbon.user.core.common.Group) IdentitySCIMException(org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException) ExpressionCondition(org.wso2.carbon.user.core.model.ExpressionCondition) OperationalCondition(org.wso2.carbon.user.core.model.OperationalCondition) UserStoreException(org.wso2.carbon.user.core.UserStoreException) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) GroupDAO(org.wso2.carbon.identity.scim2.common.DAO.GroupDAO) Map(java.util.Map)

Aggregations

GroupDAO (org.wso2.carbon.identity.scim2.common.DAO.GroupDAO)6 IdentitySCIMException (org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException)6 UserStoreException (org.wso2.carbon.user.core.UserStoreException)6 AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)6 Group (org.wso2.carbon.user.core.common.Group)6 Map (java.util.Map)3 Activate (org.osgi.service.component.annotations.Activate)1 AbstractEventHandler (org.wso2.carbon.identity.event.handler.AbstractEventHandler)1 SCIMUserStoreErrorResolver (org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreErrorResolver)1 SCIMClaimOperationEventHandler (org.wso2.carbon.identity.scim2.common.handlers.SCIMClaimOperationEventHandler)1 DefaultSCIMUserStoreErrorResolver (org.wso2.carbon.identity.scim2.common.impl.DefaultSCIMUserStoreErrorResolver)1 SCIMGroupResolver (org.wso2.carbon.identity.scim2.common.listener.SCIMGroupResolver)1 SCIMTenantMgtListener (org.wso2.carbon.identity.scim2.common.listener.SCIMTenantMgtListener)1 SCIMUserOperationListener (org.wso2.carbon.identity.scim2.common.listener.SCIMUserOperationListener)1 SCIMConfigProcessor (org.wso2.carbon.identity.scim2.common.utils.SCIMConfigProcessor)1 TenantMgtListener (org.wso2.carbon.stratos.common.listeners.TenantMgtListener)1 GroupResolver (org.wso2.carbon.user.core.listener.GroupResolver)1 UserOperationEventListener (org.wso2.carbon.user.core.listener.UserOperationEventListener)1 ExpressionCondition (org.wso2.carbon.user.core.model.ExpressionCondition)1 OperationalCondition (org.wso2.carbon.user.core.model.OperationalCondition)1