Search in sources :

Example 1 with OperationalCondition

use of org.wso2.carbon.user.core.model.OperationalCondition in project identity-governance by wso2-extensions.

the class IdentityStoreEventListener method extractIdentityClaimFilterConditions.

private void extractIdentityClaimFilterConditions(Condition condition, List<ExpressionCondition> expressionConditions) {
    if (condition instanceof ExpressionCondition) {
        ExpressionCondition expressionCondition = (ExpressionCondition) condition;
        String claimUri = expressionCondition.getAttributeName();
        if (claimUri.contains(UserCoreConstants.ClaimTypeURIs.IDENTITY_CLAIM_URI)) {
            ExpressionCondition expressionConditionWithIdentityClaimFilter = new ExpressionCondition(expressionCondition.getOperation(), expressionCondition.getAttributeName(), expressionCondition.getAttributeValue());
            // Adding a copy of expression condition.
            expressionConditions.add(expressionConditionWithIdentityClaimFilter);
            // Remove expression conditions with identity claims from the condition.
            expressionCondition.setAttributeName(null);
            expressionCondition.setAttributeValue(null);
            expressionCondition.setOperation(null);
        }
    } else if (condition instanceof OperationalCondition) {
        Condition leftCondition = ((OperationalCondition) condition).getLeftCondition();
        extractIdentityClaimFilterConditions(leftCondition, expressionConditions);
        Condition rightCondition = ((OperationalCondition) condition).getRightCondition();
        extractIdentityClaimFilterConditions(rightCondition, expressionConditions);
    }
}
Also used : ExpressionCondition(org.wso2.carbon.user.core.model.ExpressionCondition) OperationalCondition(org.wso2.carbon.user.core.model.OperationalCondition) Condition(org.wso2.carbon.user.core.model.Condition) ExpressionCondition(org.wso2.carbon.user.core.model.ExpressionCondition) OperationalCondition(org.wso2.carbon.user.core.model.OperationalCondition)

Example 2 with OperationalCondition

use of org.wso2.carbon.user.core.model.OperationalCondition in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMGroupResolver method listGroups.

@Override
public boolean listGroups(Condition condition, int limit, int offset, String domain, String sortBy, String sortOrder, List<Group> groupsList, UserStoreManager userStoreManager) throws UserStoreException {
    int tenantId = userStoreManager.getTenantId();
    AbstractUserStoreManager abstractUserStoreManager = ((AbstractUserStoreManager) userStoreManager);
    boolean isGroupIdEnabled = abstractUserStoreManager.isUniqueGroupIdEnabled();
    /*
         * isGroupIdEnabled equal to false indicates that the given userstore only support the legacy behaviour. In
         * that case we need to support getting group details from IDN_SCIM_GROUP table.
         */
    if (isGroupIdEnabled) {
        if (log.isDebugEnabled()) {
            log.debug(String.format("SCIMGroupResolver will not be executed for userstore: %s in " + "tenant %s since group id support is available in the userstore manager", abstractUserStoreManager.getRealmConfiguration().getRealmProperty(PROPERTY_DOMAIN_NAME), tenantId));
        }
        return true;
    }
    /*
         * Following fill be executed for backward compatible userstores. Those userstores did not have multi
         * attribute filtering. Therefore, we do not need to provide support for that.
         */
    if (condition instanceof OperationalCondition) {
        throw new UserStoreException("OperationalCondition filtering is not supported by userstore: " + userStoreManager.getClass());
    }
    ExpressionCondition expressionCondition = (ExpressionCondition) condition;
    String attributeName = resolveGroupAttributeWithSCIMSchema(expressionCondition.getAttributeName(), tenantId);
    String attributeValue = buildSearchAttributeValue(attributeName, expressionCondition.getOperation(), expressionCondition.getAttributeValue(), SQL_FILTERING_DELIMITER);
    GroupDAO groupDAO = new GroupDAO();
    try {
        String[] groupNames = groupDAO.getGroupNameList(attributeName, attributeValue, tenantId, domain);
        if (ArrayUtils.isEmpty(groupNames)) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("No groups found for the filter in userstore: %s in tenant: %s", domain, tenantId));
            }
            return true;
        }
        // Get details of the groups.
        for (String groupName : groupNames) {
            Map<String, String> attributes = groupDAO.getSCIMGroupAttributes(tenantId, groupName);
            String groupId = attributes.get(SCIMConstants.CommonSchemaConstants.ID_URI);
            String domainName = UserCoreUtil.extractDomainFromName(groupName);
            Group group = new Group(groupId, resolveGroupName(groupName, domainName));
            for (Map.Entry<String, String> entry : attributes.entrySet()) {
                if (SCIMConstants.CommonSchemaConstants.CREATED_URI.equals(entry.getKey())) {
                    group.setCreatedDate(entry.getValue());
                } else if (SCIMConstants.CommonSchemaConstants.LAST_MODIFIED_URI.equals(entry.getKey())) {
                    group.setLastModifiedDate(entry.getValue());
                } else if (SCIMConstants.CommonSchemaConstants.LOCATION_URI.equals(entry.getKey())) {
                    group.setLocation(SCIMCommonUtils.getSCIMGroupURL(groupId));
                }
            }
            group.setDisplayName(UserCoreUtil.removeDomainFromName(groupName));
            group.setUserStoreDomain(domainName);
            groupsList.add(group);
        }
    } catch (IdentitySCIMException e) {
        throw new UserStoreException(String.format("Error occurred while getting the group list in userstore: %s " + "in tenant: %s", domain, tenantId), e);
    }
    return true;
}
Also used : Group(org.wso2.carbon.user.core.common.Group) IdentitySCIMException(org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException) ExpressionCondition(org.wso2.carbon.user.core.model.ExpressionCondition) OperationalCondition(org.wso2.carbon.user.core.model.OperationalCondition) UserStoreException(org.wso2.carbon.user.core.UserStoreException) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) GroupDAO(org.wso2.carbon.identity.scim2.common.DAO.GroupDAO) Map(java.util.Map)

Example 3 with OperationalCondition

use of org.wso2.carbon.user.core.model.OperationalCondition in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMUserManager method getCondition.

/**
 * Generate condition tree for given filters.
 *
 * @param node       Filter condition tree.
 * @param attributes User attributes.
 * @return Validated filter condition tree.
 * @throws CharonException
 */
private Condition getCondition(Node node, Map<String, String> attributes) throws CharonException {
    if (node instanceof ExpressionNode) {
        String operation = ((ExpressionNode) node).getOperation();
        String attributeName = ((ExpressionNode) node).getAttributeValue();
        String attributeValue = ((ExpressionNode) node).getValue();
        try {
            /* If primary login identifier feature is enabled, the username uri should be replaced with
                appropriate scim attribute of the primary login identifier claim. */
            if (SCIMConstants.UserSchemaConstants.USER_NAME_URI.equals(attributeName) && isLoginIdentifiersEnabled() && StringUtils.isNotBlank(getPrimaryLoginIdentifierClaim())) {
                attributeName = getScimUriForPrimaryLoginIdentifier(node);
            }
        } catch (org.wso2.carbon.user.core.UserStoreException e) {
            throw new CharonException("Error in retrieving scim to local mappings.", e);
        }
        String conditionOperation;
        String conditionAttributeName;
        if (SCIMCommonConstants.EQ.equals(operation)) {
            conditionOperation = ExpressionOperation.EQ.toString();
        } else if (SCIMCommonConstants.SW.equals(operation)) {
            conditionOperation = ExpressionOperation.SW.toString();
        } else if (SCIMCommonConstants.EW.equals(operation)) {
            conditionOperation = ExpressionOperation.EW.toString();
        } else if (SCIMCommonConstants.CO.equals(operation)) {
            conditionOperation = ExpressionOperation.CO.toString();
        } else if (SCIMCommonConstants.GE.equals(operation)) {
            conditionOperation = ExpressionOperation.GE.toString();
        } else if (SCIMCommonConstants.LE.equals(operation)) {
            conditionOperation = ExpressionOperation.LE.toString();
        } else {
            conditionOperation = operation;
        }
        if (SCIMConstants.UserSchemaConstants.GROUP_URI.equals(attributeName)) {
            conditionAttributeName = ExpressionAttribute.ROLE.toString();
        } else if (SCIMConstants.UserSchemaConstants.USER_NAME_URI.equals(attributeName)) {
            conditionAttributeName = ExpressionAttribute.USERNAME.toString();
        } else if (attributes != null && attributes.get(attributeName) != null) {
            conditionAttributeName = attributes.get(attributeName);
        } else {
            throw new CharonException("Unsupported attribute: " + attributeName);
        }
        return new ExpressionCondition(conditionOperation, conditionAttributeName, attributeValue);
    } else if (node instanceof OperationNode) {
        Condition leftCondition = getCondition(node.getLeftNode(), attributes);
        Condition rightCondition = getCondition(node.getRightNode(), attributes);
        String operation = ((OperationNode) node).getOperation();
        if (OperationalOperation.AND.toString().equalsIgnoreCase(operation)) {
            return new OperationalCondition(OperationalOperation.AND.toString(), leftCondition, rightCondition);
        } else {
            throw new CharonException("Unsupported Operation: " + operation);
        }
    } else {
        throw new CharonException("Unsupported Operation");
    }
}
Also used : ExpressionCondition(org.wso2.carbon.user.core.model.ExpressionCondition) OperationalCondition(org.wso2.carbon.user.core.model.OperationalCondition) ExpressionCondition(org.wso2.carbon.user.core.model.ExpressionCondition) Condition(org.wso2.carbon.user.core.model.Condition) OperationNode(org.wso2.charon3.core.utils.codeutils.OperationNode) OperationalCondition(org.wso2.carbon.user.core.model.OperationalCondition) ExpressionNode(org.wso2.charon3.core.utils.codeutils.ExpressionNode) CharonException(org.wso2.charon3.core.exceptions.CharonException)

Example 4 with OperationalCondition

use of org.wso2.carbon.user.core.model.OperationalCondition in project identity-governance by wso2-extensions.

the class IdentityStoreEventListener method filterUsers.

/**
 * Recursively search within the condition for expression conditions that contain identity claims and filter users
 * matched with each such claims. After filtering users for each claim, the common set of users will be retained in
 * the final user list to be returned.
 *
 * @param condition            Condition to be considered for filtering.
 * @param userManager          UserStoreManager.
 * @param domain               User store domain.
 * @param filteredUserNameList Username list to be returned from the listener.
 * @param isFirstClaimFilter   Whether this is the first claim being filtered. This is used to decide whether to
 *                             add or retain username list to the final username list.
 * @throws UserStoreException
 */
private void filterUsers(Condition condition, UserStoreManager userManager, String domain, List<String> filteredUserNameList, MutableBoolean isFirstClaimFilter) throws UserStoreException {
    if (condition instanceof ExpressionCondition) {
        ExpressionCondition expressionCondition = (ExpressionCondition) condition;
        String claimUri = expressionCondition.getAttributeName();
        if (claimUri.contains(UserCoreConstants.ClaimTypeURIs.IDENTITY_CLAIM_URI)) {
            String claimValue = expressionCondition.getAttributeValue();
            try {
                List<String> usernames = identityDataStore.list(claimUri, getClaimValueForOperation(expressionCondition.getOperation(), claimValue), userManager);
                updateUserList(usernames, filteredUserNameList, domain, isFirstClaimFilter);
                if (log.isDebugEnabled()) {
                    log.debug("Retrieved " + usernames.size() + " users for claim: " + claimUri);
                }
            } catch (IdentityException e) {
                throw new UserStoreException("Error while listing the users for given claim: " + claimUri, e);
            }
            // Remove expression conditions with identity claims from the condition.
            ((ExpressionCondition) condition).setAttributeName(null);
            ((ExpressionCondition) condition).setAttributeValue(null);
            ((ExpressionCondition) condition).setOperation(null);
        }
    } else if (condition instanceof OperationalCondition) {
        Condition leftCondition = ((OperationalCondition) condition).getLeftCondition();
        filterUsers(leftCondition, userManager, domain, filteredUserNameList, isFirstClaimFilter);
        Condition rightCondition = ((OperationalCondition) condition).getRightCondition();
        filterUsers(rightCondition, userManager, domain, filteredUserNameList, isFirstClaimFilter);
    }
}
Also used : ExpressionCondition(org.wso2.carbon.user.core.model.ExpressionCondition) OperationalCondition(org.wso2.carbon.user.core.model.OperationalCondition) Condition(org.wso2.carbon.user.core.model.Condition) ExpressionCondition(org.wso2.carbon.user.core.model.ExpressionCondition) OperationalCondition(org.wso2.carbon.user.core.model.OperationalCondition) UserStoreException(org.wso2.carbon.user.core.UserStoreException) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Aggregations

ExpressionCondition (org.wso2.carbon.user.core.model.ExpressionCondition)4 OperationalCondition (org.wso2.carbon.user.core.model.OperationalCondition)4 Condition (org.wso2.carbon.user.core.model.Condition)3 UserStoreException (org.wso2.carbon.user.core.UserStoreException)2 Map (java.util.Map)1 IdentityException (org.wso2.carbon.identity.base.IdentityException)1 GroupDAO (org.wso2.carbon.identity.scim2.common.DAO.GroupDAO)1 IdentitySCIMException (org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException)1 AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)1 Group (org.wso2.carbon.user.core.common.Group)1 CharonException (org.wso2.charon3.core.exceptions.CharonException)1 ExpressionNode (org.wso2.charon3.core.utils.codeutils.ExpressionNode)1 OperationNode (org.wso2.charon3.core.utils.codeutils.OperationNode)1