use of org.wso2.carbon.user.mgt.common.FlaggedName in project carbon-identity-framework by wso2.
the class UserRealmProxy method getAllRolesNames.
public FlaggedName[] getAllRolesNames(String filter, int maxLimit) throws UserAdminException {
try {
UserStoreManager userStoreMan = realm.getUserStoreManager();
// get all roles without hybrid roles
String[] externalRoles;
if (userStoreMan instanceof AbstractUserStoreManager) {
externalRoles = ((AbstractUserStoreManager) userStoreMan).getRoleNames(filter, maxLimit, true, true, true);
} else {
externalRoles = userStoreMan.getRoleNames();
}
List<FlaggedName> flaggedNames = new ArrayList<FlaggedName>();
Map<String, Integer> userCount = new HashMap<String, Integer>();
for (String externalRole : externalRoles) {
FlaggedName fName = new FlaggedName();
mapEntityName(externalRole, fName, userStoreMan);
fName.setRoleType(UserMgtConstants.EXTERNAL_ROLE);
// setting read only or writable
int index = externalRole != null ? externalRole.indexOf(CarbonConstants.DOMAIN_SEPARATOR) : -1;
boolean domainProvided = index > 0;
String domain = domainProvided ? externalRole.substring(0, index) : null;
UserStoreManager secManager = realm.getUserStoreManager().getSecondaryUserStoreManager(domain);
if (domain != null && !UserCoreConstants.INTERNAL_DOMAIN.equalsIgnoreCase(domain) && !UserMgtConstants.APPLICATION_DOMAIN.equalsIgnoreCase(domain)) {
if (secManager != null && (secManager.isReadOnly() || (FALSE.equals(secManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.WRITE_GROUPS_ENABLED))))) {
fName.setEditable(false);
} else {
fName.setEditable(true);
}
} else {
if (realm.getUserStoreManager().isReadOnly() || (FALSE.equals(realm.getUserStoreManager().getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.WRITE_GROUPS_ENABLED)))) {
fName.setEditable(false);
} else {
fName.setEditable(true);
}
}
if (domain != null) {
if (userCount.containsKey(domain)) {
userCount.put(domain, userCount.get(domain) + 1);
} else {
userCount.put(domain, 1);
}
} else {
if (userCount.containsKey(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME)) {
userCount.put(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME, userCount.get(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME) + 1);
} else {
userCount.put(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME, 1);
}
}
flaggedNames.add(fName);
}
String filteredDomain = null;
// get hybrid roles
if (filter.contains(CarbonConstants.DOMAIN_SEPARATOR)) {
filteredDomain = filter.split(CarbonConstants.DOMAIN_SEPARATOR)[0];
}
if (filter.startsWith(UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR)) {
filter = filter.substring(filter.indexOf(CarbonConstants.DOMAIN_SEPARATOR) + 1);
}
String[] hybridRoles = ((AbstractUserStoreManager) userStoreMan).getHybridRoles(filter);
// Filter the internal system roles created to maintain the backward compatibility.
hybridRoles = filterInternalSystemRoles(hybridRoles);
for (String hybridRole : hybridRoles) {
if (filteredDomain != null && !hybridRole.startsWith(filteredDomain)) {
continue;
}
FlaggedName fName = new FlaggedName();
fName.setItemName(hybridRole);
if (hybridRole.toLowerCase().startsWith(UserCoreConstants.INTERNAL_DOMAIN.toLowerCase())) {
fName.setRoleType(UserMgtConstants.INTERNAL_ROLE);
} else {
fName.setRoleType(UserMgtConstants.APPLICATION_DOMAIN);
}
fName.setEditable(true);
flaggedNames.add(fName);
}
String exceededDomains = "";
boolean isPrimaryExceeding = false;
Map<String, Integer> maxUserListCount = ((AbstractUserStoreManager) realm.getUserStoreManager()).getMaxListCount(UserCoreConstants.RealmConfig.PROPERTY_MAX_ROLE_LIST);
String[] domains = userCount.keySet().toArray(new String[userCount.keySet().size()]);
for (int i = 0; i < domains.length; i++) {
if (UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME.equals(domains[i])) {
if (userCount.get(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME).equals(maxUserListCount.get(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME))) {
isPrimaryExceeding = true;
}
continue;
}
if (userCount.get(domains[i]).equals(maxUserListCount.get(domains[i].toUpperCase()))) {
exceededDomains += domains[i];
if (i != domains.length - 1) {
exceededDomains += ":";
}
}
}
FlaggedName[] roleNames = flaggedNames.toArray(new FlaggedName[flaggedNames.size() + 1]);
Arrays.sort(roleNames, new Comparator<FlaggedName>() {
@Override
public int compare(FlaggedName o1, FlaggedName o2) {
if (o1 == null || o2 == null) {
return 0;
}
return o1.getItemName().toLowerCase().compareTo(o2.getItemName().toLowerCase());
}
});
FlaggedName flaggedName = new FlaggedName();
if (isPrimaryExceeding) {
flaggedName.setItemName("true");
} else {
flaggedName.setItemName(FALSE);
}
flaggedName.setItemDisplayName(exceededDomains);
roleNames[roleNames.length - 1] = flaggedName;
return roleNames;
} catch (UserStoreException e) {
// previously logged so logging not needed
throw new UserAdminException(e.getMessage(), e);
} catch (Exception e) {
log.error(e.getMessage(), e);
throw new UserAdminException(e.getMessage(), e);
}
}
use of org.wso2.carbon.user.mgt.common.FlaggedName in project carbon-identity-framework by wso2.
the class UserRealmProxy method getAllSharedRoleNames.
public FlaggedName[] getAllSharedRoleNames(String filter, int maxLimit) throws UserAdminException {
try {
UserStoreManager userStoreMan = realm.getUserStoreManager();
// get all roles without hybrid roles
String[] externalRoles;
if (userStoreMan instanceof AbstractUserStoreManager) {
externalRoles = ((AbstractUserStoreManager) userStoreMan).getSharedRoleNames(filter, maxLimit);
} else {
throw new UserAdminException("Initialized User Store Manager is not capable of getting the shared roles");
}
List<FlaggedName> flaggedNames = new ArrayList<FlaggedName>();
Map<String, Integer> userCount = new HashMap<String, Integer>();
for (String externalRole : externalRoles) {
FlaggedName fName = new FlaggedName();
mapEntityName(externalRole, fName, userStoreMan);
fName.setRoleType(UserMgtConstants.EXTERNAL_ROLE);
// setting read only or writable
int index = externalRole != null ? externalRole.indexOf(CarbonConstants.DOMAIN_SEPARATOR) : -1;
boolean domainProvided = index > 0;
String domain = domainProvided ? externalRole.substring(0, index) : null;
UserStoreManager secManager = realm.getUserStoreManager().getSecondaryUserStoreManager(domain);
if (domain != null && !UserCoreConstants.INTERNAL_DOMAIN.equalsIgnoreCase(domain) && !UserMgtConstants.APPLICATION_DOMAIN.equalsIgnoreCase(domain)) {
if (secManager != null && (secManager.isReadOnly() || (secManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.WRITE_GROUPS_ENABLED) != null && FALSE.equals(secManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.WRITE_GROUPS_ENABLED))))) {
fName.setEditable(false);
} else {
fName.setEditable(true);
}
}
if (domain != null) {
if (userCount.containsKey(domain)) {
userCount.put(domain, userCount.get(domain) + 1);
} else {
userCount.put(domain, 1);
}
} else {
if (userCount.containsKey(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME)) {
userCount.put(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME, userCount.get(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME) + 1);
} else {
userCount.put(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME, 1);
}
}
flaggedNames.add(fName);
}
String exceededDomains = "";
boolean isPrimaryExceeding = false;
Map<String, Integer> maxUserListCount = ((AbstractUserStoreManager) realm.getUserStoreManager()).getMaxListCount(UserCoreConstants.RealmConfig.PROPERTY_MAX_ROLE_LIST);
String[] domains = userCount.keySet().toArray(new String[userCount.keySet().size()]);
for (int i = 0; i < domains.length; i++) {
if (UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME.equals(domains[i])) {
if (userCount.get(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME).equals(maxUserListCount.get(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME))) {
isPrimaryExceeding = true;
}
continue;
}
if (userCount.get(domains[i]).equals(maxUserListCount.get(domains[i].toUpperCase()))) {
exceededDomains += domains[i];
if (i != domains.length - 1) {
exceededDomains += ":";
}
}
}
FlaggedName[] roleNames = flaggedNames.toArray(new FlaggedName[flaggedNames.size() + 1]);
Arrays.sort(roleNames, new Comparator<FlaggedName>() {
@Override
public int compare(FlaggedName o1, FlaggedName o2) {
if (o1 == null || o2 == null) {
return 0;
}
return o1.getItemName().toLowerCase().compareTo(o2.getItemName().toLowerCase());
}
});
FlaggedName flaggedName = new FlaggedName();
if (isPrimaryExceeding) {
flaggedName.setItemName("true");
} else {
flaggedName.setItemName(FALSE);
}
flaggedName.setItemDisplayName(exceededDomains);
roleNames[roleNames.length - 1] = flaggedName;
return roleNames;
} catch (UserStoreException e) {
// previously logged so logging not needed
throw new UserAdminException(e.getMessage(), e);
} catch (Exception e) {
log.error(e.getMessage(), e);
throw new UserAdminException(e.getMessage(), e);
}
}
use of org.wso2.carbon.user.mgt.common.FlaggedName in project carbon-identity-framework by wso2.
the class UserRealmProxyTest method testListUsers1.
@Test
public void testListUsers1() throws Exception {
ClaimValue value = new ClaimValue();
value.setClaimURI("mail");
value.setValue("sd@sds.com");
Map<String, Integer> maxListCount = new HashMap();
maxListCount.put(null, 100);
Mockito.when(realm.getUserStoreManager()).thenReturn(userStoreManager);
Mockito.when(userStoreManager.getUserList(value.getClaimURI(), value.getValue(), null)).thenReturn(new String[] { "test1", "test2" });
FlaggedName[] userList = userRealmProxy.listUsers(value, "test", 10);
Assert.assertEquals(userList.length, 3);
}
use of org.wso2.carbon.user.mgt.common.FlaggedName in project carbon-identity-framework by wso2.
the class UserRealmProxyTest method testGetAllRolesNames.
@Test
public void testGetAllRolesNames() throws Exception {
Mockito.when(realm.getUserStoreManager()).thenReturn(userStoreManagerWithAb);
HybridRoleManager hybridRoleManager = mock(HybridRoleManager.class);
Object cc = userStoreManagerWithAb;
Field f1 = cc.getClass().getSuperclass().getDeclaredField("hybridRoleManager");
f1.setAccessible(true);
f1.set(cc, hybridRoleManager);
String[] test = { "role3x", "role4x" };
Mockito.when(hybridRoleManager.getHybridRoles("role")).thenReturn(test);
Mockito.when(((AbstractUserStoreManager) userStoreManagerWithAb).getSharedRoleNames("role", 10)).thenReturn(new String[] { "role1", "role2" });
Mockito.when(((AbstractUserStoreManager) userStoreManagerWithAb).getRoleNames("role", 10, true, true, true)).thenReturn(null);
FlaggedName[] roleList = userRealmProxy.getAllRolesNames("role", 10);
Assert.assertEquals(roleList.length, 3);
}
use of org.wso2.carbon.user.mgt.common.FlaggedName in project carbon-identity-framework by wso2.
the class UserRealmProxy method updateUsersOfRole.
public void updateUsersOfRole(String roleName, FlaggedName[] userList) throws UserAdminException {
try {
if (CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME.equalsIgnoreCase(roleName)) {
log.error("Security Alert! Carbon anonymous role is being manipulated");
// obscure error
throw new UserStoreException("Invalid data");
// message
}
if (realm.getRealmConfiguration().getEveryOneRoleName().equalsIgnoreCase(roleName)) {
log.error("Security Alert! Carbon Everyone role is being manipulated");
// obscure error
throw new UserStoreException("Invalid data");
// message
}
UserStoreManager admin = realm.getUserStoreManager();
String[] oldUserList = admin.getUserListOfRole(roleName);
List<String> list = new ArrayList<String>();
if (oldUserList != null) {
for (String value : oldUserList) {
int combinerIndex = value.indexOf(UserCoreConstants.NAME_COMBINER);
if (combinerIndex > 0) {
list.add(value.substring(0, combinerIndex));
} else {
list.add(value);
}
}
oldUserList = list.toArray(new String[list.size()]);
}
if (oldUserList != null) {
Arrays.sort(oldUserList);
}
List<String> delUsers = new ArrayList<>();
List<String> addUsers = new ArrayList<>();
for (FlaggedName fName : userList) {
boolean isSelected = fName.isSelected();
String userName = fName.getItemName();
if (CarbonConstants.REGISTRY_ANONNYMOUS_USERNAME.equalsIgnoreCase(userName)) {
log.error("Security Alert! Carbon anonymous user is being manipulated");
return;
}
int oldindex = Arrays.binarySearch(oldUserList, userName);
if (oldindex > -1 && !isSelected) {
// deleted
delUsers.add(userName);
} else if (oldindex < 0 && isSelected) {
// added
addUsers.add(userName);
}
}
String loggedInUserName = addPrimaryDomainIfNotExists(getLoggedInUser());
RealmConfiguration realmConfig = realm.getRealmConfiguration();
String adminUser = addPrimaryDomainIfNotExists(realmConfig.getAdminUserName());
boolean isRoleHasAdminPermission = realm.getAuthorizationManager().isRoleAuthorized(roleName, "/permission/", UserMgtConstants.EXECUTE_ACTION);
if (!isRoleHasAdminPermission) {
isRoleHasAdminPermission = realm.getAuthorizationManager().isRoleAuthorized(roleName, "/permission/admin/", UserMgtConstants.EXECUTE_ACTION);
}
if ((realmConfig.getAdminRoleName().equalsIgnoreCase(roleName) || isRoleHasAdminPermission) && !adminUser.equalsIgnoreCase(loggedInUserName)) {
log.warn("An attempt to add or remove users from Admin role by user : " + loggedInUserName);
throw new UserStoreException("Can not add or remove user from Admin permission role");
}
String[] delUsersArray = null;
String[] addUsersArray = null;
String[] users = realm.getUserStoreManager().getUserListOfRole(roleName);
if (delUsers != null && users != null) {
Arrays.sort(users);
delUsersArray = delUsers.toArray(new String[delUsers.size()]);
Arrays.sort(delUsersArray);
if (Arrays.binarySearch(delUsersArray, loggedInUserName) > -1 && Arrays.binarySearch(users, loggedInUserName) > -1 && !adminUser.equalsIgnoreCase(loggedInUserName)) {
log.warn("An attempt to remove from role : " + roleName + " by user :" + loggedInUserName);
throw new UserStoreException("Can not remove yourself from role : " + roleName);
}
}
if (addUsers != null) {
addUsersArray = addUsers.toArray(new String[addUsers.size()]);
}
admin.updateUserListOfRole(roleName, delUsersArray, addUsersArray);
} catch (UserStoreException e) {
// previously logged so logging not needed
log.error(e.getMessage(), e);
throw new UserAdminException(e.getMessage(), e);
} catch (Exception e) {
log.error(e.getMessage(), e);
throw new UserAdminException(e.getMessage(), e);
}
}
Aggregations