use of org.wso2.carbon.user.core.UserRealm in project carbon-apimgt by wso2.
the class UserSignUpWorkflowExecutor method deleteUser.
/**
* Method to delete a user
*
* @param tenantDomain
* @param userName
* @throws Exception
*/
protected static void deleteUser(String tenantDomain, String userName) throws Exception {
if (log.isDebugEnabled()) {
log.debug("Remove the rejected user :" + userName);
}
RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();
int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
UserRealm realm = (UserRealm) realmService.getTenantUserRealm(tenantId);
UserStoreManager manager = realm.getUserStoreManager();
manager.deleteUser(userName);
}
use of org.wso2.carbon.user.core.UserRealm in project carbon-apimgt by wso2.
the class RemoteUserManagerClient method getUserList.
/**
* Return userlist based on a claim
*
* @param claim - The claim
* @param claimValue - The Claim Value
* @return - A user list
* @throws APIManagementException
*/
public String[] getUserList(String claim, String claimValue) throws APIManagementException {
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
try {
UserRealm tenantUserRealm = (UserRealm) ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId);
UserStoreManager userStoreManager = tenantUserRealm.getUserStoreManager();
return userStoreManager.getUserList(claim, claimValue, null);
} catch (Exception e) {
throw new APIManagementException("Error when retrieving user list", e);
}
}
use of org.wso2.carbon.user.core.UserRealm in project carbon-apimgt by wso2.
the class APIUtil method checkPermission.
/**
* Checks whether the specified user has the specified permission.
*
* @param username A username
* @param permission A valid Carbon permission
* @throws APIManagementException If the user does not have the specified permission or if an error occurs
*/
public static void checkPermission(String username, String permission) throws APIManagementException {
if (username == null) {
throw new APIManagementException("Attempt to execute privileged operation as" + " the anonymous user");
}
if (isPermissionCheckDisabled()) {
log.debug("Permission verification is disabled by APIStore configuration");
return;
}
String tenantDomain = MultitenantUtils.getTenantDomain(username);
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
boolean authorized;
try {
int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
if (!org.wso2.carbon.utils.multitenancy.MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
org.wso2.carbon.user.api.AuthorizationManager manager = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getAuthorizationManager();
authorized = manager.isUserAuthorized(MultitenantUtils.getTenantAwareUsername(username), permission, CarbonConstants.UI_PERMISSION_ACTION);
} else {
// store), the user realm will be null.
if (ServiceReferenceHolder.getUserRealm() == null) {
ServiceReferenceHolder.setUserRealm((UserRealm) ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId));
}
authorized = AuthorizationManager.getInstance().isUserAuthorized(MultitenantUtils.getTenantAwareUsername(username), permission);
}
if (!authorized) {
throw new APIManagementException("User '" + username + "' does not have the " + "required permission: " + permission);
}
} catch (UserStoreException e) {
throw new APIManagementException("Error while checking the user:" + username + " authorized or not", e);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
}
use of org.wso2.carbon.user.core.UserRealm in project carbon-apimgt by wso2.
the class APIUtil method setupSelfRegistration.
public void setupSelfRegistration(APIManagerConfiguration config, int tenantId) throws APIManagementException {
boolean enabled = Boolean.parseBoolean(config.getFirstProperty(APIConstants.SELF_SIGN_UP_ENABLED));
if (!enabled) {
return;
}
// Create the subscriber role as an internal role
String role = UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR + config.getFirstProperty(APIConstants.SELF_SIGN_UP_ROLE);
if ((UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR).equals(role)) {
// Required parameter missing - Throw an exception and interrupt startup
throw new APIManagementException("Required subscriber role parameter missing " + "in the self sign up configuration");
}
try {
RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();
UserRealm realm;
org.wso2.carbon.user.api.UserRealm tenantRealm;
UserStoreManager manager;
if (tenantId < 0) {
realm = realmService.getBootstrapRealm();
manager = realm.getUserStoreManager();
} else {
tenantRealm = realmService.getTenantUserRealm(tenantId);
manager = tenantRealm.getUserStoreManager();
}
if (!manager.isExistingRole(role)) {
if (log.isDebugEnabled()) {
log.debug("Creating subscriber role: " + role);
}
Permission[] subscriberPermissions = new Permission[] { new Permission("/permission/admin/login", UserMgtConstants.EXECUTE_ACTION), new Permission(APIConstants.Permissions.API_SUBSCRIBE, UserMgtConstants.EXECUTE_ACTION) };
String tenantAdminName = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getRealmConfiguration().getAdminUserName();
String[] userList = new String[] { tenantAdminName };
manager.addRole(role, userList, subscriberPermissions);
}
} catch (UserStoreException e) {
throw new APIManagementException("Error while creating subscriber role: " + role + " - " + "Self registration might not function properly.", e);
}
}
use of org.wso2.carbon.user.core.UserRealm in project carbon-apimgt by wso2.
the class APIUtil method hasPermission.
/**
* Checks whether the specified user has the specified permission.
*
* @param userNameWithoutChange A username
* @param permission A valid Carbon permission
* @throws APIManagementException If the user does not have the specified permission or if an error occurs
*/
public static boolean hasPermission(String userNameWithoutChange, String permission) throws APIManagementException {
boolean authorized = false;
if (userNameWithoutChange == null) {
throw new APIManagementException("Attempt to execute privileged operation as" + " the anonymous user");
}
if (isPermissionCheckDisabled()) {
log.debug("Permission verification is disabled by APIStore configuration");
authorized = true;
return authorized;
}
if (APIConstants.Permissions.APIM_ADMIN.equals(permission)) {
Integer value = getValueFromCache(APIConstants.API_PUBLISHER_ADMIN_PERMISSION_CACHE, userNameWithoutChange);
if (value != null) {
return value == 1;
}
}
String tenantDomain = MultitenantUtils.getTenantDomain(userNameWithoutChange);
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
try {
int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
if (!org.wso2.carbon.utils.multitenancy.MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
org.wso2.carbon.user.api.AuthorizationManager manager = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getAuthorizationManager();
authorized = manager.isUserAuthorized(MultitenantUtils.getTenantAwareUsername(userNameWithoutChange), permission, CarbonConstants.UI_PERMISSION_ACTION);
} else {
// store), the user realm will be null.
if (ServiceReferenceHolder.getUserRealm() == null) {
ServiceReferenceHolder.setUserRealm((UserRealm) ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId));
}
authorized = AuthorizationManager.getInstance().isUserAuthorized(MultitenantUtils.getTenantAwareUsername(userNameWithoutChange), permission);
}
if (APIConstants.Permissions.APIM_ADMIN.equals(permission)) {
addToRolesCache(APIConstants.API_PUBLISHER_ADMIN_PERMISSION_CACHE, userNameWithoutChange, authorized ? 1 : 2);
}
} catch (UserStoreException e) {
throw new APIManagementException("Error while checking the user:" + userNameWithoutChange + " authorized or not", e);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
return authorized;
}
Aggregations