use of org.wso2.carbon.user.core.UserRealm in project jaggery by wso2.
the class RegistryHostObject method isAuthorized.
private boolean isAuthorized(UserRegistry registry, String resourcePath, String action) throws RegistryException {
UserRealm userRealm = registry.getUserRealm();
String userName = registry.getUserName();
try {
if (!userRealm.getAuthorizationManager().isUserAuthorized(userName, resourcePath, action)) {
return false;
}
} catch (UserStoreException e) {
throw new org.wso2.carbon.registry.core.exceptions.RegistryException("Error at Authorizing " + resourcePath + " with user " + userName + ":" + e.getMessage(), e);
}
return true;
}
use of org.wso2.carbon.user.core.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.
the class SMSOTPAuthenticator method checkWithBackUpCodes.
/**
* If user forgets the mobile, then user can use the back up codes to authenticate the user.
*
* @param context the AuthenticationContext
* @param userToken the userToken
* @param authenticatedUser the name of authenticatedUser
* @throws AuthenticationFailedException
*/
private void checkWithBackUpCodes(AuthenticationContext context, String userToken, AuthenticatedUser authenticatedUser) throws AuthenticationFailedException {
String savedOTPString = null;
String username = context.getProperty(SMSOTPConstants.USER_NAME).toString();
String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(username);
UserRealm userRealm = getUserRealm(username);
try {
if (userRealm != null) {
savedOTPString = userRealm.getUserStoreManager().getUserClaimValue(tenantAwareUsername, SMSOTPConstants.SAVED_OTP_LIST, null);
}
if (StringUtils.isEmpty(savedOTPString)) {
if (log.isDebugEnabled()) {
log.debug("The claim " + SMSOTPConstants.SAVED_OTP_LIST + " does not contain any values");
}
throw new AuthenticationFailedException("The claim " + SMSOTPConstants.SAVED_OTP_LIST + " does not contain any values");
} else if (savedOTPString.contains(userToken)) {
if (log.isDebugEnabled()) {
log.debug("Found saved backup SMS OTP for user :" + authenticatedUser);
}
context.setSubject(authenticatedUser);
savedOTPString = savedOTPString.replaceAll(userToken, "").replaceAll(",,", ",");
userRealm.getUserStoreManager().setUserClaimValue(tenantAwareUsername, SMSOTPConstants.SAVED_OTP_LIST, savedOTPString, null);
} else {
if (log.isDebugEnabled()) {
log.debug("User entered OTP :" + userToken + " does not match with any of the saved backup codes");
}
throw new AuthenticationFailedException("Verification Error due to Code " + userToken + " mismatch.");
}
} catch (UserStoreException e) {
throw new AuthenticationFailedException("Cannot find the user claim for OTP list for user : " + authenticatedUser, e);
}
}
use of org.wso2.carbon.user.core.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.
the class SMSOTPUtils method updateUserAttribute.
/**
* Update the mobile number (user attribute) in user's profile.
*
* @param username the Username
* @param attribute the Attribute
* @throws SMSOTPException
*/
public static void updateUserAttribute(String username, Map<String, String> attribute, String tenantDomain) throws SMSOTPException {
try {
// updating user attributes is independent from tenant association.not tenant association check needed here.
UserRealm userRealm;
// user is always in the super tenant.
userRealm = SMSOTPUtils.getUserRealm(tenantDomain);
if (userRealm == null) {
throw new SMSOTPException("The specified tenant domain " + tenantDomain + " does not exist.");
}
// check whether user already exists in the system.
SMSOTPUtils.verifyUserExists(username, tenantDomain);
UserStoreManager userStoreManager = userRealm.getUserStoreManager();
userStoreManager.setUserClaimValues(username, attribute, null);
} catch (UserStoreException | AuthenticationFailedException e) {
throw new SMSOTPException("Exception occurred while connecting to User Store: Authentication is failed. ", e);
}
}
use of org.wso2.carbon.user.core.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.
the class SMSOTPUtils method getUserRealm.
/**
* Get the user realm of the logged in user.
*
* @param tenantDomain the tenantDomain
* @return th user realm
* @throws AuthenticationFailedException
*/
public static UserRealm getUserRealm(String tenantDomain) throws AuthenticationFailedException {
UserRealm userRealm;
try {
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
RealmService realmService = IdentityTenantUtil.getRealmService();
userRealm = realmService.getTenantUserRealm(tenantId);
} catch (Exception e) {
throw new AuthenticationFailedException("Cannot find the user realm for the tenant domain " + tenantDomain, e);
}
return userRealm;
}
use of org.wso2.carbon.user.core.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.
the class SMSOTPUtils method isSMSOTPDisableForLocalUser.
/**
* Check whether SMSOTP is disable by user.
*
* @param username the Username
* @param context the AuthenticationContext
* @return true or false
* @throws SMSOTPException
*/
public static boolean isSMSOTPDisableForLocalUser(String username, AuthenticationContext context, String authenticatorName) throws SMSOTPException, AuthenticationFailedException {
UserRealm userRealm;
try {
String tenantDomain = MultitenantUtils.getTenantDomain(username);
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
RealmService realmService = IdentityTenantUtil.getRealmService();
userRealm = realmService.getTenantUserRealm(tenantId);
username = MultitenantUtils.getTenantAwareUsername(String.valueOf(username));
boolean isEnablingControlledByUser = isSMSOTPEnableOrDisableByUser(context, authenticatorName);
if (userRealm != null) {
if (isEnablingControlledByUser) {
Map<String, String> claimValues = userRealm.getUserStoreManager().getUserClaimValues(username, new String[] { SMSOTPConstants.USER_SMSOTP_DISABLED_CLAIM_URI }, null);
return Boolean.parseBoolean(claimValues.get(SMSOTPConstants.USER_SMSOTP_DISABLED_CLAIM_URI));
}
} else {
throw new SMSOTPException("Cannot find the user realm for the given tenant domain : " + CarbonContext.getThreadLocalCarbonContext().getTenantDomain());
}
} catch (UserStoreException e) {
throw new SMSOTPException("Failed while trying to access userRealm of the user : " + username, e);
}
return false;
}
Aggregations