use of org.wso2.carbon.user.api.UserStoreManager in project carbon-apimgt by wso2.
the class APIConsumerImpl method getAllowedScopesForUserApplication.
private static List<Scope> getAllowedScopesForUserApplication(String username, Set<Scope> reqScopeSet) {
String[] userRoles = null;
org.wso2.carbon.user.api.UserStoreManager userStoreManager = null;
String preservedCaseSensitiveValue = System.getProperty(PRESERVED_CASE_SENSITIVE_VARIABLE);
boolean preservedCaseSensitive = JavaUtils.isTrueExplicitly(preservedCaseSensitiveValue);
List<Scope> authorizedScopes = new ArrayList<Scope>();
try {
RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();
int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(MultitenantUtils.getTenantDomain(username));
userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager();
userRoles = userStoreManager.getRoleListOfUser(MultitenantUtils.getTenantAwareUsername(username));
} catch (org.wso2.carbon.user.api.UserStoreException e) {
// Log and return since we do not want to stop issuing the token in
// case of scope validation failures.
log.error("Error when getting the tenant's UserStoreManager or when getting roles of user ", e);
}
List<String> userRoleList;
if (userRoles != null) {
if (preservedCaseSensitive) {
userRoleList = Arrays.asList(userRoles);
} else {
userRoleList = new ArrayList<String>();
for (String userRole : userRoles) {
userRoleList.add(userRole.toLowerCase());
}
}
} else {
userRoleList = Collections.emptyList();
}
// Iterate the requested scopes list.
for (Scope scope : reqScopeSet) {
// Get the set of roles associated with the requested scope.
String roles = scope.getRoles();
// If the scope has been defined in the context of the App and if roles have been defined for the scope
if (roles != null && roles.length() != 0) {
List<String> roleList = new ArrayList<String>();
for (String scopeRole : roles.split(",")) {
if (preservedCaseSensitive) {
roleList.add(scopeRole.trim());
} else {
roleList.add(scopeRole.trim().toLowerCase());
}
}
// Check if user has at least one of the roles associated with the scope
roleList.retainAll(userRoleList);
if (!roleList.isEmpty()) {
authorizedScopes.add(scope);
}
}
}
return authorizedScopes;
}
use of org.wso2.carbon.user.api.UserStoreManager in project carbon-apimgt by wso2.
the class APIProviderImpl method getSubscriberClaims.
/**
* Returns the claims of subscriber for the given subscriber.
*
* @param subscriber The name of the subscriber to be returned
* @return The looked up claims of the subscriber or null if the requested subscriber does not exist
* @throws APIManagementException if failed to get Subscriber
*/
@Override
public Map<String, String> getSubscriberClaims(String subscriber) throws APIManagementException {
String tenantDomain = MultitenantUtils.getTenantDomain(subscriber);
int tenantId = 0;
Map<String, String> claimMap = new HashMap<>();
Map<String, String> subscriberClaims = null;
String configuredClaims = "";
try {
tenantId = getTenantId(tenantDomain);
UserStoreManager userStoreManager = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
if (userStoreManager.isExistingUser(subscriber)) {
subscriberClaims = APIUtil.getClaims(subscriber, tenantId, ClaimsRetriever.DEFAULT_DIALECT_URI);
APIManagerConfiguration configuration = getAPIManagerConfiguration();
configuredClaims = configuration.getFirstProperty(APIConstants.API_PUBLISHER_SUBSCRIBER_CLAIMS);
}
for (String claimURI : configuredClaims.split(",")) {
if (subscriberClaims != null) {
claimMap.put(claimURI, subscriberClaims.get(claimURI));
}
}
} catch (UserStoreException e) {
throw new APIManagementException("Error while retrieving tenant id for tenant domain " + tenantDomain, e);
}
return claimMap;
}
use of org.wso2.carbon.user.api.UserStoreManager in project carbon-apimgt by wso2.
the class APIUtil method createRole.
/**
* Creates a role with a given set of permissions for the specified tenant
*
* @param roleName role name
* @param permissions a set of permissions to be associated with the role
* @param tenantId id of the tenant
* @throws APIManagementException
*/
public static void createRole(String roleName, Permission[] permissions, int tenantId) throws APIManagementException {
try {
RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();
UserRealm realm;
org.wso2.carbon.user.api.UserRealm tenantRealm;
UserStoreManager manager;
if (tenantId < 0) {
realm = realmService.getBootstrapRealm();
manager = realm.getUserStoreManager();
} else {
tenantRealm = realmService.getTenantUserRealm(tenantId);
manager = tenantRealm.getUserStoreManager();
}
if (!manager.isExistingRole(roleName)) {
if (log.isDebugEnabled()) {
log.debug("Creating role: " + roleName);
}
String tenantAdminName = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getRealmConfiguration().getAdminUserName();
String[] userList = new String[] { tenantAdminName };
manager.addRole(roleName, userList, permissions);
}
} catch (UserStoreException e) {
throw new APIManagementException("Error while creating role: " + roleName, e);
}
}
use of org.wso2.carbon.user.api.UserStoreManager in project carbon-apimgt by wso2.
the class APIUtil method isUserExist.
/**
* Check whether user is exist
*
* @param username A username
* @throws APIManagementException If an error occurs
*/
public static boolean isUserExist(String username) throws APIManagementException {
if (username == null) {
throw new APIManagementException("Attempt to execute privileged operation as the anonymous user");
}
String tenantDomain = MultitenantUtils.getTenantDomain(username);
String tenantAwareUserName = MultitenantUtils.getTenantAwareUsername(username);
try {
int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
UserStoreManager manager = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
return manager.isExistingUser(tenantAwareUserName);
} catch (UserStoreException e) {
throw new APIManagementException("UserStoreException while trying the user existence " + username, e);
}
}
use of org.wso2.carbon.user.api.UserStoreManager in project carbon-apimgt by wso2.
the class SystemScopesIssuer method getUserRoles.
/**
* This method is used to get roles list of the user.
*
* @param authenticatedUser Authenticated user
* @return roles list
*/
private String[] getUserRoles(AuthenticatedUser authenticatedUser) {
String[] userRoles = null;
String tenantDomain;
String username;
if (authenticatedUser.isFederatedUser()) {
tenantDomain = MultitenantUtils.getTenantDomain(authenticatedUser.getAuthenticatedSubjectIdentifier());
username = MultitenantUtils.getTenantAwareUsername(authenticatedUser.getAuthenticatedSubjectIdentifier());
} else {
tenantDomain = authenticatedUser.getTenantDomain();
username = authenticatedUser.getUserName();
}
String userStoreDomain = authenticatedUser.getUserStoreDomain();
RealmService realmService = getRealmService();
try {
int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
// If tenant Id is not set in the tokenReqContext, deriving it from username.
if (tenantId == 0 || tenantId == -1) {
tenantId = getTenantIdOfUser(username);
}
UserStoreManager userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager();
String endUsernameWithDomain = addDomainToName(username, userStoreDomain);
userRoles = userStoreManager.getRoleListOfUser(endUsernameWithDomain);
} catch (UserStoreException e) {
// Log and return since we do not want to stop issuing the token in case of scope validation failures.
log.error("Error when getting the tenant's UserStoreManager or when getting roles of user ", e);
}
return userRoles;
}
Aggregations