Search in sources :

Example 6 with FlaggedName

use of org.wso2.carbon.user.mgt.common.FlaggedName in project carbon-identity-framework by wso2.

the class UserRealmProxy method getAllRolesNames.

public FlaggedName[] getAllRolesNames(String filter, int maxLimit) throws UserAdminException {
    try {
        UserStoreManager userStoreMan = realm.getUserStoreManager();
        // get all roles without hybrid roles
        String[] externalRoles;
        if (userStoreMan instanceof AbstractUserStoreManager) {
            externalRoles = ((AbstractUserStoreManager) userStoreMan).getRoleNames(filter, maxLimit, true, true, true);
        } else {
            externalRoles = userStoreMan.getRoleNames();
        }
        List<FlaggedName> flaggedNames = new ArrayList<FlaggedName>();
        Map<String, Integer> userCount = new HashMap<String, Integer>();
        for (String externalRole : externalRoles) {
            FlaggedName fName = new FlaggedName();
            mapEntityName(externalRole, fName, userStoreMan);
            fName.setRoleType(UserMgtConstants.EXTERNAL_ROLE);
            // setting read only or writable
            int index = externalRole != null ? externalRole.indexOf(CarbonConstants.DOMAIN_SEPARATOR) : -1;
            boolean domainProvided = index > 0;
            String domain = domainProvided ? externalRole.substring(0, index) : null;
            UserStoreManager secManager = realm.getUserStoreManager().getSecondaryUserStoreManager(domain);
            if (domain != null && !UserCoreConstants.INTERNAL_DOMAIN.equalsIgnoreCase(domain) && !UserMgtConstants.APPLICATION_DOMAIN.equalsIgnoreCase(domain)) {
                if (secManager != null && (secManager.isReadOnly() || (FALSE.equals(secManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.WRITE_GROUPS_ENABLED))))) {
                    fName.setEditable(false);
                } else {
                    fName.setEditable(true);
                }
            } else {
                if (realm.getUserStoreManager().isReadOnly() || (FALSE.equals(realm.getUserStoreManager().getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.WRITE_GROUPS_ENABLED)))) {
                    fName.setEditable(false);
                } else {
                    fName.setEditable(true);
                }
            }
            if (domain != null) {
                if (userCount.containsKey(domain)) {
                    userCount.put(domain, userCount.get(domain) + 1);
                } else {
                    userCount.put(domain, 1);
                }
            } else {
                if (userCount.containsKey(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME)) {
                    userCount.put(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME, userCount.get(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME) + 1);
                } else {
                    userCount.put(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME, 1);
                }
            }
            flaggedNames.add(fName);
        }
        String filteredDomain = null;
        // get hybrid roles
        if (filter.contains(CarbonConstants.DOMAIN_SEPARATOR)) {
            filteredDomain = filter.split(CarbonConstants.DOMAIN_SEPARATOR)[0];
        }
        if (filter.startsWith(UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR)) {
            filter = filter.substring(filter.indexOf(CarbonConstants.DOMAIN_SEPARATOR) + 1);
        }
        String[] hybridRoles = ((AbstractUserStoreManager) userStoreMan).getHybridRoles(filter);
        // Filter the internal system roles created to maintain the backward compatibility.
        hybridRoles = filterInternalSystemRoles(hybridRoles);
        for (String hybridRole : hybridRoles) {
            if (filteredDomain != null && !hybridRole.startsWith(filteredDomain)) {
                continue;
            }
            FlaggedName fName = new FlaggedName();
            fName.setItemName(hybridRole);
            if (hybridRole.toLowerCase().startsWith(UserCoreConstants.INTERNAL_DOMAIN.toLowerCase())) {
                fName.setRoleType(UserMgtConstants.INTERNAL_ROLE);
            } else {
                fName.setRoleType(UserMgtConstants.APPLICATION_DOMAIN);
            }
            fName.setEditable(true);
            flaggedNames.add(fName);
        }
        String exceededDomains = "";
        boolean isPrimaryExceeding = false;
        Map<String, Integer> maxUserListCount = ((AbstractUserStoreManager) realm.getUserStoreManager()).getMaxListCount(UserCoreConstants.RealmConfig.PROPERTY_MAX_ROLE_LIST);
        String[] domains = userCount.keySet().toArray(new String[userCount.keySet().size()]);
        for (int i = 0; i < domains.length; i++) {
            if (UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME.equals(domains[i])) {
                if (userCount.get(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME).equals(maxUserListCount.get(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME))) {
                    isPrimaryExceeding = true;
                }
                continue;
            }
            if (userCount.get(domains[i]).equals(maxUserListCount.get(domains[i].toUpperCase()))) {
                exceededDomains += domains[i];
                if (i != domains.length - 1) {
                    exceededDomains += ":";
                }
            }
        }
        FlaggedName[] roleNames = flaggedNames.toArray(new FlaggedName[flaggedNames.size() + 1]);
        Arrays.sort(roleNames, new Comparator<FlaggedName>() {

            @Override
            public int compare(FlaggedName o1, FlaggedName o2) {
                if (o1 == null || o2 == null) {
                    return 0;
                }
                return o1.getItemName().toLowerCase().compareTo(o2.getItemName().toLowerCase());
            }
        });
        FlaggedName flaggedName = new FlaggedName();
        if (isPrimaryExceeding) {
            flaggedName.setItemName("true");
        } else {
            flaggedName.setItemName(FALSE);
        }
        flaggedName.setItemDisplayName(exceededDomains);
        roleNames[roleNames.length - 1] = flaggedName;
        return roleNames;
    } catch (UserStoreException e) {
        // previously logged so logging not needed
        throw new UserAdminException(e.getMessage(), e);
    } catch (Exception e) {
        log.error(e.getMessage(), e);
        throw new UserAdminException(e.getMessage(), e);
    }
}
Also used : HashMap(java.util.HashMap) FlaggedName(org.wso2.carbon.user.mgt.common.FlaggedName) ArrayList(java.util.ArrayList) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) UserStoreManager(org.wso2.carbon.user.core.UserStoreManager) JDBCUserStoreManager(org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager) UserAdminException(org.wso2.carbon.user.mgt.common.UserAdminException) UserAdminException(org.wso2.carbon.user.mgt.common.UserAdminException) RegistryException(org.wso2.carbon.registry.api.RegistryException) UserStoreException(org.wso2.carbon.user.core.UserStoreException) UserStoreException(org.wso2.carbon.user.core.UserStoreException) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)

Example 7 with FlaggedName

use of org.wso2.carbon.user.mgt.common.FlaggedName in project carbon-identity-framework by wso2.

the class UserRealmProxy method getAllSharedRoleNames.

public FlaggedName[] getAllSharedRoleNames(String filter, int maxLimit) throws UserAdminException {
    try {
        UserStoreManager userStoreMan = realm.getUserStoreManager();
        // get all roles without hybrid roles
        String[] externalRoles;
        if (userStoreMan instanceof AbstractUserStoreManager) {
            externalRoles = ((AbstractUserStoreManager) userStoreMan).getSharedRoleNames(filter, maxLimit);
        } else {
            throw new UserAdminException("Initialized User Store Manager is not capable of getting the shared roles");
        }
        List<FlaggedName> flaggedNames = new ArrayList<FlaggedName>();
        Map<String, Integer> userCount = new HashMap<String, Integer>();
        for (String externalRole : externalRoles) {
            FlaggedName fName = new FlaggedName();
            mapEntityName(externalRole, fName, userStoreMan);
            fName.setRoleType(UserMgtConstants.EXTERNAL_ROLE);
            // setting read only or writable
            int index = externalRole != null ? externalRole.indexOf(CarbonConstants.DOMAIN_SEPARATOR) : -1;
            boolean domainProvided = index > 0;
            String domain = domainProvided ? externalRole.substring(0, index) : null;
            UserStoreManager secManager = realm.getUserStoreManager().getSecondaryUserStoreManager(domain);
            if (domain != null && !UserCoreConstants.INTERNAL_DOMAIN.equalsIgnoreCase(domain) && !UserMgtConstants.APPLICATION_DOMAIN.equalsIgnoreCase(domain)) {
                if (secManager != null && (secManager.isReadOnly() || (secManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.WRITE_GROUPS_ENABLED) != null && FALSE.equals(secManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.WRITE_GROUPS_ENABLED))))) {
                    fName.setEditable(false);
                } else {
                    fName.setEditable(true);
                }
            }
            if (domain != null) {
                if (userCount.containsKey(domain)) {
                    userCount.put(domain, userCount.get(domain) + 1);
                } else {
                    userCount.put(domain, 1);
                }
            } else {
                if (userCount.containsKey(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME)) {
                    userCount.put(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME, userCount.get(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME) + 1);
                } else {
                    userCount.put(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME, 1);
                }
            }
            flaggedNames.add(fName);
        }
        String exceededDomains = "";
        boolean isPrimaryExceeding = false;
        Map<String, Integer> maxUserListCount = ((AbstractUserStoreManager) realm.getUserStoreManager()).getMaxListCount(UserCoreConstants.RealmConfig.PROPERTY_MAX_ROLE_LIST);
        String[] domains = userCount.keySet().toArray(new String[userCount.keySet().size()]);
        for (int i = 0; i < domains.length; i++) {
            if (UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME.equals(domains[i])) {
                if (userCount.get(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME).equals(maxUserListCount.get(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME))) {
                    isPrimaryExceeding = true;
                }
                continue;
            }
            if (userCount.get(domains[i]).equals(maxUserListCount.get(domains[i].toUpperCase()))) {
                exceededDomains += domains[i];
                if (i != domains.length - 1) {
                    exceededDomains += ":";
                }
            }
        }
        FlaggedName[] roleNames = flaggedNames.toArray(new FlaggedName[flaggedNames.size() + 1]);
        Arrays.sort(roleNames, new Comparator<FlaggedName>() {

            @Override
            public int compare(FlaggedName o1, FlaggedName o2) {
                if (o1 == null || o2 == null) {
                    return 0;
                }
                return o1.getItemName().toLowerCase().compareTo(o2.getItemName().toLowerCase());
            }
        });
        FlaggedName flaggedName = new FlaggedName();
        if (isPrimaryExceeding) {
            flaggedName.setItemName("true");
        } else {
            flaggedName.setItemName(FALSE);
        }
        flaggedName.setItemDisplayName(exceededDomains);
        roleNames[roleNames.length - 1] = flaggedName;
        return roleNames;
    } catch (UserStoreException e) {
        // previously logged so logging not needed
        throw new UserAdminException(e.getMessage(), e);
    } catch (Exception e) {
        log.error(e.getMessage(), e);
        throw new UserAdminException(e.getMessage(), e);
    }
}
Also used : HashMap(java.util.HashMap) FlaggedName(org.wso2.carbon.user.mgt.common.FlaggedName) ArrayList(java.util.ArrayList) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) UserStoreManager(org.wso2.carbon.user.core.UserStoreManager) JDBCUserStoreManager(org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager) UserAdminException(org.wso2.carbon.user.mgt.common.UserAdminException) UserAdminException(org.wso2.carbon.user.mgt.common.UserAdminException) RegistryException(org.wso2.carbon.registry.api.RegistryException) UserStoreException(org.wso2.carbon.user.core.UserStoreException) UserStoreException(org.wso2.carbon.user.core.UserStoreException) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)

Example 8 with FlaggedName

use of org.wso2.carbon.user.mgt.common.FlaggedName in project carbon-identity-framework by wso2.

the class UserRealmProxyTest method testListUsers1.

@Test
public void testListUsers1() throws Exception {
    ClaimValue value = new ClaimValue();
    value.setClaimURI("mail");
    value.setValue("sd@sds.com");
    Map<String, Integer> maxListCount = new HashMap();
    maxListCount.put(null, 100);
    Mockito.when(realm.getUserStoreManager()).thenReturn(userStoreManager);
    Mockito.when(userStoreManager.getUserList(value.getClaimURI(), value.getValue(), null)).thenReturn(new String[] { "test1", "test2" });
    FlaggedName[] userList = userRealmProxy.listUsers(value, "test", 10);
    Assert.assertEquals(userList.length, 3);
}
Also used : ClaimValue(org.wso2.carbon.user.mgt.common.ClaimValue) HashMap(java.util.HashMap) FlaggedName(org.wso2.carbon.user.mgt.common.FlaggedName) Mockito.anyString(org.mockito.Mockito.anyString) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 9 with FlaggedName

use of org.wso2.carbon.user.mgt.common.FlaggedName in project carbon-identity-framework by wso2.

the class UserRealmProxyTest method testGetAllRolesNames.

@Test
public void testGetAllRolesNames() throws Exception {
    Mockito.when(realm.getUserStoreManager()).thenReturn(userStoreManagerWithAb);
    HybridRoleManager hybridRoleManager = mock(HybridRoleManager.class);
    Object cc = userStoreManagerWithAb;
    Field f1 = cc.getClass().getSuperclass().getDeclaredField("hybridRoleManager");
    f1.setAccessible(true);
    f1.set(cc, hybridRoleManager);
    String[] test = { "role3x", "role4x" };
    Mockito.when(hybridRoleManager.getHybridRoles("role")).thenReturn(test);
    Mockito.when(((AbstractUserStoreManager) userStoreManagerWithAb).getSharedRoleNames("role", 10)).thenReturn(new String[] { "role1", "role2" });
    Mockito.when(((AbstractUserStoreManager) userStoreManagerWithAb).getRoleNames("role", 10, true, true, true)).thenReturn(null);
    FlaggedName[] roleList = userRealmProxy.getAllRolesNames("role", 10);
    Assert.assertEquals(roleList.length, 3);
}
Also used : Field(java.lang.reflect.Field) HybridRoleManager(org.wso2.carbon.user.core.hybrid.HybridRoleManager) FlaggedName(org.wso2.carbon.user.mgt.common.FlaggedName) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) Mockito.anyString(org.mockito.Mockito.anyString) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 10 with FlaggedName

use of org.wso2.carbon.user.mgt.common.FlaggedName in project carbon-identity-framework by wso2.

the class UserRealmProxy method updateUsersOfRole.

public void updateUsersOfRole(String roleName, FlaggedName[] userList) throws UserAdminException {
    try {
        if (CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME.equalsIgnoreCase(roleName)) {
            log.error("Security Alert! Carbon anonymous role is being manipulated");
            // obscure error
            throw new UserStoreException("Invalid data");
        // message
        }
        if (realm.getRealmConfiguration().getEveryOneRoleName().equalsIgnoreCase(roleName)) {
            log.error("Security Alert! Carbon Everyone role is being manipulated");
            // obscure error
            throw new UserStoreException("Invalid data");
        // message
        }
        UserStoreManager admin = realm.getUserStoreManager();
        String[] oldUserList = admin.getUserListOfRole(roleName);
        List<String> list = new ArrayList<String>();
        if (oldUserList != null) {
            for (String value : oldUserList) {
                int combinerIndex = value.indexOf(UserCoreConstants.NAME_COMBINER);
                if (combinerIndex > 0) {
                    list.add(value.substring(0, combinerIndex));
                } else {
                    list.add(value);
                }
            }
            oldUserList = list.toArray(new String[list.size()]);
        }
        if (oldUserList != null) {
            Arrays.sort(oldUserList);
        }
        List<String> delUsers = new ArrayList<>();
        List<String> addUsers = new ArrayList<>();
        for (FlaggedName fName : userList) {
            boolean isSelected = fName.isSelected();
            String userName = fName.getItemName();
            if (CarbonConstants.REGISTRY_ANONNYMOUS_USERNAME.equalsIgnoreCase(userName)) {
                log.error("Security Alert! Carbon anonymous user is being manipulated");
                return;
            }
            int oldindex = Arrays.binarySearch(oldUserList, userName);
            if (oldindex > -1 && !isSelected) {
                // deleted
                delUsers.add(userName);
            } else if (oldindex < 0 && isSelected) {
                // added
                addUsers.add(userName);
            }
        }
        String loggedInUserName = addPrimaryDomainIfNotExists(getLoggedInUser());
        RealmConfiguration realmConfig = realm.getRealmConfiguration();
        String adminUser = addPrimaryDomainIfNotExists(realmConfig.getAdminUserName());
        boolean isRoleHasAdminPermission = realm.getAuthorizationManager().isRoleAuthorized(roleName, "/permission/", UserMgtConstants.EXECUTE_ACTION);
        if (!isRoleHasAdminPermission) {
            isRoleHasAdminPermission = realm.getAuthorizationManager().isRoleAuthorized(roleName, "/permission/admin/", UserMgtConstants.EXECUTE_ACTION);
        }
        if ((realmConfig.getAdminRoleName().equalsIgnoreCase(roleName) || isRoleHasAdminPermission) && !adminUser.equalsIgnoreCase(loggedInUserName)) {
            log.warn("An attempt to add or remove users from Admin role by user : " + loggedInUserName);
            throw new UserStoreException("Can not add or remove user from Admin permission role");
        }
        String[] delUsersArray = null;
        String[] addUsersArray = null;
        String[] users = realm.getUserStoreManager().getUserListOfRole(roleName);
        if (delUsers != null && users != null) {
            Arrays.sort(users);
            delUsersArray = delUsers.toArray(new String[delUsers.size()]);
            Arrays.sort(delUsersArray);
            if (Arrays.binarySearch(delUsersArray, loggedInUserName) > -1 && Arrays.binarySearch(users, loggedInUserName) > -1 && !adminUser.equalsIgnoreCase(loggedInUserName)) {
                log.warn("An attempt to remove from role : " + roleName + " by user :" + loggedInUserName);
                throw new UserStoreException("Can not remove yourself from role : " + roleName);
            }
        }
        if (addUsers != null) {
            addUsersArray = addUsers.toArray(new String[addUsers.size()]);
        }
        admin.updateUserListOfRole(roleName, delUsersArray, addUsersArray);
    } catch (UserStoreException e) {
        // previously logged so logging not needed
        log.error(e.getMessage(), e);
        throw new UserAdminException(e.getMessage(), e);
    } catch (Exception e) {
        log.error(e.getMessage(), e);
        throw new UserAdminException(e.getMessage(), e);
    }
}
Also used : RealmConfiguration(org.wso2.carbon.user.api.RealmConfiguration) UserStoreException(org.wso2.carbon.user.core.UserStoreException) ArrayList(java.util.ArrayList) FlaggedName(org.wso2.carbon.user.mgt.common.FlaggedName) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) UserStoreManager(org.wso2.carbon.user.core.UserStoreManager) JDBCUserStoreManager(org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager) UserAdminException(org.wso2.carbon.user.mgt.common.UserAdminException) UserAdminException(org.wso2.carbon.user.mgt.common.UserAdminException) RegistryException(org.wso2.carbon.registry.api.RegistryException) UserStoreException(org.wso2.carbon.user.core.UserStoreException)

Aggregations

FlaggedName (org.wso2.carbon.user.mgt.stub.types.carbon.FlaggedName)31 ArrayList (java.util.ArrayList)14 FlaggedName (org.wso2.carbon.user.mgt.common.FlaggedName)13 Test (org.testng.annotations.Test)12 UserAdminException (org.wso2.carbon.user.mgt.common.UserAdminException)10 AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)9 ISIntegrationTest (org.wso2.identity.integration.common.utils.ISIntegrationTest)8 HashMap (java.util.HashMap)7 RegistryException (org.wso2.carbon.registry.api.RegistryException)7 UserStoreException (org.wso2.carbon.user.core.UserStoreException)7 UserStoreManager (org.wso2.carbon.user.core.UserStoreManager)7 JDBCUserStoreManager (org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager)7 ClaimValue (org.wso2.carbon.user.mgt.stub.types.carbon.ClaimValue)7 SetEnvironment (org.wso2.carbon.automation.engine.annotations.SetEnvironment)4 Mockito.anyString (org.mockito.Mockito.anyString)3 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)3 BeforeTest (org.testng.annotations.BeforeTest)3 AuthorizationManager (org.wso2.carbon.user.api.AuthorizationManager)3 UserAdminUserAdminException (org.wso2.carbon.user.mgt.stub.UserAdminUserAdminException)3 Field (java.lang.reflect.Field)2