Search in sources :

Example 61 with UserStoreException

use of org.wso2.carbon.user.api.UserStoreException in project carbon-apimgt by wso2.

the class APIUtil method copyResourcePermissions.

public static void copyResourcePermissions(String username, String sourceArtifactPath, String targetArtifactPath) throws APIManagementException {
    String sourceResourcePath = RegistryUtils.getAbsolutePath(RegistryContext.getBaseInstance(), APIUtil.getMountedPath(RegistryContext.getBaseInstance(), RegistryConstants.GOVERNANCE_REGISTRY_BASE_PATH) + sourceArtifactPath);
    String targetResourcePath = RegistryUtils.getAbsolutePath(RegistryContext.getBaseInstance(), APIUtil.getMountedPath(RegistryContext.getBaseInstance(), RegistryConstants.GOVERNANCE_REGISTRY_BASE_PATH) + targetArtifactPath);
    String tenantDomain = MultitenantUtils.getTenantDomain(APIUtil.replaceEmailDomainBack(username));
    try {
        int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
        org.wso2.carbon.user.api.AuthorizationManager authManager = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getAuthorizationManager();
        String[] allowedRoles = authManager.getAllowedRolesForResource(sourceResourcePath, ActionConstants.GET);
        if (allowedRoles != null) {
            for (String allowedRole : allowedRoles) {
                authManager.authorizeRole(allowedRole, targetResourcePath, ActionConstants.GET);
            }
        }
    } catch (UserStoreException e) {
        throw new APIManagementException("Error while adding role permissions to API", e);
    }
}
Also used : APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) UserStoreException(org.wso2.carbon.user.api.UserStoreException) Endpoint(org.wso2.carbon.governance.api.endpoints.dataobjects.Endpoint)

Example 62 with UserStoreException

use of org.wso2.carbon.user.api.UserStoreException in project carbon-apimgt by wso2.

the class APIUtil method getAdminPassword.

/**
 * Return the admin password read from the user-mgt.xml
 *
 * @return
 * @throws APIMgtInternalException
 */
public static String getAdminPassword() throws APIMgtInternalException {
    String adminPassword = "admin";
    try {
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId);
        adminPassword = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getRealmConfiguration().getAdminPassword();
    } catch (UserStoreException e) {
        handleInternalException("Error in getting admin password from user-mgt.xml", e);
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
    }
    return adminPassword;
}
Also used : UserStoreException(org.wso2.carbon.user.api.UserStoreException) Endpoint(org.wso2.carbon.governance.api.endpoints.dataobjects.Endpoint)

Example 63 with UserStoreException

use of org.wso2.carbon.user.api.UserStoreException in project carbon-apimgt by wso2.

the class APIUtil method isUserInRole.

/**
 * Check whether the user has the given role
 *
 * @throws UserStoreException
 * @throws APIManagementException
 */
public static boolean isUserInRole(String user, String role) throws UserStoreException, APIManagementException {
    String tenantDomain = MultitenantUtils.getTenantDomain(APIUtil.replaceEmailDomainBack(user));
    UserRegistrationConfigDTO signupConfig = SelfSignUpUtil.getSignupConfiguration(tenantDomain);
    user = SelfSignUpUtil.getDomainSpecificUserName(user, signupConfig);
    String tenantAwareUserName = MultitenantUtils.getTenantAwareUsername(user);
    RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();
    int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
    UserRealm realm = (UserRealm) realmService.getTenantUserRealm(tenantId);
    org.wso2.carbon.user.core.UserStoreManager manager = realm.getUserStoreManager();
    AbstractUserStoreManager abstractManager = (AbstractUserStoreManager) manager;
    return abstractManager.isUserInRole(tenantAwareUserName, role);
}
Also used : UserRealm(org.wso2.carbon.user.core.UserRealm) UserRegistrationConfigDTO(org.wso2.carbon.apimgt.impl.dto.UserRegistrationConfigDTO) RealmService(org.wso2.carbon.user.core.service.RealmService) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) Endpoint(org.wso2.carbon.governance.api.endpoints.dataobjects.Endpoint)

Example 64 with UserStoreException

use of org.wso2.carbon.user.api.UserStoreException in project carbon-apimgt by wso2.

the class APIUtil method getAdminUsername.

/**
 * Return the admin username read from the user-mgt.xml
 *
 * @return
 * @throws APIMgtInternalException
 */
public static String getAdminUsername() throws APIMgtInternalException {
    String adminName = "admin";
    try {
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId);
        adminName = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getRealmConfiguration().getAdminUserName();
    } catch (UserStoreException e) {
        handleInternalException("Error in getting admin username from user-mgt.xml", e);
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
    }
    return adminName;
}
Also used : UserStoreException(org.wso2.carbon.user.api.UserStoreException) Endpoint(org.wso2.carbon.governance.api.endpoints.dataobjects.Endpoint)

Example 65 with UserStoreException

use of org.wso2.carbon.user.api.UserStoreException in project carbon-apimgt by wso2.

the class APIUtil method setResourcePermissions.

/**
 * This function is to set resource permissions based on its visibility
 *
 * @param visibility   API/Product visibility
 * @param roles        Authorized roles
 * @param artifactPath API/Product resource path
 * @param registry     Registry
 * @throws APIManagementException Throwing exception
 */
public static void setResourcePermissions(String username, String visibility, String[] roles, String artifactPath, Registry registry) throws APIManagementException {
    try {
        String resourcePath = RegistryUtils.getAbsolutePath(RegistryContext.getBaseInstance(), APIUtil.getMountedPath(RegistryContext.getBaseInstance(), RegistryConstants.GOVERNANCE_REGISTRY_BASE_PATH) + artifactPath);
        Resource registryResource = null;
        if (registry != null && registry.resourceExists(artifactPath)) {
            registryResource = registry.get(artifactPath);
        }
        StringBuilder publisherAccessRoles = new StringBuilder(APIConstants.NULL_USER_ROLE_LIST);
        if (registryResource != null) {
            String publisherRole = registryResource.getProperty(APIConstants.PUBLISHER_ROLES);
            if (publisherRole != null) {
                publisherAccessRoles = new StringBuilder(publisherRole);
            }
            if (StringUtils.isEmpty(publisherAccessRoles.toString())) {
                publisherAccessRoles = new StringBuilder(APIConstants.NULL_USER_ROLE_LIST);
            }
            if (APIConstants.API_GLOBAL_VISIBILITY.equalsIgnoreCase(visibility) || APIConstants.API_PRIVATE_VISIBILITY.equalsIgnoreCase(visibility)) {
                registryResource.setProperty(APIConstants.STORE_VIEW_ROLES, APIConstants.NULL_USER_ROLE_LIST);
                // set publisher
                publisherAccessRoles = new StringBuilder(APIConstants.NULL_USER_ROLE_LIST);
            // access roles null since store visibility is global. We do not need to add any roles to
            // store_view_role property.
            } else {
                registryResource.setProperty(APIConstants.STORE_VIEW_ROLES, publisherAccessRoles.toString());
            }
        }
        String tenantDomain = MultitenantUtils.getTenantDomain(APIUtil.replaceEmailDomainBack(username));
        if (!org.wso2.carbon.utils.multitenancy.MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
            int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
            // calculate resource path
            RegistryAuthorizationManager authorizationManager = new RegistryAuthorizationManager(ServiceReferenceHolder.getUserRealm());
            resourcePath = authorizationManager.computePathOnMount(resourcePath);
            org.wso2.carbon.user.api.AuthorizationManager authManager = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getAuthorizationManager();
            if (visibility != null && APIConstants.API_RESTRICTED_VISIBILITY.equalsIgnoreCase(visibility)) {
                boolean isRoleEveryOne = false;
                /*If no roles have defined, authorize for everyone role */
                if (roles != null) {
                    if (roles.length == 1 && "".equals(roles[0])) {
                        authManager.authorizeRole(APIConstants.EVERYONE_ROLE, resourcePath, ActionConstants.GET);
                        isRoleEveryOne = true;
                    } else {
                        for (String role : roles) {
                            if (APIConstants.EVERYONE_ROLE.equalsIgnoreCase(role.trim())) {
                                isRoleEveryOne = true;
                            }
                            authManager.authorizeRole(role.trim(), resourcePath, ActionConstants.GET);
                            publisherAccessRoles.append(",").append(role.trim().toLowerCase());
                        }
                    }
                }
                if (!isRoleEveryOne) {
                    authManager.denyRole(APIConstants.EVERYONE_ROLE, resourcePath, ActionConstants.GET);
                }
                authManager.denyRole(APIConstants.ANONYMOUS_ROLE, resourcePath, ActionConstants.GET);
            } else if (visibility != null && APIConstants.API_PRIVATE_VISIBILITY.equalsIgnoreCase(visibility)) {
                authManager.authorizeRole(APIConstants.EVERYONE_ROLE, resourcePath, ActionConstants.GET);
                authManager.denyRole(APIConstants.ANONYMOUS_ROLE, resourcePath, ActionConstants.GET);
            } else if (visibility != null && APIConstants.DOC_OWNER_VISIBILITY.equalsIgnoreCase(visibility)) {
                /*If no roles have defined, deny access for everyone & anonymous role */
                if (roles == null) {
                    authManager.denyRole(APIConstants.EVERYONE_ROLE, resourcePath, ActionConstants.GET);
                    authManager.denyRole(APIConstants.ANONYMOUS_ROLE, resourcePath, ActionConstants.GET);
                } else {
                    for (String role : roles) {
                        authManager.denyRole(role.trim(), resourcePath, ActionConstants.GET);
                    }
                }
            } else {
                authManager.authorizeRole(APIConstants.EVERYONE_ROLE, resourcePath, ActionConstants.GET);
                authManager.authorizeRole(APIConstants.ANONYMOUS_ROLE, resourcePath, ActionConstants.GET);
            }
        } else {
            RegistryAuthorizationManager authorizationManager = new RegistryAuthorizationManager(ServiceReferenceHolder.getUserRealm());
            if (visibility != null && APIConstants.API_RESTRICTED_VISIBILITY.equalsIgnoreCase(visibility)) {
                boolean isRoleEveryOne = false;
                if (roles != null) {
                    for (String role : roles) {
                        if (APIConstants.EVERYONE_ROLE.equalsIgnoreCase(role.trim())) {
                            isRoleEveryOne = true;
                        }
                        authorizationManager.authorizeRole(role.trim(), resourcePath, ActionConstants.GET);
                        publisherAccessRoles.append(",").append(role.toLowerCase());
                    }
                }
                if (!isRoleEveryOne) {
                    authorizationManager.denyRole(APIConstants.EVERYONE_ROLE, resourcePath, ActionConstants.GET);
                }
                authorizationManager.denyRole(APIConstants.ANONYMOUS_ROLE, resourcePath, ActionConstants.GET);
            } else if (visibility != null && APIConstants.API_PRIVATE_VISIBILITY.equalsIgnoreCase(visibility)) {
                authorizationManager.authorizeRole(APIConstants.EVERYONE_ROLE, resourcePath, ActionConstants.GET);
                authorizationManager.denyRole(APIConstants.ANONYMOUS_ROLE, resourcePath, ActionConstants.GET);
            } else if (visibility != null && APIConstants.DOC_OWNER_VISIBILITY.equalsIgnoreCase(visibility)) {
                /*If no roles have defined, deny access for everyone & anonymous role */
                if (roles == null) {
                    authorizationManager.denyRole(APIConstants.EVERYONE_ROLE, resourcePath, ActionConstants.GET);
                    authorizationManager.denyRole(APIConstants.ANONYMOUS_ROLE, resourcePath, ActionConstants.GET);
                } else {
                    for (String role : roles) {
                        authorizationManager.denyRole(role.trim(), resourcePath, ActionConstants.GET);
                    }
                }
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Store view roles for " + artifactPath + " : " + publisherAccessRoles.toString());
                }
                authorizationManager.authorizeRole(APIConstants.EVERYONE_ROLE, resourcePath, ActionConstants.GET);
                authorizationManager.authorizeRole(APIConstants.ANONYMOUS_ROLE, resourcePath, ActionConstants.GET);
            }
        }
        if (registryResource != null) {
            registryResource.setProperty(APIConstants.STORE_VIEW_ROLES, publisherAccessRoles.toString());
            registry.put(artifactPath, registryResource);
        }
    } catch (UserStoreException e) {
        throw new APIManagementException("Error while adding role permissions to API", e);
    } catch (RegistryException e) {
        throw new APIManagementException("Registry exception while adding role permissions to API", e);
    }
}
Also used : Resource(org.wso2.carbon.registry.core.Resource) APIProductResource(org.wso2.carbon.apimgt.api.model.APIProductResource) APIResource(org.wso2.carbon.apimgt.api.doc.model.APIResource) RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException) Endpoint(org.wso2.carbon.governance.api.endpoints.dataobjects.Endpoint) APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) RegistryAuthorizationManager(org.wso2.carbon.registry.core.jdbc.realm.RegistryAuthorizationManager) UserStoreException(org.wso2.carbon.user.api.UserStoreException)

Aggregations

UserStoreException (org.wso2.carbon.user.api.UserStoreException)127 APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)65 RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)47 Test (org.junit.Test)37 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)37 RealmService (org.wso2.carbon.user.core.service.RealmService)36 ArrayList (java.util.ArrayList)33 UserRegistry (org.wso2.carbon.registry.core.session.UserRegistry)33 API (org.wso2.carbon.apimgt.api.model.API)31 APIIdentifier (org.wso2.carbon.apimgt.api.model.APIIdentifier)27 HashMap (java.util.HashMap)25 SubscribedAPI (org.wso2.carbon.apimgt.api.model.SubscribedAPI)23 GenericArtifact (org.wso2.carbon.governance.api.generic.dataobjects.GenericArtifact)23 Resource (org.wso2.carbon.registry.core.Resource)23 Endpoint (org.wso2.carbon.governance.api.endpoints.dataobjects.Endpoint)21 JSONObject (org.json.simple.JSONObject)20 GenericArtifactManager (org.wso2.carbon.governance.api.generic.GenericArtifactManager)20 RegistryService (org.wso2.carbon.registry.core.service.RegistryService)20 HashSet (java.util.HashSet)19 ServiceReferenceHolder (org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder)18