Search in sources :

Example 1 with UniqueIDUserClaimSearchEntry

use of org.wso2.carbon.user.core.model.UniqueIDUserClaimSearchEntry in project carbon-identity-framework by wso2.

the class IdentityUserIdResolverListener method doPostGetUsersClaimValues.

@Override
public boolean doPostGetUsersClaimValues(String[] userNames, String[] claims, String profileName, UserClaimSearchEntry[] userClaimSearchEntries, UserStoreManager userStoreManager) throws UserStoreException {
    if (!isEnable()) {
        return true;
    }
    List<String> userIDsList = ((AbstractUserStoreManager) userStoreManager).getUserIDsFromUserNames(Arrays.asList(getDomainLessNames(userNames)));
    List<String> claimsList = Arrays.asList(claims);
    List<UniqueIDUserClaimSearchEntry> uniqueIDUserClaimSearchEntriesList = ((AbstractUserStoreManager) userStoreManager).getUniqueIDUserClaimSearchEntries(userClaimSearchEntries);
    for (UserOperationEventListener listener : getUserStoreManagerListeners()) {
        if (isNotAResolverListener(listener)) {
            if (!((UniqueIDUserOperationEventListener) listener).doPostGetUsersClaimValuesWithID(userIDsList, claimsList, profileName, uniqueIDUserClaimSearchEntriesList, userStoreManager)) {
                return false;
            }
        }
    }
    return true;
}
Also used : UserOperationEventListener(org.wso2.carbon.user.core.listener.UserOperationEventListener) UniqueIDUserOperationEventListener(org.wso2.carbon.user.core.listener.UniqueIDUserOperationEventListener) AbstractIdentityUserOperationEventListener(org.wso2.carbon.identity.core.AbstractIdentityUserOperationEventListener) UniqueIDUserClaimSearchEntry(org.wso2.carbon.user.core.model.UniqueIDUserClaimSearchEntry) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)

Example 2 with UniqueIDUserClaimSearchEntry

use of org.wso2.carbon.user.core.model.UniqueIDUserClaimSearchEntry in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMUserManager method getSCIMUsers.

/**
 * get the specified user from the store
 *
 * @param users                Set of users.
 * @param claimURIList         Requested claim list.
 * @param scimToLocalClaimsMap SCIM to local claims mappings.
 * @param requiredAttributes   Attributes required.
 * @return Array of SCIM User
 * @throws CharonException CharonException
 */
private Set<User> getSCIMUsers(Set<org.wso2.carbon.user.core.common.User> users, List<String> claimURIList, Map<String, String> scimToLocalClaimsMap, Map<String, Boolean> requiredAttributes) throws CharonException {
    List<User> scimUsers = new ArrayList<>();
    // obtain user claim values
    List<UniqueIDUserClaimSearchEntry> searchEntries;
    Map<String, List<String>> usersRoles = new HashMap<>();
    try {
        searchEntries = carbonUM.getUsersClaimValuesWithID(users.stream().map(org.wso2.carbon.user.core.common.User::getUserID).collect(Collectors.toList()), claimURIList, null);
        if (isGroupsAttributeRequired(requiredAttributes)) {
            if (IdentityUtil.isGroupsVsRolesSeparationImprovementsEnabled()) {
                usersRoles = searchEntries.stream().map(userClaimSearchEntry -> {
                    String userID = userClaimSearchEntry.getUser().getUserID();
                    List<String> groupsList = getGroups(userClaimSearchEntry);
                    return new AbstractMap.SimpleEntry<>(userID, groupsList);
                }).collect(Collectors.toMap(AbstractMap.SimpleEntry::getKey, AbstractMap.SimpleEntry::getValue));
            } else {
                usersRoles = carbonUM.getRoleListOfUsersWithID(users.stream().map(org.wso2.carbon.user.core.common.User::getUserID).collect(Collectors.toList()));
            }
        }
    } catch (org.wso2.carbon.user.core.UserStoreException e) {
        String errorMsg = "Error occurred while retrieving SCIM user information";
        throw resolveError(e, errorMsg);
    }
    Map<String, Group> groupMetaAttributesCache = new HashMap<>();
    for (org.wso2.carbon.user.core.common.User user : users) {
        String userStoreDomainName = user.getUserStoreDomain();
        if (isSCIMEnabled(userStoreDomainName)) {
            if (log.isDebugEnabled()) {
                log.debug("SCIM is enabled for the user-store domain : " + userStoreDomainName + ". " + "Including user : " + user.getUsername() + " in the response.");
            }
            User scimUser;
            Map<String, String> userClaimValues = new HashMap<>();
            for (UniqueIDUserClaimSearchEntry entry : searchEntries) {
                if (entry.getUser() != null && StringUtils.isNotBlank(entry.getUser().getUserID()) && entry.getUser().getUserID().equals(user.getUserID())) {
                    userClaimValues = entry.getClaims();
                }
            }
            Map<String, String> attributes;
            try {
                attributes = SCIMCommonUtils.convertLocalToSCIMDialect(userClaimValues, scimToLocalClaimsMap);
            } catch (UserStoreException e) {
                throw resolveError(e, "Error in converting local claims to SCIM dialect for user: " + user.getUsername());
            }
            try {
                if (!attributes.containsKey(SCIMConstants.CommonSchemaConstants.ID_URI)) {
                    if (log.isDebugEnabled()) {
                        log.debug(String.format("Skipping adding user %s with id %s as attribute %s is not " + "available.", user.getFullQualifiedUsername(), user.getUserID(), SCIMConstants.CommonSchemaConstants.ID_URI));
                    }
                    continue;
                }
                // skip simple type addresses claim because it is complex with sub types in the schema
                if (attributes.containsKey(SCIMConstants.UserSchemaConstants.ADDRESSES_URI)) {
                    attributes.remove(SCIMConstants.UserSchemaConstants.ADDRESSES_URI);
                }
                if (IdentityUtil.isGroupsVsRolesSeparationImprovementsEnabled()) {
                    filterAttributes(attributes, Arrays.asList(SCIMConstants.UserSchemaConstants.ROLES_URI, SCIMConstants.UserSchemaConstants.GROUP_URI));
                }
                // Location URI is not available for users who created from the mgt console also location URI is not
                // tenant aware, so need to update the location URI according to the tenant.
                String locationURI = SCIMCommonUtils.getSCIMUserURL(attributes.get(SCIMConstants.CommonSchemaConstants.ID_URI));
                attributes.put(SCIMConstants.CommonSchemaConstants.LOCATION_URI, locationURI);
                if (!attributes.containsKey(SCIMConstants.CommonSchemaConstants.RESOURCE_TYPE_URI)) {
                    attributes.put(SCIMConstants.CommonSchemaConstants.RESOURCE_TYPE_URI, SCIMConstants.USER);
                }
                // Add username with domain name
                if (mandateDomainForUsernamesAndGroupNamesInResponse()) {
                    setUserNameWithDomain(userClaimValues, attributes, user);
                } else {
                    if (isLoginIdentifiersEnabled() && StringUtils.isNotBlank(getPrimaryLoginIdentifierClaim())) {
                        String primaryLoginIdentifier = userClaimValues.get(getPrimaryLoginIdentifierClaim());
                        if (StringUtils.isNotBlank(primaryLoginIdentifier)) {
                            attributes.put(SCIMConstants.UserSchemaConstants.USER_NAME_URI, primaryLoginIdentifier);
                        } else {
                            attributes.put(SCIMConstants.UserSchemaConstants.USER_NAME_URI, user.getDomainQualifiedUsername());
                        }
                    } else {
                        attributes.put(SCIMConstants.UserSchemaConstants.USER_NAME_URI, user.getDomainQualifiedUsername());
                    }
                }
                // construct the SCIM Object from the attributes
                scimUser = (User) AttributeMapper.constructSCIMObjectFromAttributes(this, attributes, 1);
                if (isGroupsAttributeRequired(requiredAttributes)) {
                    // Get groups of user and add it as groups attribute.
                    List<String> roleList = usersRoles.get(user.getUserID());
                    List<String> groupsList = new ArrayList<>();
                    if (isNotEmpty(roleList)) {
                        groupsList = new ArrayList<>(roleList);
                    } else {
                        if (log.isDebugEnabled()) {
                            log.debug(String.format("Roles not found for user %s with id %s .", user.getFullQualifiedUsername(), user.getUserID()));
                        }
                    }
                    if (!IdentityUtil.isGroupsVsRolesSeparationImprovementsEnabled()) {
                        if (carbonUM.isRoleAndGroupSeparationEnabled()) {
                            // Remove roles, if the role and group separation feature is enabled.
                            groupsList.removeIf(SCIMCommonUtils::isHybridRole);
                        } else {
                            checkForSCIMDisabledHybridRoles(groupsList);
                        }
                    }
                    for (String group : groupsList) {
                        if (UserCoreUtil.isEveryoneRole(group, carbonUM.getRealmConfiguration()) || CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME.equalsIgnoreCase(group)) {
                            // Carbon specific roles do not possess SCIM info, hence skipping them.
                            continue;
                        }
                        Group groupObject = groupMetaAttributesCache.get(group);
                        if (groupObject == null && !groupMetaAttributesCache.containsKey(group)) {
                            org.wso2.carbon.user.core.common.Group userGroup = carbonUM.getGroupByGroupName(UserCoreUtil.addDomainToName(group, userStoreDomainName), null);
                            groupObject = buildGroup(userGroup);
                            groupMetaAttributesCache.put(group, groupObject);
                        }
                        if (groupObject != null && isFilteringEnhancementsEnabled()) {
                            groupObject.setDisplayName(prependDomain(group));
                        }
                        if (groupObject != null) {
                            // Can be null for non SCIM groups.
                            scimUser.setGroup(null, groupObject);
                        }
                    }
                }
                // Set the roles attribute if the the role and group separation feature is enabled.
                if (IdentityUtil.isGroupsVsRolesSeparationImprovementsEnabled()) {
                    List<String> rolesList = getRoles(searchEntries, user);
                    setRolesOfUser(rolesList, groupMetaAttributesCache, user, scimUser);
                } else if (carbonUM.isRoleAndGroupSeparationEnabled()) {
                    List<String> rolesList = carbonUM.getHybridRoleListOfUser(user.getUsername(), user.getUserStoreDomain());
                    checkForSCIMDisabledHybridRoles(rolesList);
                    setRolesOfUser(rolesList, groupMetaAttributesCache, user, scimUser);
                }
            } catch (UserStoreException e) {
                throw resolveError(e, "Error in getting user information for user: " + user.getUsername());
            } catch (CharonException | NotFoundException | IdentitySCIMException | BadRequestException e) {
                throw new CharonException("Error in getting user information for user: " + user.getUsername(), e);
            }
            if (scimUser != null) {
                scimUsers.add(scimUser);
            }
        } else {
            if (log.isDebugEnabled()) {
                log.debug("SCIM is disabled for the user-store domain : " + userStoreDomainName + ". " + "Hence user : " + user.getUsername() + " in this domain is excluded in the response.");
            }
        }
    }
    if (removeDuplicateUsersInUsersResponseEnabled) {
        TreeSet<User> scimUserSet = new TreeSet<>(Comparator.comparing(User::getUsername));
        scimUserSet.addAll(scimUsers);
        return scimUserSet;
    }
    Set<User> scimUserSet = new LinkedHashSet<>();
    scimUserSet.addAll(scimUsers);
    return scimUserSet;
}
Also used : LinkedHashSet(java.util.LinkedHashSet) Group(org.wso2.charon3.core.objects.Group) User(org.wso2.charon3.core.objects.User) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) NotFoundException(org.wso2.charon3.core.exceptions.NotFoundException) IdentitySCIMException(org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException) UniqueIDUserClaimSearchEntry(org.wso2.carbon.user.core.model.UniqueIDUserClaimSearchEntry) TreeSet(java.util.TreeSet) UserStoreException(org.wso2.carbon.user.api.UserStoreException) SCIMUserStoreException(org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreException) ArrayList(java.util.ArrayList) List(java.util.List) SCIMCommonUtils(org.wso2.carbon.identity.scim2.common.utils.SCIMCommonUtils) BadRequestException(org.wso2.charon3.core.exceptions.BadRequestException) CharonException(org.wso2.charon3.core.exceptions.CharonException)

Example 3 with UniqueIDUserClaimSearchEntry

use of org.wso2.carbon.user.core.model.UniqueIDUserClaimSearchEntry in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMUserManager method getRoles.

private List<String> getRoles(List<UniqueIDUserClaimSearchEntry> searchEntries, org.wso2.carbon.user.core.common.User user) throws CharonException {
    // Because user ID is a UUID there is only one match in the search entries, thus safe to use
    // the `findAny` method with the advantage of a faster search time.
    UniqueIDUserClaimSearchEntry searchEntry = searchEntries.stream().filter(entry -> entry.getUser().getUserID().equals(user.getUserID())).findAny().get();
    String roles = searchEntry.getClaims().get(INTERNAL_ROLES_CLAIM);
    List<String> rolesList = new ArrayList<>();
    if (StringUtils.isNotBlank(roles)) {
        String multivaluedAttributeSeparator = getMultivaluedAttributeSeparator(user.getUserStoreDomain());
        rolesList = Arrays.asList(roles.split(multivaluedAttributeSeparator));
        checkForSCIMDisabledHybridRoles(rolesList);
    }
    return rolesList;
}
Also used : UniqueIDUserClaimSearchEntry(org.wso2.carbon.user.core.model.UniqueIDUserClaimSearchEntry) ArrayList(java.util.ArrayList)

Example 4 with UniqueIDUserClaimSearchEntry

use of org.wso2.carbon.user.core.model.UniqueIDUserClaimSearchEntry in project carbon-identity-framework by wso2.

the class IdentityUserNameResolverListener method doPostGetUsersClaimValuesWithID.

@Override
public boolean doPostGetUsersClaimValuesWithID(List<String> userIDs, List<String> claims, String profileName, List<UniqueIDUserClaimSearchEntry> uniqueIDUserClaimSearchEntries, UserStoreManager userStoreManager) throws UserStoreException {
    if (!isEnable()) {
        return true;
    }
    List<String> userNamesList = ((AbstractUserStoreManager) userStoreManager).getUserNamesFromUserIDs(userIDs);
    String[] userNames = userNamesList.toArray(new String[0]);
    List<UserClaimSearchEntry> userClaimSearchEntries = ((AbstractUserStoreManager) userStoreManager).getUserClaimSearchEntries(uniqueIDUserClaimSearchEntries);
    for (UserOperationEventListener listener : getUserStoreManagerListeners()) {
        if (isNotAResolverListener(listener)) {
            if (!listener.doPostGetUsersClaimValues(userNames, claims.toArray(new String[0]), profileName, userClaimSearchEntries.toArray(new UserClaimSearchEntry[0]))) {
                return false;
            }
        }
    }
    return true;
}
Also used : UserOperationEventListener(org.wso2.carbon.user.core.listener.UserOperationEventListener) AbstractIdentityUserOperationEventListener(org.wso2.carbon.identity.core.AbstractIdentityUserOperationEventListener) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) UniqueIDUserClaimSearchEntry(org.wso2.carbon.user.core.model.UniqueIDUserClaimSearchEntry) UserClaimSearchEntry(org.wso2.carbon.user.core.model.UserClaimSearchEntry)

Example 5 with UniqueIDUserClaimSearchEntry

use of org.wso2.carbon.user.core.model.UniqueIDUserClaimSearchEntry in project product-is by wso2.

the class UUIDUserStoreManagerService method getClaimSearchEntryDAOFromClaimSearchEntry.

private UniqueIDUserClaimSearchEntryDAO getClaimSearchEntryDAOFromClaimSearchEntry(UniqueIDUserClaimSearchEntry claimSearchEntry) {
    UniqueIDUserClaimSearchEntryDAO uniqueIDUserClaimSearchEntryDAO = new UniqueIDUserClaimSearchEntryDAO();
    ClaimValue[] claimValues = convertMapToClaimValue(claimSearchEntry.getClaims());
    uniqueIDUserClaimSearchEntryDAO.setClaims(claimValues);
    uniqueIDUserClaimSearchEntryDAO.setUser(getUserDTO(claimSearchEntry.getUser()));
    uniqueIDUserClaimSearchEntryDAO.setUserClaimSearchEntry(getClaimEntryDAOFromClaimEntry(claimSearchEntry.getUserClaimSearchEntry()));
    return uniqueIDUserClaimSearchEntryDAO;
}
Also used : UniqueIDUserClaimSearchEntryDAO(org.wso2.carbon.identity.test.integration.service.dao.UniqueIDUserClaimSearchEntryDAO) ClaimValue(org.wso2.carbon.identity.test.integration.service.dao.ClaimValue)

Aggregations

UniqueIDUserClaimSearchEntry (org.wso2.carbon.user.core.model.UniqueIDUserClaimSearchEntry)4 ArrayList (java.util.ArrayList)2 AbstractIdentityUserOperationEventListener (org.wso2.carbon.identity.core.AbstractIdentityUserOperationEventListener)2 AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)2 UserOperationEventListener (org.wso2.carbon.user.core.listener.UserOperationEventListener)2 HashMap (java.util.HashMap)1 LinkedHashSet (java.util.LinkedHashSet)1 List (java.util.List)1 TreeSet (java.util.TreeSet)1 IdentitySCIMException (org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException)1 SCIMUserStoreException (org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreException)1 SCIMCommonUtils (org.wso2.carbon.identity.scim2.common.utils.SCIMCommonUtils)1 ClaimValue (org.wso2.carbon.identity.test.integration.service.dao.ClaimValue)1 UniqueIDUserClaimSearchEntryDAO (org.wso2.carbon.identity.test.integration.service.dao.UniqueIDUserClaimSearchEntryDAO)1 UserStoreException (org.wso2.carbon.user.api.UserStoreException)1 UniqueIDUserOperationEventListener (org.wso2.carbon.user.core.listener.UniqueIDUserOperationEventListener)1 UserClaimSearchEntry (org.wso2.carbon.user.core.model.UserClaimSearchEntry)1 BadRequestException (org.wso2.charon3.core.exceptions.BadRequestException)1 CharonException (org.wso2.charon3.core.exceptions.CharonException)1 NotFoundException (org.wso2.charon3.core.exceptions.NotFoundException)1