use of org.wso2.carbon.user.core.model.OperationalCondition in project identity-governance by wso2-extensions.
the class IdentityStoreEventListener method extractIdentityClaimFilterConditions.
private void extractIdentityClaimFilterConditions(Condition condition, List<ExpressionCondition> expressionConditions) {
if (condition instanceof ExpressionCondition) {
ExpressionCondition expressionCondition = (ExpressionCondition) condition;
String claimUri = expressionCondition.getAttributeName();
if (claimUri.contains(UserCoreConstants.ClaimTypeURIs.IDENTITY_CLAIM_URI)) {
ExpressionCondition expressionConditionWithIdentityClaimFilter = new ExpressionCondition(expressionCondition.getOperation(), expressionCondition.getAttributeName(), expressionCondition.getAttributeValue());
// Adding a copy of expression condition.
expressionConditions.add(expressionConditionWithIdentityClaimFilter);
// Remove expression conditions with identity claims from the condition.
expressionCondition.setAttributeName(null);
expressionCondition.setAttributeValue(null);
expressionCondition.setOperation(null);
}
} else if (condition instanceof OperationalCondition) {
Condition leftCondition = ((OperationalCondition) condition).getLeftCondition();
extractIdentityClaimFilterConditions(leftCondition, expressionConditions);
Condition rightCondition = ((OperationalCondition) condition).getRightCondition();
extractIdentityClaimFilterConditions(rightCondition, expressionConditions);
}
}
use of org.wso2.carbon.user.core.model.OperationalCondition in project identity-inbound-provisioning-scim2 by wso2-extensions.
the class SCIMGroupResolver method listGroups.
@Override
public boolean listGroups(Condition condition, int limit, int offset, String domain, String sortBy, String sortOrder, List<Group> groupsList, UserStoreManager userStoreManager) throws UserStoreException {
int tenantId = userStoreManager.getTenantId();
AbstractUserStoreManager abstractUserStoreManager = ((AbstractUserStoreManager) userStoreManager);
boolean isGroupIdEnabled = abstractUserStoreManager.isUniqueGroupIdEnabled();
/*
* isGroupIdEnabled equal to false indicates that the given userstore only support the legacy behaviour. In
* that case we need to support getting group details from IDN_SCIM_GROUP table.
*/
if (isGroupIdEnabled) {
if (log.isDebugEnabled()) {
log.debug(String.format("SCIMGroupResolver will not be executed for userstore: %s in " + "tenant %s since group id support is available in the userstore manager", abstractUserStoreManager.getRealmConfiguration().getRealmProperty(PROPERTY_DOMAIN_NAME), tenantId));
}
return true;
}
/*
* Following fill be executed for backward compatible userstores. Those userstores did not have multi
* attribute filtering. Therefore, we do not need to provide support for that.
*/
if (condition instanceof OperationalCondition) {
throw new UserStoreException("OperationalCondition filtering is not supported by userstore: " + userStoreManager.getClass());
}
ExpressionCondition expressionCondition = (ExpressionCondition) condition;
String attributeName = resolveGroupAttributeWithSCIMSchema(expressionCondition.getAttributeName(), tenantId);
String attributeValue = buildSearchAttributeValue(attributeName, expressionCondition.getOperation(), expressionCondition.getAttributeValue(), SQL_FILTERING_DELIMITER);
GroupDAO groupDAO = new GroupDAO();
try {
String[] groupNames = groupDAO.getGroupNameList(attributeName, attributeValue, tenantId, domain);
if (ArrayUtils.isEmpty(groupNames)) {
if (log.isDebugEnabled()) {
log.debug(String.format("No groups found for the filter in userstore: %s in tenant: %s", domain, tenantId));
}
return true;
}
// Get details of the groups.
for (String groupName : groupNames) {
Map<String, String> attributes = groupDAO.getSCIMGroupAttributes(tenantId, groupName);
String groupId = attributes.get(SCIMConstants.CommonSchemaConstants.ID_URI);
String domainName = UserCoreUtil.extractDomainFromName(groupName);
Group group = new Group(groupId, resolveGroupName(groupName, domainName));
for (Map.Entry<String, String> entry : attributes.entrySet()) {
if (SCIMConstants.CommonSchemaConstants.CREATED_URI.equals(entry.getKey())) {
group.setCreatedDate(entry.getValue());
} else if (SCIMConstants.CommonSchemaConstants.LAST_MODIFIED_URI.equals(entry.getKey())) {
group.setLastModifiedDate(entry.getValue());
} else if (SCIMConstants.CommonSchemaConstants.LOCATION_URI.equals(entry.getKey())) {
group.setLocation(SCIMCommonUtils.getSCIMGroupURL(groupId));
}
}
group.setDisplayName(UserCoreUtil.removeDomainFromName(groupName));
group.setUserStoreDomain(domainName);
groupsList.add(group);
}
} catch (IdentitySCIMException e) {
throw new UserStoreException(String.format("Error occurred while getting the group list in userstore: %s " + "in tenant: %s", domain, tenantId), e);
}
return true;
}
use of org.wso2.carbon.user.core.model.OperationalCondition in project identity-inbound-provisioning-scim2 by wso2-extensions.
the class SCIMUserManager method getCondition.
/**
* Generate condition tree for given filters.
*
* @param node Filter condition tree.
* @param attributes User attributes.
* @return Validated filter condition tree.
* @throws CharonException
*/
private Condition getCondition(Node node, Map<String, String> attributes) throws CharonException {
if (node instanceof ExpressionNode) {
String operation = ((ExpressionNode) node).getOperation();
String attributeName = ((ExpressionNode) node).getAttributeValue();
String attributeValue = ((ExpressionNode) node).getValue();
try {
/* If primary login identifier feature is enabled, the username uri should be replaced with
appropriate scim attribute of the primary login identifier claim. */
if (SCIMConstants.UserSchemaConstants.USER_NAME_URI.equals(attributeName) && isLoginIdentifiersEnabled() && StringUtils.isNotBlank(getPrimaryLoginIdentifierClaim())) {
attributeName = getScimUriForPrimaryLoginIdentifier(node);
}
} catch (org.wso2.carbon.user.core.UserStoreException e) {
throw new CharonException("Error in retrieving scim to local mappings.", e);
}
String conditionOperation;
String conditionAttributeName;
if (SCIMCommonConstants.EQ.equals(operation)) {
conditionOperation = ExpressionOperation.EQ.toString();
} else if (SCIMCommonConstants.SW.equals(operation)) {
conditionOperation = ExpressionOperation.SW.toString();
} else if (SCIMCommonConstants.EW.equals(operation)) {
conditionOperation = ExpressionOperation.EW.toString();
} else if (SCIMCommonConstants.CO.equals(operation)) {
conditionOperation = ExpressionOperation.CO.toString();
} else if (SCIMCommonConstants.GE.equals(operation)) {
conditionOperation = ExpressionOperation.GE.toString();
} else if (SCIMCommonConstants.LE.equals(operation)) {
conditionOperation = ExpressionOperation.LE.toString();
} else {
conditionOperation = operation;
}
if (SCIMConstants.UserSchemaConstants.GROUP_URI.equals(attributeName)) {
conditionAttributeName = ExpressionAttribute.ROLE.toString();
} else if (SCIMConstants.UserSchemaConstants.USER_NAME_URI.equals(attributeName)) {
conditionAttributeName = ExpressionAttribute.USERNAME.toString();
} else if (attributes != null && attributes.get(attributeName) != null) {
conditionAttributeName = attributes.get(attributeName);
} else {
throw new CharonException("Unsupported attribute: " + attributeName);
}
return new ExpressionCondition(conditionOperation, conditionAttributeName, attributeValue);
} else if (node instanceof OperationNode) {
Condition leftCondition = getCondition(node.getLeftNode(), attributes);
Condition rightCondition = getCondition(node.getRightNode(), attributes);
String operation = ((OperationNode) node).getOperation();
if (OperationalOperation.AND.toString().equalsIgnoreCase(operation)) {
return new OperationalCondition(OperationalOperation.AND.toString(), leftCondition, rightCondition);
} else {
throw new CharonException("Unsupported Operation: " + operation);
}
} else {
throw new CharonException("Unsupported Operation");
}
}
use of org.wso2.carbon.user.core.model.OperationalCondition in project identity-governance by wso2-extensions.
the class IdentityStoreEventListener method filterUsers.
/**
* Recursively search within the condition for expression conditions that contain identity claims and filter users
* matched with each such claims. After filtering users for each claim, the common set of users will be retained in
* the final user list to be returned.
*
* @param condition Condition to be considered for filtering.
* @param userManager UserStoreManager.
* @param domain User store domain.
* @param filteredUserNameList Username list to be returned from the listener.
* @param isFirstClaimFilter Whether this is the first claim being filtered. This is used to decide whether to
* add or retain username list to the final username list.
* @throws UserStoreException
*/
private void filterUsers(Condition condition, UserStoreManager userManager, String domain, List<String> filteredUserNameList, MutableBoolean isFirstClaimFilter) throws UserStoreException {
if (condition instanceof ExpressionCondition) {
ExpressionCondition expressionCondition = (ExpressionCondition) condition;
String claimUri = expressionCondition.getAttributeName();
if (claimUri.contains(UserCoreConstants.ClaimTypeURIs.IDENTITY_CLAIM_URI)) {
String claimValue = expressionCondition.getAttributeValue();
try {
List<String> usernames = identityDataStore.list(claimUri, getClaimValueForOperation(expressionCondition.getOperation(), claimValue), userManager);
updateUserList(usernames, filteredUserNameList, domain, isFirstClaimFilter);
if (log.isDebugEnabled()) {
log.debug("Retrieved " + usernames.size() + " users for claim: " + claimUri);
}
} catch (IdentityException e) {
throw new UserStoreException("Error while listing the users for given claim: " + claimUri, e);
}
// Remove expression conditions with identity claims from the condition.
((ExpressionCondition) condition).setAttributeName(null);
((ExpressionCondition) condition).setAttributeValue(null);
((ExpressionCondition) condition).setOperation(null);
}
} else if (condition instanceof OperationalCondition) {
Condition leftCondition = ((OperationalCondition) condition).getLeftCondition();
filterUsers(leftCondition, userManager, domain, filteredUserNameList, isFirstClaimFilter);
Condition rightCondition = ((OperationalCondition) condition).getRightCondition();
filterUsers(rightCondition, userManager, domain, filteredUserNameList, isFirstClaimFilter);
}
}
Aggregations