Search in sources :

Example 51 with UserRealm

use of org.wso2.carbon.user.core.UserRealm in project carbon-apimgt by wso2.

the class UserSignUpWorkflowExecutor method deleteUser.

/**
 * Method to delete a user
 *
 * @param tenantDomain
 * @param userName
 * @throws Exception
 */
protected static void deleteUser(String tenantDomain, String userName) throws Exception {
    if (log.isDebugEnabled()) {
        log.debug("Remove the rejected user :" + userName);
    }
    RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();
    int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
    UserRealm realm = (UserRealm) realmService.getTenantUserRealm(tenantId);
    UserStoreManager manager = realm.getUserStoreManager();
    manager.deleteUser(userName);
}
Also used : UserRealm(org.wso2.carbon.user.core.UserRealm) RealmService(org.wso2.carbon.user.core.service.RealmService) UserStoreManager(org.wso2.carbon.user.api.UserStoreManager)

Example 52 with UserRealm

use of org.wso2.carbon.user.core.UserRealm in project carbon-apimgt by wso2.

the class RemoteUserManagerClient method getUserList.

/**
 * Return userlist based on a claim
 *
 * @param claim      - The claim
 * @param claimValue - The Claim Value
 * @return - A user list
 * @throws APIManagementException
 */
public String[] getUserList(String claim, String claimValue) throws APIManagementException {
    int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
    try {
        UserRealm tenantUserRealm = (UserRealm) ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId);
        UserStoreManager userStoreManager = tenantUserRealm.getUserStoreManager();
        return userStoreManager.getUserList(claim, claimValue, null);
    } catch (Exception e) {
        throw new APIManagementException("Error when retrieving user list", e);
    }
}
Also used : UserRealm(org.wso2.carbon.user.core.UserRealm) APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) UserStoreManager(org.wso2.carbon.user.core.UserStoreManager) APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)

Example 53 with UserRealm

use of org.wso2.carbon.user.core.UserRealm in project carbon-apimgt by wso2.

the class APIUtil method checkPermission.

/**
 * Checks whether the specified user has the specified permission.
 *
 * @param username   A username
 * @param permission A valid Carbon permission
 * @throws APIManagementException If the user does not have the specified permission or if an error occurs
 */
public static void checkPermission(String username, String permission) throws APIManagementException {
    if (username == null) {
        throw new APIManagementException("Attempt to execute privileged operation as" + " the anonymous user");
    }
    if (isPermissionCheckDisabled()) {
        log.debug("Permission verification is disabled by APIStore configuration");
        return;
    }
    String tenantDomain = MultitenantUtils.getTenantDomain(username);
    PrivilegedCarbonContext.startTenantFlow();
    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
    boolean authorized;
    try {
        int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
        if (!org.wso2.carbon.utils.multitenancy.MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
            org.wso2.carbon.user.api.AuthorizationManager manager = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getAuthorizationManager();
            authorized = manager.isUserAuthorized(MultitenantUtils.getTenantAwareUsername(username), permission, CarbonConstants.UI_PERMISSION_ACTION);
        } else {
            // store), the user realm will be null.
            if (ServiceReferenceHolder.getUserRealm() == null) {
                ServiceReferenceHolder.setUserRealm((UserRealm) ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId));
            }
            authorized = AuthorizationManager.getInstance().isUserAuthorized(MultitenantUtils.getTenantAwareUsername(username), permission);
        }
        if (!authorized) {
            throw new APIManagementException("User '" + username + "' does not have the " + "required permission: " + permission);
        }
    } catch (UserStoreException e) {
        throw new APIManagementException("Error while checking the user:" + username + " authorized or not", e);
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
    }
}
Also used : APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) UserStoreException(org.wso2.carbon.user.api.UserStoreException) Endpoint(org.wso2.carbon.governance.api.endpoints.dataobjects.Endpoint)

Example 54 with UserRealm

use of org.wso2.carbon.user.core.UserRealm in project carbon-apimgt by wso2.

the class APIUtil method setupSelfRegistration.

public void setupSelfRegistration(APIManagerConfiguration config, int tenantId) throws APIManagementException {
    boolean enabled = Boolean.parseBoolean(config.getFirstProperty(APIConstants.SELF_SIGN_UP_ENABLED));
    if (!enabled) {
        return;
    }
    // Create the subscriber role as an internal role
    String role = UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR + config.getFirstProperty(APIConstants.SELF_SIGN_UP_ROLE);
    if ((UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR).equals(role)) {
        // Required parameter missing - Throw an exception and interrupt startup
        throw new APIManagementException("Required subscriber role parameter missing " + "in the self sign up configuration");
    }
    try {
        RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();
        UserRealm realm;
        org.wso2.carbon.user.api.UserRealm tenantRealm;
        UserStoreManager manager;
        if (tenantId < 0) {
            realm = realmService.getBootstrapRealm();
            manager = realm.getUserStoreManager();
        } else {
            tenantRealm = realmService.getTenantUserRealm(tenantId);
            manager = tenantRealm.getUserStoreManager();
        }
        if (!manager.isExistingRole(role)) {
            if (log.isDebugEnabled()) {
                log.debug("Creating subscriber role: " + role);
            }
            Permission[] subscriberPermissions = new Permission[] { new Permission("/permission/admin/login", UserMgtConstants.EXECUTE_ACTION), new Permission(APIConstants.Permissions.API_SUBSCRIBE, UserMgtConstants.EXECUTE_ACTION) };
            String tenantAdminName = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getRealmConfiguration().getAdminUserName();
            String[] userList = new String[] { tenantAdminName };
            manager.addRole(role, userList, subscriberPermissions);
        }
    } catch (UserStoreException e) {
        throw new APIManagementException("Error while creating subscriber role: " + role + " - " + "Self registration might not function properly.", e);
    }
}
Also used : UserStoreManager(org.wso2.carbon.user.api.UserStoreManager) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) UserRealm(org.wso2.carbon.user.core.UserRealm) RealmService(org.wso2.carbon.user.core.service.RealmService) Permission(org.wso2.carbon.user.api.Permission) UserStoreException(org.wso2.carbon.user.api.UserStoreException)

Example 55 with UserRealm

use of org.wso2.carbon.user.core.UserRealm in project carbon-apimgt by wso2.

the class APIUtil method hasPermission.

/**
 * Checks whether the specified user has the specified permission.
 *
 * @param userNameWithoutChange A username
 * @param permission            A valid Carbon permission
 * @throws APIManagementException If the user does not have the specified permission or if an error occurs
 */
public static boolean hasPermission(String userNameWithoutChange, String permission) throws APIManagementException {
    boolean authorized = false;
    if (userNameWithoutChange == null) {
        throw new APIManagementException("Attempt to execute privileged operation as" + " the anonymous user");
    }
    if (isPermissionCheckDisabled()) {
        log.debug("Permission verification is disabled by APIStore configuration");
        authorized = true;
        return authorized;
    }
    if (APIConstants.Permissions.APIM_ADMIN.equals(permission)) {
        Integer value = getValueFromCache(APIConstants.API_PUBLISHER_ADMIN_PERMISSION_CACHE, userNameWithoutChange);
        if (value != null) {
            return value == 1;
        }
    }
    String tenantDomain = MultitenantUtils.getTenantDomain(userNameWithoutChange);
    PrivilegedCarbonContext.startTenantFlow();
    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
    try {
        int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
        if (!org.wso2.carbon.utils.multitenancy.MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
            org.wso2.carbon.user.api.AuthorizationManager manager = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getAuthorizationManager();
            authorized = manager.isUserAuthorized(MultitenantUtils.getTenantAwareUsername(userNameWithoutChange), permission, CarbonConstants.UI_PERMISSION_ACTION);
        } else {
            // store), the user realm will be null.
            if (ServiceReferenceHolder.getUserRealm() == null) {
                ServiceReferenceHolder.setUserRealm((UserRealm) ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId));
            }
            authorized = AuthorizationManager.getInstance().isUserAuthorized(MultitenantUtils.getTenantAwareUsername(userNameWithoutChange), permission);
        }
        if (APIConstants.Permissions.APIM_ADMIN.equals(permission)) {
            addToRolesCache(APIConstants.API_PUBLISHER_ADMIN_PERMISSION_CACHE, userNameWithoutChange, authorized ? 1 : 2);
        }
    } catch (UserStoreException e) {
        throw new APIManagementException("Error while checking the user:" + userNameWithoutChange + " authorized or not", e);
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
    }
    return authorized;
}
Also used : BigInteger(java.math.BigInteger) APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) UserStoreException(org.wso2.carbon.user.api.UserStoreException) Endpoint(org.wso2.carbon.governance.api.endpoints.dataobjects.Endpoint)

Aggregations

RealmService (org.wso2.carbon.user.core.service.RealmService)34 UserRealm (org.wso2.carbon.user.core.UserRealm)32 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)23 Test (org.junit.Test)21 UserRealm (org.wso2.carbon.user.api.UserRealm)20 UserStoreException (org.wso2.carbon.user.api.UserStoreException)18 TenantManager (org.wso2.carbon.user.core.tenant.TenantManager)15 ServiceReferenceHolder (org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder)14 UserStoreManager (org.wso2.carbon.user.core.UserStoreManager)13 UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)11 APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)10 RegistryService (org.wso2.carbon.registry.core.service.RegistryService)9 UserRegistry (org.wso2.carbon.registry.core.session.UserRegistry)9 UserStoreException (org.wso2.carbon.user.core.UserStoreException)7 PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)6 AuthenticationFailedException (org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException)6 APIManagerConfiguration (org.wso2.carbon.apimgt.impl.APIManagerConfiguration)5 RealmConfiguration (org.wso2.carbon.user.api.RealmConfiguration)5 Matchers.anyString (org.mockito.Matchers.anyString)4 Organization (org.wso2.carbon.apimgt.persistence.dto.Organization)4