Java Code Examples for org.wso2.carbon.user.core.UserStoreException#getMessage()

The following examples show how to use org.wso2.carbon.user.core.UserStoreException#getMessage() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: UserAdmin.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
/**
 * @param roleName
 * @param realm
 * @return
 * @throws UserAdminException
 */
private boolean isAllowedRoleName(String roleName, UserRealm realm) throws UserAdminException {

    if (roleName == null) {
        return false;
    }

    int index;
    index = roleName.indexOf(CarbonConstants.DOMAIN_SEPARATOR);

    if (index > 0) {
        roleName = roleName.substring(index + 1);
    }

    try {
        return !realm.getRealmConfiguration().isReservedRoleName(roleName);
    } catch (UserStoreException e) {
        throw new UserAdminException(e.getMessage(), e);
    }
}
 
Example 2
Source File: UserAdmin.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
/**
 * @param roleName
 * @param realm
 * @return
 * @throws UserAdminException
 */
private boolean isAllowedRoleName(String roleName, UserRealm realm) throws UserAdminException {

    int index;
    index = roleName.indexOf("/");

    if (index > 0) {
        roleName = roleName.substring(index + 1);
    }

    try {
        return !realm.getRealmConfiguration().isReservedRoleName(roleName);
    } catch (UserStoreException e) {
        throw new UserAdminException(e.getMessage(), e);
    }
}
 
Example 3
Source File: UserRealmProxy.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
public void bulkImportUsers(String userStoreDomain, String fileName, InputStream inStream, String defaultPassword)
        throws UserAdminException {
    try {
        BulkImportConfig config = new BulkImportConfig(inStream, fileName);
        if (defaultPassword != null && defaultPassword.trim().length() > 0) {
            config.setDefaultPassword(defaultPassword.trim());
        }
        if (StringUtils.isNotEmpty(userStoreDomain)) {
            config.setUserStoreDomain(userStoreDomain);
        }

        UserStoreManager userStore = this.realm.getUserStoreManager();
        userStore = userStore.getSecondaryUserStoreManager(userStoreDomain);

        if (fileName.endsWith("csv")) {
            UserBulkImport csvAdder = new CSVUserBulkImport(config);
            csvAdder.addUserList(userStore);
        } else if (fileName.endsWith("xls") || fileName.endsWith("xlsx")) {
            UserBulkImport excelAdder = new ExcelUserBulkImport(config);
            excelAdder.addUserList(userStore);
        } else {
            throw new UserAdminException("Unsupported format");
        }
    } catch (UserStoreException e) {
        // previously logged so logging not needed
        throw new UserAdminException(e.getMessage(), e);
    }

}
 
Example 4
Source File: UserRealmProxy.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
public void setRoleUIPermission(String roleName, String[] rawResources)
        throws UserAdminException {
    try {
        if (((AbstractUserStoreManager) realm.getUserStoreManager()).isOthersSharedRole(roleName)) {
            throw new UserAdminException("Logged in user is not authorized to assign " +
                    "permissions to a role belong to another tenant");
        }
        if (realm.getRealmConfiguration().getAdminRoleName().equalsIgnoreCase(roleName)) {
            String msg = "UI permissions of Admin is not allowed to change";
            log.error(msg);
            throw new UserAdminException(msg);
        }

        String loggedInUserName = addPrimaryDomainIfNotExists(getLoggedInUser());
        String adminUser = addPrimaryDomainIfNotExists(realm.getRealmConfiguration().getAdminUserName());
        if (rawResources != null &&
                !adminUser.equalsIgnoreCase(loggedInUserName)) {
            Arrays.sort(rawResources);
            if (Arrays.binarySearch(rawResources, PERMISSION_ADMIN) > -1 ||
                    Arrays.binarySearch(rawResources, "/permission/protected") > -1 ||
                    Arrays.binarySearch(rawResources, PERMISSION) > -1) {
                log.warn("An attempt to Assign admin permission for role by user : " +
                        loggedInUserName);
                throw new UserStoreException("Can not assign Admin for permission role");
            }
        }

        String[] optimizedList = UserCoreUtil.optimizePermissions(rawResources);
        AuthorizationManager authMan = realm.getAuthorizationManager();
        authMan.clearRoleActionOnAllResources(roleName, UserMgtConstants.EXECUTE_ACTION);
        for (String path : optimizedList) {
            authMan.authorizeRole(roleName, path, UserMgtConstants.EXECUTE_ACTION);
        }
    } catch (UserStoreException e) {
        log.error(e.getMessage(), e);
        throw new UserAdminException(e.getMessage(), e);
    }
}
 
Example 5
Source File: UserRealmProxy.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
public void bulkImportUsers(String userStoreDomain, String fileName, InputStream inStream, String defaultPassword)
        throws UserAdminException {
    try {
        BulkImportConfig config = new BulkImportConfig(inStream, fileName);
        if (defaultPassword != null && defaultPassword.trim().length() > 0) {
            config.setDefaultPassword(defaultPassword.trim());
        }
        if (StringUtils.isNotEmpty(userStoreDomain)) {
            config.setUserStoreDomain(userStoreDomain);
        }

        UserStoreManager userStore = this.realm.getUserStoreManager();
        userStore = userStore.getSecondaryUserStoreManager(userStoreDomain);

        if (fileName.endsWith("csv")) {
            CSVUserBulkImport csvAdder = new CSVUserBulkImport(config);
            csvAdder.addUserList(userStore);
        } else if (fileName.endsWith("xls") || fileName.endsWith("xlsx")) {
            ExcelUserBulkImport excelAdder = new ExcelUserBulkImport(config);
            excelAdder.addUserList(userStore);
        } else {
            throw new UserAdminException("Unsupported format");
        }
    } catch (UserStoreException e) {
        // previously logged so logging not needed
        throw new UserAdminException(e.getMessage(), e);
    }

}
 
Example 6
Source File: UserProfileAdmin.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
public boolean isReadOnlyUserStore() throws UserProfileException {
    try {
        UserRealm realm = getUserRealm();
        if ("true".equals(realm.getRealmConfiguration().getUserStoreProperty(
                UserCoreConstants.RealmConfig.PROPERTY_READ_ONLY))) {
            return true;
        }
        return false;
    } catch (UserStoreException e) {
        log.error(e.getMessage(), e);
        throw new UserProfileException(e.getMessage(), e);
    }
}
 
Example 7
Source File: UserRealmProxy.java    From carbon-identity-framework with Apache License 2.0 4 votes vote down vote up
public void setRoleUIPermission(String roleName, String[] rawResources)
        throws UserAdminException {

    Permission[] permissions = null;
    UserStoreManager userStoreManager = null;
    try {
        if (((AbstractUserStoreManager) realm.getUserStoreManager()).isOthersSharedRole(roleName)) {
            throw new UserAdminException("Logged in user is not authorized to assign " +
                    "permissions to a role belong to another tenant");
        }
        if (realm.getRealmConfiguration().getAdminRoleName().equalsIgnoreCase(roleName)) {
            String msg = "UI permissions of Admin is not allowed to change";
            log.error(msg);
            throw new UserAdminException(msg);
        }

        String loggedInUserName = addPrimaryDomainIfNotExists(getLoggedInUser());
        String adminUser = addPrimaryDomainIfNotExists(realm.getRealmConfiguration().getAdminUserName());
        if (rawResources != null &&
                !adminUser.equalsIgnoreCase(loggedInUserName)) {
            Arrays.sort(rawResources);
            if (Arrays.binarySearch(rawResources, PERMISSION_ADMIN) > -1 ||
                    Arrays.binarySearch(rawResources, "/permission/protected") > -1 ||
                    Arrays.binarySearch(rawResources, PERMISSION) > -1) {
                log.warn("An attempt to Assign admin permission for role by user : " +
                        loggedInUserName);
                throw new UserStoreException("Can not assign Admin for permission role");
            }
        }

        String[] optimizedList = UserCoreUtil.optimizePermissions(rawResources);
        AuthorizationManager authMan = realm.getAuthorizationManager();
        authMan.clearRoleActionOnAllResources(roleName, UserMgtConstants.EXECUTE_ACTION);

        permissions = new Permission[optimizedList.length];
        for (int i = 0; i < optimizedList.length; i++) {
            authMan.authorizeRole(roleName, optimizedList[i], UserMgtConstants.EXECUTE_ACTION);
            permissions[i] = new Permission(optimizedList[i], UserMgtConstants.EXECUTE_ACTION);
        }

        userStoreManager = realm.getUserStoreManager();
        ManagementPermissionUtil.handlePostUpdatePermissionsOfRole(roleName, permissions, userStoreManager);
    } catch (UserStoreException e) {
        ManagementPermissionUtil
                .handleOnUpdatePermissionsOfRoleFailure(e.getMessage(), roleName, permissions, userStoreManager);
        log.error(e.getMessage(), e);
        throw new UserAdminException(e.getMessage(), e);
    }
}