Example 51 with UserRealm
use of org.wso2.carbon.user.core.UserRealm in project carbon-apimgt by wso2.
the class UserSignUpWorkflowExecutor method deleteUser.
/**
* Method to delete a user
*
* @param tenantDomain
* @param userName
* @throws Exception
*/
protected static void deleteUser(String tenantDomain, String userName) throws Exception {
if (log.isDebugEnabled()) {
log.debug("Remove the rejected user :" + userName);
}
RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();
int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
UserRealm realm = (UserRealm) realmService.getTenantUserRealm(tenantId);
UserStoreManager manager = realm.getUserStoreManager();
manager.deleteUser(userName);
}
Also used :
UserRealm(org.wso2.carbon.user.core.UserRealm)
RealmService(org.wso2.carbon.user.core.service.RealmService)
UserStoreManager(org.wso2.carbon.user.api.UserStoreManager)
Example 52 with UserRealm
use of org.wso2.carbon.user.core.UserRealm in project carbon-apimgt by wso2.
the class RemoteUserManagerClient method getUserList.
/**
* Return userlist based on a claim
*
* @param claim - The claim
* @param claimValue - The Claim Value
* @return - A user list
* @throws APIManagementException
*/
public String[] getUserList(String claim, String claimValue) throws APIManagementException {
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
try {
UserRealm tenantUserRealm = (UserRealm) ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId);
UserStoreManager userStoreManager = tenantUserRealm.getUserStoreManager();
return userStoreManager.getUserList(claim, claimValue, null);
} catch (Exception e) {
throw new APIManagementException("Error when retrieving user list", e);
}
}
Also used :
UserRealm(org.wso2.carbon.user.core.UserRealm)
APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)
UserStoreManager(org.wso2.carbon.user.core.UserStoreManager)
APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)
Example 53 with UserRealm
use of org.wso2.carbon.user.core.UserRealm in project carbon-apimgt by wso2.
the class APIUtil method checkPermission.
/**
* Checks whether the specified user has the specified permission.
*
* @param username A username
* @param permission A valid Carbon permission
* @throws APIManagementException If the user does not have the specified permission or if an error occurs
*/
public static void checkPermission(String username, String permission) throws APIManagementException {
if (username == null) {
throw new APIManagementException("Attempt to execute privileged operation as" + " the anonymous user");
}
if (isPermissionCheckDisabled()) {
log.debug("Permission verification is disabled by APIStore configuration");
return;
}
String tenantDomain = MultitenantUtils.getTenantDomain(username);
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
boolean authorized;
try {
int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
if (!org.wso2.carbon.utils.multitenancy.MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
org.wso2.carbon.user.api.AuthorizationManager manager = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getAuthorizationManager();
authorized = manager.isUserAuthorized(MultitenantUtils.getTenantAwareUsername(username), permission, CarbonConstants.UI_PERMISSION_ACTION);
} else {
// store), the user realm will be null.
if (ServiceReferenceHolder.getUserRealm() == null) {
ServiceReferenceHolder.setUserRealm((UserRealm) ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId));
}
authorized = AuthorizationManager.getInstance().isUserAuthorized(MultitenantUtils.getTenantAwareUsername(username), permission);
}
if (!authorized) {
throw new APIManagementException("User '" + username + "' does not have the " + "required permission: " + permission);
}
} catch (UserStoreException e) {
throw new APIManagementException("Error while checking the user:" + username + " authorized or not", e);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
}
Also used :
APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
Endpoint(org.wso2.carbon.governance.api.endpoints.dataobjects.Endpoint)
Example 54 with UserRealm
use of org.wso2.carbon.user.core.UserRealm in project carbon-apimgt by wso2.
the class APIUtil method setupSelfRegistration.
public void setupSelfRegistration(APIManagerConfiguration config, int tenantId) throws APIManagementException {
boolean enabled = Boolean.parseBoolean(config.getFirstProperty(APIConstants.SELF_SIGN_UP_ENABLED));
if (!enabled) {
return;
}
// Create the subscriber role as an internal role
String role = UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR + config.getFirstProperty(APIConstants.SELF_SIGN_UP_ROLE);
if ((UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR).equals(role)) {
// Required parameter missing - Throw an exception and interrupt startup
throw new APIManagementException("Required subscriber role parameter missing " + "in the self sign up configuration");
}
try {
RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();
UserRealm realm;
org.wso2.carbon.user.api.UserRealm tenantRealm;
UserStoreManager manager;
if (tenantId < 0) {
realm = realmService.getBootstrapRealm();
manager = realm.getUserStoreManager();
} else {
tenantRealm = realmService.getTenantUserRealm(tenantId);
manager = tenantRealm.getUserStoreManager();
}
if (!manager.isExistingRole(role)) {
if (log.isDebugEnabled()) {
log.debug("Creating subscriber role: " + role);
}
Permission[] subscriberPermissions = new Permission[] { new Permission("/permission/admin/login", UserMgtConstants.EXECUTE_ACTION), new Permission(APIConstants.Permissions.API_SUBSCRIBE, UserMgtConstants.EXECUTE_ACTION) };
String tenantAdminName = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getRealmConfiguration().getAdminUserName();
String[] userList = new String[] { tenantAdminName };
manager.addRole(role, userList, subscriberPermissions);
}
} catch (UserStoreException e) {
throw new APIManagementException("Error while creating subscriber role: " + role + " - " + "Self registration might not function properly.", e);
}
}
Also used :
UserStoreManager(org.wso2.carbon.user.api.UserStoreManager)
AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)
APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)
UserRealm(org.wso2.carbon.user.core.UserRealm)
RealmService(org.wso2.carbon.user.core.service.RealmService)
Permission(org.wso2.carbon.user.api.Permission)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
Example 55 with UserRealm
use of org.wso2.carbon.user.core.UserRealm in project carbon-apimgt by wso2.
the class APIUtil method hasPermission.
/**
* Checks whether the specified user has the specified permission.
*
* @param userNameWithoutChange A username
* @param permission A valid Carbon permission
* @throws APIManagementException If the user does not have the specified permission or if an error occurs
*/
public static boolean hasPermission(String userNameWithoutChange, String permission) throws APIManagementException {
boolean authorized = false;
if (userNameWithoutChange == null) {
throw new APIManagementException("Attempt to execute privileged operation as" + " the anonymous user");
}
if (isPermissionCheckDisabled()) {
log.debug("Permission verification is disabled by APIStore configuration");
authorized = true;
return authorized;
}
if (APIConstants.Permissions.APIM_ADMIN.equals(permission)) {
Integer value = getValueFromCache(APIConstants.API_PUBLISHER_ADMIN_PERMISSION_CACHE, userNameWithoutChange);
if (value != null) {
return value == 1;
}
}
String tenantDomain = MultitenantUtils.getTenantDomain(userNameWithoutChange);
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
try {
int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
if (!org.wso2.carbon.utils.multitenancy.MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
org.wso2.carbon.user.api.AuthorizationManager manager = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getAuthorizationManager();
authorized = manager.isUserAuthorized(MultitenantUtils.getTenantAwareUsername(userNameWithoutChange), permission, CarbonConstants.UI_PERMISSION_ACTION);
} else {
// store), the user realm will be null.
if (ServiceReferenceHolder.getUserRealm() == null) {
ServiceReferenceHolder.setUserRealm((UserRealm) ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId));
}
authorized = AuthorizationManager.getInstance().isUserAuthorized(MultitenantUtils.getTenantAwareUsername(userNameWithoutChange), permission);
}
if (APIConstants.Permissions.APIM_ADMIN.equals(permission)) {
addToRolesCache(APIConstants.API_PUBLISHER_ADMIN_PERMISSION_CACHE, userNameWithoutChange, authorized ? 1 : 2);
}
} catch (UserStoreException e) {
throw new APIManagementException("Error while checking the user:" + userNameWithoutChange + " authorized or not", e);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
return authorized;
}
Also used :
BigInteger(java.math.BigInteger)
APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
Endpoint(org.wso2.carbon.governance.api.endpoints.dataobjects.Endpoint)
Aggregations
RealmService (org.wso2.carbon.user.core.service.RealmService)34
UserRealm (org.wso2.carbon.user.core.UserRealm)32
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)23
Test (org.junit.Test)21
UserRealm (org.wso2.carbon.user.api.UserRealm)20
UserStoreException (org.wso2.carbon.user.api.UserStoreException)18
TenantManager (org.wso2.carbon.user.core.tenant.TenantManager)15
ServiceReferenceHolder (org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder)14
UserStoreManager (org.wso2.carbon.user.core.UserStoreManager)13
UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)11
APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)10
RegistryService (org.wso2.carbon.registry.core.service.RegistryService)9
UserRegistry (org.wso2.carbon.registry.core.session.UserRegistry)9
UserStoreException (org.wso2.carbon.user.core.UserStoreException)7
PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)6
AuthenticationFailedException (org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException)6
APIManagerConfiguration (org.wso2.carbon.apimgt.impl.APIManagerConfiguration)5
RealmConfiguration (org.wso2.carbon.user.api.RealmConfiguration)5
Matchers.anyString (org.mockito.Matchers.anyString)4
Organization (org.wso2.carbon.apimgt.persistence.dto.Organization)4
