Java Code Examples for org.wso2.carbon.user.api.RealmConfiguration#getUserStoreProperty()

The following examples show how to use org.wso2.carbon.user.api.RealmConfiguration#getUserStoreProperty() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SecondaryUserStoreConfigurationUtil.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
public static Map<String, String> getSecondaryUserStorePropertiesFromTenantUserRealm(String userStoreDomain)
        throws IdentityUserStoreMgtException {

    Map<String, String> secondaryUserStoreProperties = null;
    try {
        RealmConfiguration realmConfiguration = UserStoreConfigComponent.getRealmService().getTenantUserRealm(
                getTenantIdInTheCurrentContext()).getRealmConfiguration();
        while (realmConfiguration != null) {
            String domainName = realmConfiguration.getUserStoreProperty(UserCoreConstants.RealmConfig
                    .PROPERTY_DOMAIN_NAME);
            if (StringUtils.equalsIgnoreCase(domainName, userStoreDomain)) {
                secondaryUserStoreProperties = realmConfiguration.getUserStoreProperties();
                break;
            } else {
                realmConfiguration = realmConfiguration.getSecondaryRealmConfig();
            }
        }
    } catch (UserStoreException e) {
        String errorMessage = "Error while retrieving user store configurations for user store domain: "
                + userStoreDomain;
        throw new IdentityUserStoreMgtException(errorMessage, e);
    }
    return secondaryUserStoreProperties;
}
 
Example 2
Source File: JWTTokenGenerator.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
private String getMultiAttributeSeparator(String authenticatedUser, int tenantId) {
    String claimSeparator = null;
    String userDomain = IdentityUtil.extractDomainFromName(authenticatedUser);

    try {
        RealmConfiguration realmConfiguration = null;
        RealmService realmService = OAuthComponentServiceHolder.getRealmService();

        if (realmService != null && tenantId != MultitenantConstants.INVALID_TENANT_ID) {
            UserStoreManager userStoreManager = (UserStoreManager) realmService.getTenantUserRealm(tenantId)
                    .getUserStoreManager();
            realmConfiguration = userStoreManager.getSecondaryUserStoreManager(userDomain).getRealmConfiguration();
        }

        if (realmConfiguration != null) {
            claimSeparator = realmConfiguration.getUserStoreProperty(IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR);
            if (claimSeparator != null && !claimSeparator.trim().isEmpty()) {
                return claimSeparator;
            }
        }
    } catch (UserStoreException e) {
        log.error("Error occurred while getting the realm configuration, User store properties might not be " +
                  "returned", e);
    }
    return null;
}
 
Example 3
Source File: AbstractJWTGenerator.java    From carbon-apimgt with Apache License 2.0 6 votes vote down vote up
protected String getMultiAttributeSeparator(int tenantId) {
    try {
        RealmConfiguration realmConfiguration = null;
        RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();

        if (realmService != null && tenantId != MultitenantConstants.INVALID_TENANT_ID) {
            UserStoreManager userStoreManager = (UserStoreManager) realmService.getTenantUserRealm(tenantId).getUserStoreManager();


            realmConfiguration = userStoreManager.getRealmConfiguration();
        }

        if (realmConfiguration != null) {
            String claimSeparator = realmConfiguration.getUserStoreProperty(APIConstants.MULTI_ATTRIBUTE_SEPARATOR);
            if (claimSeparator != null && !claimSeparator.trim().isEmpty()) {
                return claimSeparator;
            }
        }
    } catch (UserStoreException e) {
        log.error("Error occurred while getting the realm configuration, User store properties might not be " +
                  "returned", e);
    }
    return null;
}
 
Example 4
Source File: DirectoryServerManager.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
/**
 * Gets the regular expression which defines the format of the service principle.
 * Current we use following like format,
 * ftp/localhost
 *
 * @return Service principle name format as a regular expression.
 * @throws DirectoryServerManagerException If unable to retrieve RealmConfiguration.
 */
public String getServiceNameConformanceRegularExpression() throws DirectoryServerManagerException {

    try {
        RealmConfiguration userStoreConfigurations = this.getUserRealm().getRealmConfiguration();
        if (userStoreConfigurations != null) {
            String serviceNameRegEx = userStoreConfigurations.getUserStoreProperty(
                    LDAPServerManagerConstants.SERVICE_PRINCIPLE_NAME_REGEX_PROPERTY);
            if (serviceNameRegEx == null) {
                return LDAPServerManagerConstants.DEFAULT_SERVICE_NAME_REGULAR_EXPRESSION;
            } else {
                log.info("Service name format is " + serviceNameRegEx);
                return serviceNameRegEx;
            }
        }
    } catch (UserStoreException e) {
        log.error("Unable to retrieve service name format.", e);
        throw new DirectoryServerManagerException("Unable to retrieve service name format.", e);
    }

    return LDAPServerManagerConstants.DEFAULT_SERVICE_NAME_REGULAR_EXPRESSION;
}
 
Example 5
Source File: DirectoryServerManager.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
/**
 * Gets the regular expression which defines the format of the service principle, password.
 *
 * @return Regular expression.
 * @throws DirectoryServerManagerException If unable to get RealmConfiguration.
 */
public String getPasswordConformanceRegularExpression() throws DirectoryServerManagerException {

    try {
        RealmConfiguration userStoreConfigurations = this.getUserRealm().getRealmConfiguration();
        if (userStoreConfigurations != null) {
            String passwordRegEx = userStoreConfigurations.getUserStoreProperty(
                    LDAPServerManagerConstants.SERVICE_PASSWORD_REGEX_PROPERTY);
            if (passwordRegEx == null) {
                return LDAPServerManagerConstants.DEFAULT_PASSWORD_REGULAR_EXPRESSION;
            } else {
                log.info("Service password format is " + passwordRegEx);
                return passwordRegEx;
            }
        }
    } catch (UserStoreException e) {
        log.error("Unable to retrieve service password format.", e);
        throw new DirectoryServerManagerException("Unable to retrieve service password format.", e);
    }

    return LDAPServerManagerConstants.DEFAULT_PASSWORD_REGULAR_EXPRESSION;
}
 
Example 6
Source File: UserStoreCountUtils.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
public static boolean isUserStoreEnabled(String domain) throws UserStoreCounterException {

        RealmConfiguration realmConfiguration;
        boolean isEnabled = false;
        try {
            realmConfiguration = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration();

            do {
                String userStoreDomain = realmConfiguration.
                        getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);

                if (domain.equals(userStoreDomain)) {
                    isEnabled = !Boolean.valueOf(realmConfiguration.getUserStoreProperty(UserCoreConstants.RealmConfig.
                            USER_STORE_DISABLED));
                    break;
                }
                realmConfiguration = realmConfiguration.getSecondaryRealmConfig();
            } while (realmConfiguration != null);

        } catch (UserStoreException e) {
            throw new UserStoreCounterException("Error occurred while getting Secondary Realm Configuration", e);
        }
        return isEnabled;
    }
 
Example 7
Source File: UserStoreCountUtils.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
/**
 * Create an instance of the given count retriever class
 *
 * @param domain
 * @return
 * @throws UserStoreCounterException
 */
public static UserStoreCountRetriever getCounterInstanceForDomain(String domain) throws UserStoreCounterException {
    if (StringUtils.isEmpty(domain)) {
        domain = IdentityUtil.getPrimaryDomainName();
    }

    RealmConfiguration realmConfiguration = getUserStoreList().get(domain);
    if (realmConfiguration != null && realmConfiguration.getUserStoreProperty(COUNT_RETRIEVER_CLASS) != null) {
        String retrieverType = realmConfiguration.getUserStoreProperty(COUNT_RETRIEVER_CLASS);
        UserStoreCountRetriever userStoreCountRetriever = UserStoreCountDataHolder.getInstance()
                .getCountRetrieverFactories().get(retrieverType).buildCountRetriever(realmConfiguration);
        if (userStoreCountRetriever == null) {
            throw new UserStoreCounterException(
                    "Could not create an instance of class: " + retrieverType + " for " +
                            "the domain: " + domain);
        }
        return userStoreCountRetriever;
    } else {
        return null;
    }
}
 
Example 8
Source File: JDBCUserStoreCountRetriever.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
private Connection getDBConnection(RealmConfiguration realmConfiguration) throws SQLException, UserStoreException {

        Connection dbConnection = null;
        DataSource dataSource = DatabaseUtil.createUserStoreDataSource(realmConfiguration);

        if (dataSource != null) {
            dbConnection = DatabaseUtil.getDBConnection(dataSource);
        }

        //if primary user store, DB connection can be same as realm data source.
        if (dbConnection == null && realmConfiguration.isPrimary()) {
            dbConnection = IdentityDatabaseUtil.getUserDBConnection();
        } else if (dbConnection == null) {
            throw new UserStoreException("Could not create a database connection to " +
                    realmConfiguration.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME));
        } else {
            // db connection is present
        }
        dbConnection.setAutoCommit(false);
        if (dbConnection.getTransactionIsolation() != Connection.TRANSACTION_READ_COMMITTED) {
            dbConnection.setTransactionIsolation(Connection.TRANSACTION_READ_COMMITTED);
        }
        return dbConnection;
    }
 
Example 9
Source File: DirectoryServerManager.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
/**
 * Gets the regular expression which defines the format of the service principle.
 * Current we use following like format,
 * ftp/localhost
 *
 * @return Service principle name format as a regular expression.
 * @throws DirectoryServerManagerException If unable to retrieve RealmConfiguration.
 */
public String getServiceNameConformanceRegularExpression() throws DirectoryServerManagerException {

    try {
        RealmConfiguration userStoreConfigurations = this.getUserRealm().getRealmConfiguration();
        if (userStoreConfigurations != null) {
            String serviceNameRegEx = userStoreConfigurations.getUserStoreProperty(
                    LDAPServerManagerConstants.SERVICE_PRINCIPLE_NAME_REGEX_PROPERTY);
            if (serviceNameRegEx == null) {
                return LDAPServerManagerConstants.DEFAULT_SERVICE_NAME_REGULAR_EXPRESSION;
            } else {
                log.info("Service name format is " + serviceNameRegEx);
                return serviceNameRegEx;
            }
        }
    } catch (UserStoreException e) {
        log.error("Unable to retrieve service name format.", e);
        throw new DirectoryServerManagerException("Unable to retrieve service name format.", e);
    }

    return LDAPServerManagerConstants.DEFAULT_SERVICE_NAME_REGULAR_EXPRESSION;
}
 
Example 10
Source File: UserStoreCountUtils.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
/**
 * Get the available list of user store domains
 *
 * @return
 * @throws UserStoreCounterException
 */
public static Map<String, RealmConfiguration> getUserStoreList() throws UserStoreCounterException {
    String domain;
    RealmConfiguration realmConfiguration;
    Map<String, RealmConfiguration> userStoreList = new HashMap<>();

    try {
        realmConfiguration = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration();
        domain = IdentityUtil.getPrimaryDomainName();
        userStoreList.put(domain, realmConfiguration);

        while (realmConfiguration != null) {
            realmConfiguration = realmConfiguration.getSecondaryRealmConfig();
            if (realmConfiguration != null) {
                domain = realmConfiguration
                        .getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
                userStoreList.put(domain, realmConfiguration);
            } else {
                break;
            }
        }

    } catch (UserStoreException e) {
        throw new UserStoreCounterException("Error while listing user stores for count functionality", e);
    }

    return userStoreList;
}
 
Example 11
Source File: FileBasedUserStoreDAOImpl.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
/**
 * Get a List of existing domain names.
 *
 * @return : list of domain names
 * @throws IdentityUserStoreMgtException
 */
private List<String> getDomainNames() throws IdentityUserStoreMgtException {

    List<String> domains = new ArrayList<String>();

    RealmConfiguration realmConfiguration = null;
    try {
        realmConfiguration = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration();
    } catch (UserStoreException e) {
        throw new IdentityUserStoreMgtException(" Error occurred while retrieving the realm configuration ", e);
    }

    // To add PRIMARY domain to the domains list
    String domain = realmConfiguration.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
    if (domain == null) {
        domain = UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME;
    }
    domains.add(domain);

    RealmConfiguration secondaryRealmConfiguration = realmConfiguration.getSecondaryRealmConfig();
    while (secondaryRealmConfiguration != null) {
        domains.add(secondaryRealmConfiguration.getUserStoreProperty(UserCoreConstants.
                RealmConfig.PROPERTY_DOMAIN_NAME));
        secondaryRealmConfiguration = secondaryRealmConfiguration.getSecondaryRealmConfig();
    }
    return domains;
}
 
Example 12
Source File: IdentityUtil.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
public static String getPrimaryDomainName() {
    RealmConfiguration realmConfiguration = IdentityTenantUtil.getRealmService().getBootstrapRealmConfiguration();
    if (realmConfiguration.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME) != null) {
        return realmConfiguration.getUserStoreProperty(
                UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME).toUpperCase();
    } else {
        return UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME;
    }
}
 
Example 13
Source File: DefaultClaimHandler.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
private void addMultiAttributeSperatorToRequestedClaims(AuthenticatedUser authenticatedUser,
                                                        org.wso2.carbon.user.core.UserStoreManager userStore,
                                                        Map<String, String> spRequestedClaims) {
    if (!spRequestedClaims.isEmpty()) {
        RealmConfiguration realmConfiguration = userStore.getRealmConfiguration();

        String claimSeparator = realmConfiguration.getUserStoreProperty(IdentityCoreConstants
                .MULTI_ATTRIBUTE_SEPARATOR);
        if (StringUtils.isNotBlank(claimSeparator)) {
            spRequestedClaims.put(IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR, claimSeparator);
        }
    }
}
 
Example 14
Source File: CarbonRemoteUserStoreManger.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * @param realmConfig
 * @param properties
 * @throws Exception
 */
public CarbonRemoteUserStoreManger(RealmConfiguration realmConfig, Map properties)
        throws Exception {

    ConfigurationContext configurationContext = ConfigurationContextFactory
            .createDefaultConfigurationContext();

    Map<String, TransportOutDescription> transportsOut = configurationContext
            .getAxisConfiguration().getTransportsOut();
    for (TransportOutDescription transportOutDescription : transportsOut.values()) {
        transportOutDescription.getSender().init(configurationContext, transportOutDescription);
    }

    String[] serverUrls = realmConfig.getUserStoreProperty(SERVER_URLS).split(",");

    for (int i = 0; i < serverUrls.length; i++) {
        remoteUserStore = new WSUserStoreManager(
                realmConfig.getUserStoreProperty(REMOTE_USER_NAME),
                realmConfig.getUserStoreProperty(PASSWORD), serverUrls[i],
                configurationContext);

        if (log.isDebugEnabled()) {
            log.debug("Remote Servers for User Management : " + serverUrls[i]);
        }

        remoteServers.put(serverUrls[i], remoteUserStore);
    }

    this.realmConfig = realmConfig;
    domainName = realmConfig.getUserStoreProperty(UserStoreConfigConstants.DOMAIN_NAME);
}
 
Example 15
Source File: DefaultClaimHandler.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
private void addMultiAttributeSperatorToRequestedClaims(AuthenticatedUser authenticatedUser,
                                                        org.wso2.carbon.user.core.UserStoreManager userStore,
                                                        Map<String, String> spRequestedClaims) {
    if (!spRequestedClaims.isEmpty()) {
        RealmConfiguration realmConfiguration = userStore.getRealmConfiguration();

        String claimSeparator = realmConfiguration.getUserStoreProperty(IdentityCoreConstants
                .MULTI_ATTRIBUTE_SEPARATOR);
        if (StringUtils.isNotBlank(claimSeparator)) {
            spRequestedClaims.putIfAbsent(IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR, claimSeparator);
        }
    }
}
 
Example 16
Source File: CassandraUserStoreManager.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
public CassandraUserStoreManager(RealmConfiguration realmConfig, int tenantId) throws UserStoreException {
    this.realmConfig = realmConfig;
    Util.setRealmConfig(realmConfig);
    this.tenantIdString = Integer.toString(tenantId);
    this.tenantId = tenantId;

    // Set groups read/write configuration
    if (realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.READ_GROUPS_ENABLED) != null) {
        readGroupsEnabled = Boolean.parseBoolean(realmConfig
                .getUserStoreProperty(UserCoreConstants.RealmConfig.READ_GROUPS_ENABLED));
    }

    if (realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.WRITE_GROUPS_ENABLED) != null) {
        writeGroupsEnabled = Boolean.parseBoolean(realmConfig
                .getUserStoreProperty(UserCoreConstants.RealmConfig.WRITE_GROUPS_ENABLED));
    } else {
        if (!isReadOnly()) {
            writeGroupsEnabled = true;
        }
    }
    if (writeGroupsEnabled) {
        readGroupsEnabled = true;
    }

    /*
     * Initialize user roles cache as implemented in AbstractUserStoreManager
     */
    initUserRolesCache();

    Map<String, String> credentials = new HashMap<String, String>();
    credentials.put(CFConstants.USERNAME_PROPERTY,
            realmConfig.getUserStoreProperty(CFConstants.USERNAME_XML_ATTRIB));
    credentials.put(CFConstants.PASSWORD_PROPERTY,
            realmConfig.getUserStoreProperty(CFConstants.PASSWORD_XML_ATTRIB));

    CassandraHostConfigurator hostConf = new CassandraHostConfigurator();
    hostConf.setHosts(realmConfig.getUserStoreProperty(CFConstants.HOST_XML_ATTRIB));
    hostConf.setPort(Integer.parseInt(realmConfig.getUserStoreProperty(CFConstants.PORT_XML_ATTRIB)));
    // set Cassandra specific properties
    cluster = HFactory.getOrCreateCluster(realmConfig.getUserStoreProperty(CFConstants.KEYSPACE_NAME_XML_ATTRIB),
            hostConf, credentials);
    keyspace = HFactory.createKeyspace(realmConfig.getUserStoreProperty(CFConstants.KEYSPACE_NAME_XML_ATTRIB),
            cluster);
    insertInitialData(keyspace);
}
 
Example 17
Source File: MultipleCredentialsUserProxy.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
private String[] checkRolesPermissions(String[] roles) throws UserStoreException,
        MultipleCredentialsUserAdminException {
    RealmConfiguration realmConfig = realm.getRealmConfiguration();
    if (realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_EXTERNAL_IDP) != null) {
        throw new MultipleCredentialsUserAdminException(
                "Please contact your external Identity Provider to add users");
    }

    if (roles != null) {
        String loggedInUserName = getLoggedInUser();
        Arrays.sort(roles);
        boolean isRoleHasAdminPermission = false;
        for (String role : roles) {
            isRoleHasAdminPermission =
                    realm.getAuthorizationManager()
                            .isRoleAuthorized(role, "/permission",
                                    UserMgtConstants.EXECUTE_ACTION);
            if (!isRoleHasAdminPermission) {
                isRoleHasAdminPermission =
                        realm.getAuthorizationManager()
                                .isRoleAuthorized(role,
                                        "/permission/admin",
                                        UserMgtConstants.EXECUTE_ACTION);
            }

            if (isRoleHasAdminPermission) {
                break;
            }
        }

        if ((Arrays.binarySearch(roles, realmConfig.getAdminRoleName()) > -1 || isRoleHasAdminPermission) &&
                !realmConfig.getAdminUserName().equals(loggedInUserName)) {
            log.warn("An attempt to assign user to Admin permission role by user : " +
                    loggedInUserName);
            throw new UserStoreException("Can not assign user to Admin permission role");
        }
        boolean isContained = false;
        String[] temp = new String[roles.length + 1];
        for (int i = 0; i < roles.length; i++) {
            temp[i] = roles[i];
            if (roles[i].equals(realmConfig.getEveryOneRoleName())) {
                isContained = true;
                break;
            }
        }

        if (!isContained) {
            temp[roles.length] = realmConfig.getEveryOneRoleName();
            roles = temp;
        }
    }
    return roles;
}
 
Example 18
Source File: SAMLAssertionClaimsCallback.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
private static Map<String, Object> getClaimsFromUserStore(OAuthAuthzReqMessageContext requestMsgCtx)
        throws IdentityApplicationManagementException, IdentityException, UserStoreException,
        ClaimManagementException {

    AuthenticatedUser user = requestMsgCtx.getAuthorizationReqDTO().getUser();
    String tenantDomain = requestMsgCtx.getAuthorizationReqDTO().getUser().getTenantDomain();

    UserRealm realm;
    List<String> claimURIList = new ArrayList<String>();
    Map<String, Object> mappedAppClaims = new HashMap<String, Object>();

    ApplicationManagementService applicationMgtService = OAuth2ServiceComponentHolder.getApplicationMgtService();
    String spName = applicationMgtService
            .getServiceProviderNameByClientId(requestMsgCtx.getAuthorizationReqDTO().getConsumerKey(),
                    INBOUND_AUTH2_TYPE, tenantDomain);
    ServiceProvider serviceProvider = applicationMgtService.getApplicationExcludingFileBasedSPs(spName,
            tenantDomain);
    if (serviceProvider == null) {
        return mappedAppClaims;
    }

    realm = IdentityTenantUtil.getRealm(tenantDomain, user.toString());
    if (realm == null) {
        log.warn("No valid tenant domain provider. Empty claim returned back for tenant " + tenantDomain
                + " and user " + user);
        return new HashMap<>();
    }

    Map<String, String> spToLocalClaimMappings;
    UserStoreManager userStoreManager = realm.getUserStoreManager();
    ClaimMapping[] requestedLocalClaimMap = serviceProvider.getClaimConfig().getClaimMappings();

    if (requestedLocalClaimMap != null && requestedLocalClaimMap.length > 0) {

        for (ClaimMapping mapping : requestedLocalClaimMap) {
            if (mapping.isRequested()) {
                claimURIList.add(mapping.getLocalClaim().getClaimUri());
            }
        }

        if (log.isDebugEnabled()) {
            log.debug("Requested number of local claims: " + claimURIList.size());
        }

        spToLocalClaimMappings = ClaimManagerHandler.getInstance().getMappingsMapFromOtherDialectToCarbon(
                SP_DIALECT, null, tenantDomain, false);

        Map<String, String> userClaims = null;
        try {
            userClaims = userStoreManager.getUserClaimValues(UserCoreUtil.addDomainToName(user.getUserName(),
                    user.getUserStoreDomain()), claimURIList.toArray(new String[claimURIList.size()]),null);
        } catch (UserStoreException e) {
            if (e.getMessage().contains("UserNotFound")) {
                if (log.isDebugEnabled()) {
                    log.debug("User " + user + " not found in user store");
                }
            } else {
                throw e;
            }
        }

        if (log.isDebugEnabled()) {
            log.debug("Number of user claims retrieved from user store: " + userClaims.size());
        }

        if (MapUtils.isEmpty(userClaims)) {
            return new HashMap<>();
        }

        for (Iterator<Map.Entry<String, String>> iterator = spToLocalClaimMappings.entrySet().iterator(); iterator
                .hasNext(); ) {
            Map.Entry<String, String> entry = iterator.next();
            String value = userClaims.get(entry.getValue());
            if (value != null) {
                mappedAppClaims.put(entry.getKey(), value);
                if (log.isDebugEnabled() &&
                        IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
                    log.debug("Mapped claim: key -  " + entry.getKey() + " value -" + value);
                }
            }
        }

        RealmConfiguration realmConfiguration = userStoreManager.getSecondaryUserStoreManager(user.getUserStoreDomain())
                .getRealmConfiguration();

        String claimSeparator = realmConfiguration.getUserStoreProperty(
                IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR);
        if (StringUtils.isNotBlank(claimSeparator)) {
            mappedAppClaims.put(IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR, claimSeparator);
        }
    }
    return mappedAppClaims;
}
 
Example 19
Source File: CassandraUserStoreManager.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
public CassandraUserStoreManager(RealmConfiguration realmConfig, Map<String, Object> properties,
                                 ClaimManager claimManager, ProfileConfigurationManager profileManager, UserRealm realm, Integer tenantId)
        throws UserStoreException {

    this(realmConfig, tenantId);

    if (log.isDebugEnabled()) {
        log.debug("Started " + System.currentTimeMillis());
    }
    this.claimManager = claimManager;
    this.userRealm = realm;

    dataSource = (DataSource) properties.get(UserCoreConstants.DATA_SOURCE);
    if (dataSource == null) {
        dataSource = DatabaseUtil.getRealmDataSource(realmConfig);
    }
    if (dataSource == null) {
        throw new UserStoreException("User Management Data Source is null");
    }

    doInitialSetup();
    this.persistDomain();
    if (realmConfig.isPrimary()) {
        addInitialAdminData(Boolean.parseBoolean(realmConfig.getAddAdmin()), !isInitSetupDone());
    }

    properties.put(UserCoreConstants.DATA_SOURCE, dataSource);

    if (log.isDebugEnabled()) {
        log.debug("The jdbcDataSource being used by JDBCUserStoreManager :: " + dataSource.hashCode());
    }

    if (log.isDebugEnabled()) {
        log.debug("Ended " + System.currentTimeMillis());
    }

    domain = realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
    /*
     * Initialize user roles cache as implemented in AbstractUserStoreManager
     */
    initUserRolesCache();
}
 
Example 20
Source File: MultipleCredentialsUserProxy.java    From carbon-identity-framework with Apache License 2.0 4 votes vote down vote up
private String[] checkRolesPermissions(String[] roles) throws UserStoreException,
        MultipleCredentialsUserAdminException {
    RealmConfiguration realmConfig = realm.getRealmConfiguration();
    if (realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_EXTERNAL_IDP) != null) {
        throw new MultipleCredentialsUserAdminException(
                "Please contact your external Identity Provider to add users");
    }

    if (roles != null) {
        String loggedInUserName = getLoggedInUser();
        Arrays.sort(roles);
        boolean isRoleHasAdminPermission = false;
        for (String role : roles) {
            isRoleHasAdminPermission =
                    realm.getAuthorizationManager()
                            .isRoleAuthorized(role, "/permission",
                                    UserMgtConstants.EXECUTE_ACTION);
            if (!isRoleHasAdminPermission) {
                isRoleHasAdminPermission =
                        realm.getAuthorizationManager()
                                .isRoleAuthorized(role,
                                        "/permission/admin",
                                        UserMgtConstants.EXECUTE_ACTION);
            }

            if (isRoleHasAdminPermission) {
                break;
            }
        }

        if ((Arrays.binarySearch(roles, realmConfig.getAdminRoleName()) > -1 || isRoleHasAdminPermission) &&
                !realmConfig.getAdminUserName().equals(loggedInUserName)) {
            log.warn("An attempt to assign user to Admin permission role by user : " +
                    loggedInUserName);
            throw new UserStoreException("Can not assign user to Admin permission role");
        }
        boolean isContained = false;
        String[] temp = new String[roles.length + 1];
        for (int i = 0; i < roles.length; i++) {
            temp[i] = roles[i];
            if (roles[i].equals(realmConfig.getEveryOneRoleName())) {
                isContained = true;
                break;
            }
        }

        if (!isContained) {
            temp[roles.length] = realmConfig.getEveryOneRoleName();
            roles = temp;
        }
    }
    return roles;
}