use of org.wso2.carbon.user.core.model.UniqueIDUserClaimSearchEntry in project carbon-identity-framework by wso2.
the class IdentityUserIdResolverListener method doPostGetUsersClaimValues.
@Override
public boolean doPostGetUsersClaimValues(String[] userNames, String[] claims, String profileName, UserClaimSearchEntry[] userClaimSearchEntries, UserStoreManager userStoreManager) throws UserStoreException {
if (!isEnable()) {
return true;
}
List<String> userIDsList = ((AbstractUserStoreManager) userStoreManager).getUserIDsFromUserNames(Arrays.asList(getDomainLessNames(userNames)));
List<String> claimsList = Arrays.asList(claims);
List<UniqueIDUserClaimSearchEntry> uniqueIDUserClaimSearchEntriesList = ((AbstractUserStoreManager) userStoreManager).getUniqueIDUserClaimSearchEntries(userClaimSearchEntries);
for (UserOperationEventListener listener : getUserStoreManagerListeners()) {
if (isNotAResolverListener(listener)) {
if (!((UniqueIDUserOperationEventListener) listener).doPostGetUsersClaimValuesWithID(userIDsList, claimsList, profileName, uniqueIDUserClaimSearchEntriesList, userStoreManager)) {
return false;
}
}
}
return true;
}
use of org.wso2.carbon.user.core.model.UniqueIDUserClaimSearchEntry in project identity-inbound-provisioning-scim2 by wso2-extensions.
the class SCIMUserManager method getSCIMUsers.
/**
* get the specified user from the store
*
* @param users Set of users.
* @param claimURIList Requested claim list.
* @param scimToLocalClaimsMap SCIM to local claims mappings.
* @param requiredAttributes Attributes required.
* @return Array of SCIM User
* @throws CharonException CharonException
*/
private Set<User> getSCIMUsers(Set<org.wso2.carbon.user.core.common.User> users, List<String> claimURIList, Map<String, String> scimToLocalClaimsMap, Map<String, Boolean> requiredAttributes) throws CharonException {
List<User> scimUsers = new ArrayList<>();
// obtain user claim values
List<UniqueIDUserClaimSearchEntry> searchEntries;
Map<String, List<String>> usersRoles = new HashMap<>();
try {
searchEntries = carbonUM.getUsersClaimValuesWithID(users.stream().map(org.wso2.carbon.user.core.common.User::getUserID).collect(Collectors.toList()), claimURIList, null);
if (isGroupsAttributeRequired(requiredAttributes)) {
if (IdentityUtil.isGroupsVsRolesSeparationImprovementsEnabled()) {
usersRoles = searchEntries.stream().map(userClaimSearchEntry -> {
String userID = userClaimSearchEntry.getUser().getUserID();
List<String> groupsList = getGroups(userClaimSearchEntry);
return new AbstractMap.SimpleEntry<>(userID, groupsList);
}).collect(Collectors.toMap(AbstractMap.SimpleEntry::getKey, AbstractMap.SimpleEntry::getValue));
} else {
usersRoles = carbonUM.getRoleListOfUsersWithID(users.stream().map(org.wso2.carbon.user.core.common.User::getUserID).collect(Collectors.toList()));
}
}
} catch (org.wso2.carbon.user.core.UserStoreException e) {
String errorMsg = "Error occurred while retrieving SCIM user information";
throw resolveError(e, errorMsg);
}
Map<String, Group> groupMetaAttributesCache = new HashMap<>();
for (org.wso2.carbon.user.core.common.User user : users) {
String userStoreDomainName = user.getUserStoreDomain();
if (isSCIMEnabled(userStoreDomainName)) {
if (log.isDebugEnabled()) {
log.debug("SCIM is enabled for the user-store domain : " + userStoreDomainName + ". " + "Including user : " + user.getUsername() + " in the response.");
}
User scimUser;
Map<String, String> userClaimValues = new HashMap<>();
for (UniqueIDUserClaimSearchEntry entry : searchEntries) {
if (entry.getUser() != null && StringUtils.isNotBlank(entry.getUser().getUserID()) && entry.getUser().getUserID().equals(user.getUserID())) {
userClaimValues = entry.getClaims();
}
}
Map<String, String> attributes;
try {
attributes = SCIMCommonUtils.convertLocalToSCIMDialect(userClaimValues, scimToLocalClaimsMap);
} catch (UserStoreException e) {
throw resolveError(e, "Error in converting local claims to SCIM dialect for user: " + user.getUsername());
}
try {
if (!attributes.containsKey(SCIMConstants.CommonSchemaConstants.ID_URI)) {
if (log.isDebugEnabled()) {
log.debug(String.format("Skipping adding user %s with id %s as attribute %s is not " + "available.", user.getFullQualifiedUsername(), user.getUserID(), SCIMConstants.CommonSchemaConstants.ID_URI));
}
continue;
}
// skip simple type addresses claim because it is complex with sub types in the schema
if (attributes.containsKey(SCIMConstants.UserSchemaConstants.ADDRESSES_URI)) {
attributes.remove(SCIMConstants.UserSchemaConstants.ADDRESSES_URI);
}
if (IdentityUtil.isGroupsVsRolesSeparationImprovementsEnabled()) {
filterAttributes(attributes, Arrays.asList(SCIMConstants.UserSchemaConstants.ROLES_URI, SCIMConstants.UserSchemaConstants.GROUP_URI));
}
// Location URI is not available for users who created from the mgt console also location URI is not
// tenant aware, so need to update the location URI according to the tenant.
String locationURI = SCIMCommonUtils.getSCIMUserURL(attributes.get(SCIMConstants.CommonSchemaConstants.ID_URI));
attributes.put(SCIMConstants.CommonSchemaConstants.LOCATION_URI, locationURI);
if (!attributes.containsKey(SCIMConstants.CommonSchemaConstants.RESOURCE_TYPE_URI)) {
attributes.put(SCIMConstants.CommonSchemaConstants.RESOURCE_TYPE_URI, SCIMConstants.USER);
}
// Add username with domain name
if (mandateDomainForUsernamesAndGroupNamesInResponse()) {
setUserNameWithDomain(userClaimValues, attributes, user);
} else {
if (isLoginIdentifiersEnabled() && StringUtils.isNotBlank(getPrimaryLoginIdentifierClaim())) {
String primaryLoginIdentifier = userClaimValues.get(getPrimaryLoginIdentifierClaim());
if (StringUtils.isNotBlank(primaryLoginIdentifier)) {
attributes.put(SCIMConstants.UserSchemaConstants.USER_NAME_URI, primaryLoginIdentifier);
} else {
attributes.put(SCIMConstants.UserSchemaConstants.USER_NAME_URI, user.getDomainQualifiedUsername());
}
} else {
attributes.put(SCIMConstants.UserSchemaConstants.USER_NAME_URI, user.getDomainQualifiedUsername());
}
}
// construct the SCIM Object from the attributes
scimUser = (User) AttributeMapper.constructSCIMObjectFromAttributes(this, attributes, 1);
if (isGroupsAttributeRequired(requiredAttributes)) {
// Get groups of user and add it as groups attribute.
List<String> roleList = usersRoles.get(user.getUserID());
List<String> groupsList = new ArrayList<>();
if (isNotEmpty(roleList)) {
groupsList = new ArrayList<>(roleList);
} else {
if (log.isDebugEnabled()) {
log.debug(String.format("Roles not found for user %s with id %s .", user.getFullQualifiedUsername(), user.getUserID()));
}
}
if (!IdentityUtil.isGroupsVsRolesSeparationImprovementsEnabled()) {
if (carbonUM.isRoleAndGroupSeparationEnabled()) {
// Remove roles, if the role and group separation feature is enabled.
groupsList.removeIf(SCIMCommonUtils::isHybridRole);
} else {
checkForSCIMDisabledHybridRoles(groupsList);
}
}
for (String group : groupsList) {
if (UserCoreUtil.isEveryoneRole(group, carbonUM.getRealmConfiguration()) || CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME.equalsIgnoreCase(group)) {
// Carbon specific roles do not possess SCIM info, hence skipping them.
continue;
}
Group groupObject = groupMetaAttributesCache.get(group);
if (groupObject == null && !groupMetaAttributesCache.containsKey(group)) {
org.wso2.carbon.user.core.common.Group userGroup = carbonUM.getGroupByGroupName(UserCoreUtil.addDomainToName(group, userStoreDomainName), null);
groupObject = buildGroup(userGroup);
groupMetaAttributesCache.put(group, groupObject);
}
if (groupObject != null && isFilteringEnhancementsEnabled()) {
groupObject.setDisplayName(prependDomain(group));
}
if (groupObject != null) {
// Can be null for non SCIM groups.
scimUser.setGroup(null, groupObject);
}
}
}
// Set the roles attribute if the the role and group separation feature is enabled.
if (IdentityUtil.isGroupsVsRolesSeparationImprovementsEnabled()) {
List<String> rolesList = getRoles(searchEntries, user);
setRolesOfUser(rolesList, groupMetaAttributesCache, user, scimUser);
} else if (carbonUM.isRoleAndGroupSeparationEnabled()) {
List<String> rolesList = carbonUM.getHybridRoleListOfUser(user.getUsername(), user.getUserStoreDomain());
checkForSCIMDisabledHybridRoles(rolesList);
setRolesOfUser(rolesList, groupMetaAttributesCache, user, scimUser);
}
} catch (UserStoreException e) {
throw resolveError(e, "Error in getting user information for user: " + user.getUsername());
} catch (CharonException | NotFoundException | IdentitySCIMException | BadRequestException e) {
throw new CharonException("Error in getting user information for user: " + user.getUsername(), e);
}
if (scimUser != null) {
scimUsers.add(scimUser);
}
} else {
if (log.isDebugEnabled()) {
log.debug("SCIM is disabled for the user-store domain : " + userStoreDomainName + ". " + "Hence user : " + user.getUsername() + " in this domain is excluded in the response.");
}
}
}
if (removeDuplicateUsersInUsersResponseEnabled) {
TreeSet<User> scimUserSet = new TreeSet<>(Comparator.comparing(User::getUsername));
scimUserSet.addAll(scimUsers);
return scimUserSet;
}
Set<User> scimUserSet = new LinkedHashSet<>();
scimUserSet.addAll(scimUsers);
return scimUserSet;
}
use of org.wso2.carbon.user.core.model.UniqueIDUserClaimSearchEntry in project identity-inbound-provisioning-scim2 by wso2-extensions.
the class SCIMUserManager method getRoles.
private List<String> getRoles(List<UniqueIDUserClaimSearchEntry> searchEntries, org.wso2.carbon.user.core.common.User user) throws CharonException {
// Because user ID is a UUID there is only one match in the search entries, thus safe to use
// the `findAny` method with the advantage of a faster search time.
UniqueIDUserClaimSearchEntry searchEntry = searchEntries.stream().filter(entry -> entry.getUser().getUserID().equals(user.getUserID())).findAny().get();
String roles = searchEntry.getClaims().get(INTERNAL_ROLES_CLAIM);
List<String> rolesList = new ArrayList<>();
if (StringUtils.isNotBlank(roles)) {
String multivaluedAttributeSeparator = getMultivaluedAttributeSeparator(user.getUserStoreDomain());
rolesList = Arrays.asList(roles.split(multivaluedAttributeSeparator));
checkForSCIMDisabledHybridRoles(rolesList);
}
return rolesList;
}
use of org.wso2.carbon.user.core.model.UniqueIDUserClaimSearchEntry in project carbon-identity-framework by wso2.
the class IdentityUserNameResolverListener method doPostGetUsersClaimValuesWithID.
@Override
public boolean doPostGetUsersClaimValuesWithID(List<String> userIDs, List<String> claims, String profileName, List<UniqueIDUserClaimSearchEntry> uniqueIDUserClaimSearchEntries, UserStoreManager userStoreManager) throws UserStoreException {
if (!isEnable()) {
return true;
}
List<String> userNamesList = ((AbstractUserStoreManager) userStoreManager).getUserNamesFromUserIDs(userIDs);
String[] userNames = userNamesList.toArray(new String[0]);
List<UserClaimSearchEntry> userClaimSearchEntries = ((AbstractUserStoreManager) userStoreManager).getUserClaimSearchEntries(uniqueIDUserClaimSearchEntries);
for (UserOperationEventListener listener : getUserStoreManagerListeners()) {
if (isNotAResolverListener(listener)) {
if (!listener.doPostGetUsersClaimValues(userNames, claims.toArray(new String[0]), profileName, userClaimSearchEntries.toArray(new UserClaimSearchEntry[0]))) {
return false;
}
}
}
return true;
}
use of org.wso2.carbon.user.core.model.UniqueIDUserClaimSearchEntry in project product-is by wso2.
the class UUIDUserStoreManagerService method getClaimSearchEntryDAOFromClaimSearchEntry.
private UniqueIDUserClaimSearchEntryDAO getClaimSearchEntryDAOFromClaimSearchEntry(UniqueIDUserClaimSearchEntry claimSearchEntry) {
UniqueIDUserClaimSearchEntryDAO uniqueIDUserClaimSearchEntryDAO = new UniqueIDUserClaimSearchEntryDAO();
ClaimValue[] claimValues = convertMapToClaimValue(claimSearchEntry.getClaims());
uniqueIDUserClaimSearchEntryDAO.setClaims(claimValues);
uniqueIDUserClaimSearchEntryDAO.setUser(getUserDTO(claimSearchEntry.getUser()));
uniqueIDUserClaimSearchEntryDAO.setUserClaimSearchEntry(getClaimEntryDAOFromClaimEntry(claimSearchEntry.getUserClaimSearchEntry()));
return uniqueIDUserClaimSearchEntryDAO;
}
Aggregations