Examples with ExpressionCondition org.wso2.carbon.user.core.model.ExpressionCondition used on opensource projects

Example 1 with ExpressionCondition

use of org.wso2.carbon.user.core.model.ExpressionCondition in project identity-governance by wso2-extensions.

the class JDBCIdentityDataStore method listPaginatedUsersNames.

@Override
public List<String> listPaginatedUsersNames(List<ExpressionCondition> identityClaimFilterExpressionConditions, List<String> identityClaimFilteredUserNames, String domain, org.wso2.carbon.user.core.UserStoreManager userStoreManager, int limit, int offset) throws IdentityException {
    try {
        int tenantId = userStoreManager.getTenantId();
        try (Connection connection = IdentityDatabaseUtil.getDBConnection()) {
            // Based on the DB Type might need to extend support.
            String dBType = DatabaseCreator.getDatabaseType(connection);
            // To handle the offset being one leads to null response
            if (offset <= 0) {
                offset = 0;
            } else {
                offset = offset - 1;
            }
            SqlBuilder sqlBuilder = getQueryString(identityClaimFilterExpressionConditions, limit, offset, domain, tenantId, dBType);
            String fullQuery = sqlBuilder.getQuery();
            int startIndex = 0;
            int endIndex = 0;
            int occurrence = StringUtils.countMatches(fullQuery, QUERY_BINDING_SYMBOL);
            endIndex = endIndex + occurrence;
            try (PreparedStatement preparedStatement = connection.prepareStatement(fullQuery)) {
                populatePrepareStatement(sqlBuilder, preparedStatement, startIndex, endIndex);
                try (ResultSet resultSet = preparedStatement.executeQuery()) {
                    while (resultSet.next()) {
                        identityClaimFilteredUserNames.add(resultSet.getString("USER_NAME"));
                    }
                    IdentityDatabaseUtil.commitTransaction(connection);
                } catch (SQLException e) {
                    if (log.isDebugEnabled()) {
                        log.debug("Error occurred while retrieving users from Identity Store for " + domain + "with limit " + limit + "and offset " + offset, e);
                    }
                    IdentityDatabaseUtil.rollbackTransaction(connection);
                }
            } catch (SQLException e) {
                throw new IdentityException("Error occurred while retrieving users from Identity Store.", e);
            }
            return identityClaimFilteredUserNames;
        } catch (Exception e) {
            throw new IdentityException("Error occurred while retrieving users from Identity Store.", e);
        }
    } catch (org.wso2.carbon.user.core.UserStoreException e) {
        throw new IdentityException("Error occurred while retrieving users.", e);
    }
}

Example 2 with ExpressionCondition

use of org.wso2.carbon.user.core.model.ExpressionCondition in project identity-governance by wso2-extensions.

the class IdentityStoreEventListener method extractIdentityClaimFilterConditions.

private void extractIdentityClaimFilterConditions(Condition condition, List<ExpressionCondition> expressionConditions) {
    if (condition instanceof ExpressionCondition) {
        ExpressionCondition expressionCondition = (ExpressionCondition) condition;
        String claimUri = expressionCondition.getAttributeName();
        if (claimUri.contains(UserCoreConstants.ClaimTypeURIs.IDENTITY_CLAIM_URI)) {
            ExpressionCondition expressionConditionWithIdentityClaimFilter = new ExpressionCondition(expressionCondition.getOperation(), expressionCondition.getAttributeName(), expressionCondition.getAttributeValue());
            // Adding a copy of expression condition.
            expressionConditions.add(expressionConditionWithIdentityClaimFilter);
            // Remove expression conditions with identity claims from the condition.
            expressionCondition.setAttributeName(null);
            expressionCondition.setAttributeValue(null);
            expressionCondition.setOperation(null);
        }
    } else if (condition instanceof OperationalCondition) {
        Condition leftCondition = ((OperationalCondition) condition).getLeftCondition();
        extractIdentityClaimFilterConditions(leftCondition, expressionConditions);
        Condition rightCondition = ((OperationalCondition) condition).getRightCondition();
        extractIdentityClaimFilterConditions(rightCondition, expressionConditions);
    }
}

Example 3 with ExpressionCondition

use of org.wso2.carbon.user.core.model.ExpressionCondition in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMGroupResolver method listGroups.

@Override
public boolean listGroups(Condition condition, int limit, int offset, String domain, String sortBy, String sortOrder, List<Group> groupsList, UserStoreManager userStoreManager) throws UserStoreException {
    int tenantId = userStoreManager.getTenantId();
    AbstractUserStoreManager abstractUserStoreManager = ((AbstractUserStoreManager) userStoreManager);
    boolean isGroupIdEnabled = abstractUserStoreManager.isUniqueGroupIdEnabled();
    /*
         * isGroupIdEnabled equal to false indicates that the given userstore only support the legacy behaviour. In
         * that case we need to support getting group details from IDN_SCIM_GROUP table.
         */
    if (isGroupIdEnabled) {
        if (log.isDebugEnabled()) {
            log.debug(String.format("SCIMGroupResolver will not be executed for userstore: %s in " + "tenant %s since group id support is available in the userstore manager", abstractUserStoreManager.getRealmConfiguration().getRealmProperty(PROPERTY_DOMAIN_NAME), tenantId));
        }
        return true;
    }
    /*
         * Following fill be executed for backward compatible userstores. Those userstores did not have multi
         * attribute filtering. Therefore, we do not need to provide support for that.
         */
    if (condition instanceof OperationalCondition) {
        throw new UserStoreException("OperationalCondition filtering is not supported by userstore: " + userStoreManager.getClass());
    }
    ExpressionCondition expressionCondition = (ExpressionCondition) condition;
    String attributeName = resolveGroupAttributeWithSCIMSchema(expressionCondition.getAttributeName(), tenantId);
    String attributeValue = buildSearchAttributeValue(attributeName, expressionCondition.getOperation(), expressionCondition.getAttributeValue(), SQL_FILTERING_DELIMITER);
    GroupDAO groupDAO = new GroupDAO();
    try {
        String[] groupNames = groupDAO.getGroupNameList(attributeName, attributeValue, tenantId, domain);
        if (ArrayUtils.isEmpty(groupNames)) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("No groups found for the filter in userstore: %s in tenant: %s", domain, tenantId));
            }
            return true;
        }
        // Get details of the groups.
        for (String groupName : groupNames) {
            Map<String, String> attributes = groupDAO.getSCIMGroupAttributes(tenantId, groupName);
            String groupId = attributes.get(SCIMConstants.CommonSchemaConstants.ID_URI);
            String domainName = UserCoreUtil.extractDomainFromName(groupName);
            Group group = new Group(groupId, resolveGroupName(groupName, domainName));
            for (Map.Entry<String, String> entry : attributes.entrySet()) {
                if (SCIMConstants.CommonSchemaConstants.CREATED_URI.equals(entry.getKey())) {
                    group.setCreatedDate(entry.getValue());
                } else if (SCIMConstants.CommonSchemaConstants.LAST_MODIFIED_URI.equals(entry.getKey())) {
                    group.setLastModifiedDate(entry.getValue());
                } else if (SCIMConstants.CommonSchemaConstants.LOCATION_URI.equals(entry.getKey())) {
                    group.setLocation(SCIMCommonUtils.getSCIMGroupURL(groupId));
                }
            }
            group.setDisplayName(UserCoreUtil.removeDomainFromName(groupName));
            group.setUserStoreDomain(domainName);
            groupsList.add(group);
        }
    } catch (IdentitySCIMException e) {
        throw new UserStoreException(String.format("Error occurred while getting the group list in userstore: %s " + "in tenant: %s", domain, tenantId), e);
    }
    return true;
}

Example 4 with ExpressionCondition

use of org.wso2.carbon.user.core.model.ExpressionCondition in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMUserManager method listUsernamesAcrossAllDomains.

/**
 * Method to list paginated usernames from all user stores using new APIs.
 *
 * @param offset    Starting index of the count
 * @param limit     Counting value
 * @param sortBy    SortBy
 * @param sortOrder Sorting order
 * @return Paginated usernames list
 * @throws CharonException Pagination not support
 * @throws BadRequestException
 */
private Set<org.wso2.carbon.user.core.common.User> listUsernamesAcrossAllDomains(int offset, int limit, String sortBy, String sortOrder) throws CharonException, BadRequestException {
    Set<org.wso2.carbon.user.core.common.User> users;
    if (isPaginatedUserStoreAvailable()) {
        if (limit == 0) {
            users = listUsernamesAcrossAllDomainsUsingLegacyAPIs();
            if (removeDuplicateUsersInUsersResponseEnabled) {
                users = new TreeSet<>(paginateUsers(users, limit, offset));
            } else {
                users = new LinkedHashSet<>(paginateUsers(users, limit, offset));
            }
        } else {
            ExpressionCondition condition = new ExpressionCondition(ExpressionOperation.SW.toString(), ExpressionAttribute.USERNAME.toString(), "");
            users = filterUsersFromMultipleDomains(null, offset, limit, sortBy, sortOrder, condition);
        }
    } else {
        if (log.isDebugEnabled()) {
            log.debug(" The user store is not a paginated user store manager. Therefore pagination " + "is not supported.");
        }
        throw new CharonException("Pagination is not supported.");
    }
    return users;
}

Example 5 with ExpressionCondition

use of org.wso2.carbon.user.core.model.ExpressionCondition in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMUserManager method getCondition.

/**
 * Generate condition tree for given filters.
 *
 * @param node       Filter condition tree.
 * @param attributes User attributes.
 * @return Validated filter condition tree.
 * @throws CharonException
 */
private Condition getCondition(Node node, Map<String, String> attributes) throws CharonException {
    if (node instanceof ExpressionNode) {
        String operation = ((ExpressionNode) node).getOperation();
        String attributeName = ((ExpressionNode) node).getAttributeValue();
        String attributeValue = ((ExpressionNode) node).getValue();
        try {
            /* If primary login identifier feature is enabled, the username uri should be replaced with
                appropriate scim attribute of the primary login identifier claim. */
            if (SCIMConstants.UserSchemaConstants.USER_NAME_URI.equals(attributeName) && isLoginIdentifiersEnabled() && StringUtils.isNotBlank(getPrimaryLoginIdentifierClaim())) {
                attributeName = getScimUriForPrimaryLoginIdentifier(node);
            }
        } catch (org.wso2.carbon.user.core.UserStoreException e) {
            throw new CharonException("Error in retrieving scim to local mappings.", e);
        }
        String conditionOperation;
        String conditionAttributeName;
        if (SCIMCommonConstants.EQ.equals(operation)) {
            conditionOperation = ExpressionOperation.EQ.toString();
        } else if (SCIMCommonConstants.SW.equals(operation)) {
            conditionOperation = ExpressionOperation.SW.toString();
        } else if (SCIMCommonConstants.EW.equals(operation)) {
            conditionOperation = ExpressionOperation.EW.toString();
        } else if (SCIMCommonConstants.CO.equals(operation)) {
            conditionOperation = ExpressionOperation.CO.toString();
        } else if (SCIMCommonConstants.GE.equals(operation)) {
            conditionOperation = ExpressionOperation.GE.toString();
        } else if (SCIMCommonConstants.LE.equals(operation)) {
            conditionOperation = ExpressionOperation.LE.toString();
        } else {
            conditionOperation = operation;
        }
        if (SCIMConstants.UserSchemaConstants.GROUP_URI.equals(attributeName)) {
            conditionAttributeName = ExpressionAttribute.ROLE.toString();
        } else if (SCIMConstants.UserSchemaConstants.USER_NAME_URI.equals(attributeName)) {
            conditionAttributeName = ExpressionAttribute.USERNAME.toString();
        } else if (attributes != null && attributes.get(attributeName) != null) {
            conditionAttributeName = attributes.get(attributeName);
        } else {
            throw new CharonException("Unsupported attribute: " + attributeName);
        }
        return new ExpressionCondition(conditionOperation, conditionAttributeName, attributeValue);
    } else if (node instanceof OperationNode) {
        Condition leftCondition = getCondition(node.getLeftNode(), attributes);
        Condition rightCondition = getCondition(node.getRightNode(), attributes);
        String operation = ((OperationNode) node).getOperation();
        if (OperationalOperation.AND.toString().equalsIgnoreCase(operation)) {
            return new OperationalCondition(OperationalOperation.AND.toString(), leftCondition, rightCondition);
        } else {
            throw new CharonException("Unsupported Operation: " + operation);
        }
    } else {
        throw new CharonException("Unsupported Operation");
    }
}