Java Code Examples for org.wso2.carbon.user.core.util.UserCoreUtil#addDomainToName()

The following examples show how to use org.wso2.carbon.user.core.util.UserCoreUtil#addDomainToName() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: PostAuthenticatedSubjectIdentifierHandler.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
/**
 * Handle userstore domain and tenant domain with subjects identifier.
 *
 * @param sequenceConfig Relevant sequence config.
 * @param subjectValue   Subject value.
 */
private void handleUserStoreAndTenantDomain(SequenceConfig sequenceConfig, String subjectValue) {

    sequenceConfig.getAuthenticatedUser().setAuthenticatedSubjectIdentifier(subjectValue);
    /* Check whether the tenant domain should be appended to the subject identifier for this SP and if yes,
     append it. */
    if (sequenceConfig.getApplicationConfig().isUseTenantDomainInLocalSubjectIdentifier()) {
        String tenantDomain = sequenceConfig.getAuthenticatedUser().getTenantDomain();
        subjectValue = UserCoreUtil.addTenantDomainToEntry(subjectValue, tenantDomain);
        sequenceConfig.getAuthenticatedUser().setAuthenticatedSubjectIdentifier(subjectValue);
    }
    /* Check whether the user store domain should be appended to the subject identifier for this SP and
     if yes, append it. */
    if (sequenceConfig.getApplicationConfig().isUseUserstoreDomainInLocalSubjectIdentifier()) {
        String userStoreDomain = sequenceConfig.getAuthenticatedUser().getUserStoreDomain();
        subjectValue = UserCoreUtil.addDomainToName(subjectValue, userStoreDomain);
        sequenceConfig.getAuthenticatedUser().setAuthenticatedSubjectIdentifier(subjectValue);
    }
    if (log.isDebugEnabled()) {
        log.debug(
                "Authenticated User: " + sequenceConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier());
        log.debug("Authenticated User Tenant Domain: " + sequenceConfig.getAuthenticatedUser().getTenantDomain());
    }
}
 
Example 2
Source File: JsAuthenticatedUser.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
private String[] getLocalRoles() {

        if (idp == null || FrameworkConstants.LOCAL.equals(idp)) {
            RealmService realmService = FrameworkServiceDataHolder.getInstance().getRealmService();
            int usersTenantId = IdentityTenantUtil.getTenantId(getWrapped().getTenantDomain());

            try {
                String usernameWithDomain = UserCoreUtil.addDomainToName(getWrapped().getUserName(), getWrapped()
                    .getUserStoreDomain());
                UserRealm userRealm = realmService.getTenantUserRealm(usersTenantId);
                return userRealm.getUserStoreManager().getRoleListOfUser(usernameWithDomain);
            } catch (UserStoreException e) {
                LOG.error("Error when getting role list of user: " + getWrapped(), e);
            }
        }
        return ArrayUtils.EMPTY_STRING_ARRAY;
    }
 
Example 3
Source File: ProvisioningEntityBuilder.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
ProvisioningEntity buildProvisioningEntityForUserUpdate(SCIMObject provisioningObject,
    Map<org.wso2.carbon.identity.application.common.model.ClaimMapping, List<String>> outboundAttributes,
    String domainName) throws CharonException, IdentityApplicationManagementException {

    User user = (User) provisioningObject;
    //username should be included in user update SCIM request
    if (user.getUserName() != null) {
        outboundAttributes.put(org.wso2.carbon.identity.application.common.model.ClaimMapping.build(
                                       IdentityProvisioningConstants.USERNAME_CLAIM_URI, null, null, false),
                               Arrays.asList(new String[] { user.getUserName() }));
    }
    String domainAwareName = UserCoreUtil.addDomainToName(user.getUserName(), domainName);
    ProvisioningEntity provisioningEntity =
            new ProvisioningEntity(ProvisioningEntityType.USER, domainAwareName, ProvisioningOperation.PUT,
                                   outboundAttributes);
    Map<String, String> inboundAttributes =
            AttributeMapper.getClaimsMap((AbstractSCIMObject) provisioningObject);
    provisioningEntity.setInboundAttributes(inboundAttributes);
    return provisioningEntity;
}
 
Example 4
Source File: ProfileMgtEventListener.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
private String getFullQualifiedUsername(String tenantAwareUsername,
        String userStoreDomain,
        String tenantDomain) {

    String fullyQualifiedUsername = UserCoreUtil.addDomainToName(tenantAwareUsername, userStoreDomain);
    fullyQualifiedUsername = UserCoreUtil.addTenantDomainToEntry(fullyQualifiedUsername, tenantDomain);
    return fullyQualifiedUsername;
}
 
Example 5
Source File: AuthenticatedUser.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
public String getUsernameAsSubjectIdentifier(boolean useUserstoreDomainInLocalSubjectIdentifier, boolean
        useTenantDomainInLocalSubjectIdentifier) {
    String userName = this.userName;
    if (useUserstoreDomainInLocalSubjectIdentifier && userStoreDomain != null) {
        userName = UserCoreUtil.addDomainToName(userName, userStoreDomain);
    }
    if (useTenantDomainInLocalSubjectIdentifier && tenantDomain != null) {
        userName = UserCoreUtil.addTenantDomainToEntry(userName, tenantDomain);
    }
    return userName;
}
 
Example 6
Source File: UserProfileMgtDAO.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
/**
 * Get association entry for the given federated identifier.
 *
 * @param tenantId        tenant identifier
 * @param idpId           identity provider id
 * @param federatedUserId federated identity id
 * @return username of the user associated with the given federated identity id
 * @throws UserProfileException
 */
public String getUserAssociatedFor(int tenantId, String idpId, String federatedUserId) throws UserProfileException {

    String username = null;

    try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
        try (PreparedStatement prepStmt =
            connection.prepareStatement(Constants.SQLQueries.RETRIEVE_USER_ASSOCIATED)) {
            prepStmt.setInt(1, tenantId);
            prepStmt.setString(2, idpId);
            prepStmt.setInt(3, tenantId);
            prepStmt.setString(4, federatedUserId);
            try (ResultSet resultSet = prepStmt.executeQuery()) {
                if (resultSet.next()) {
                    String domainName = resultSet.getString(1);
                    username = resultSet.getString(2);
                    if (!UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME.equals(domainName)) {
                        username = UserCoreUtil.addDomainToName(username, domainName);
                    }
                    return username;
                }
            }
        } catch (SQLException e1) {
            throw new UserProfileException("Error occurred while retrieving user account associated for federated "
                    + "ID: " + federatedUserId + " of IdP: " + idpId + " for tenant: " + tenantId, e1);
        }
    } catch (SQLException e) {
        throw new UserProfileException("Error occurred while retrieving user account associated for federated " +
                "ID: " + federatedUserId + " of IdP: " + idpId + " for tenant: " + tenantId, e);
    }

    return username;
}
 
Example 7
Source File: ListenerUtils.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
/**
 * This method will append the user store domain with user/role name.
 *
 * @param entity           Entity that need to modified.
 * @param userStoreManager UserStore Manager particular user/role handled by.
 * @return UserStoreDomain/UserName or UserStoreDomain/RoleName
 */
public static String getEntityWithUserStoreDomain(String entity, UserStoreManager userStoreManager) {

    String entityWithUserStoreDomain = entity;
    if (StringUtils.isNotEmpty(entity) && userStoreManager != null) {
        String userStoreDomain = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration());
        entityWithUserStoreDomain = UserCoreUtil.addDomainToName(entity, userStoreDomain);
    }
    return entityWithUserStoreDomain;
}
 
Example 8
Source File: DeleteRoleWFRequestHandler.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
public boolean startDeleteRoleFlow(String userStoreDomain, String roleName) throws WorkflowException {

        WorkflowManagementService workflowService = IdentityWorkflowDataHolder.getInstance().getWorkflowService();

        int tenant = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        String fullyQualifiedName = UserCoreUtil.addDomainToName(roleName, userStoreDomain);
        Map<String, Object> wfParams = new HashMap<>();
        Map<String, Object> nonWfParams = new HashMap<>();
        wfParams.put(ROLENAME, roleName);
        wfParams.put(USER_STORE_DOMAIN, userStoreDomain);

        String uuid = UUID.randomUUID().toString();

        Entity roleEntity = new Entity(fullyQualifiedName, UserStoreWFConstants.ENTITY_TYPE_ROLE, tenant);
        if (workflowService.isEventAssociated(UserStoreWFConstants.DELETE_ROLE_EVENT) && !Boolean.TRUE.equals
                (getWorkFlowCompleted()) && !isValidOperation(new Entity[]{roleEntity})) {
            throw new WorkflowException("Operation is not valid.");
        }
        boolean state = startWorkFlow(wfParams, nonWfParams, uuid).getExecutorResultState().state();

        //WF_REQUEST_ENTITY_RELATIONSHIP table has foreign key to WF_REQUEST, so need to run this after WF_REQUEST is
        // updated
        if (!Boolean.TRUE.equals(getWorkFlowCompleted()) && !state) {
            //ToDo: Add thread local to handle scenarios where workflow is not associated with the event.
            try {
                workflowService.addRequestEntityRelationships(uuid, new Entity[]{roleEntity});

            } catch (InternalWorkflowException e) {
                //debug exception which occurs at DB level since no workflows associated with event
                if (log.isDebugEnabled()) {
                    log.debug("No workflow associated with the operation.", e);
                }
            }
        }

        return state;
    }
 
Example 9
Source File: UserIdentityManagementUtil.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
/**
 * Enable the user account
 *
 * @param userName
 * @param userStoreManager
 * @throws IdentityException
 */
public static void enableUserAccount(String userName, UserStoreManager userStoreManager)
        throws IdentityException {

    if (!isIdentityMgtListenerEnable()) {
        throw IdentityException.error("Cannot enable account, IdentityMgtEventListener is not enabled.");
    }

    String domainName = ((org.wso2.carbon.user.core.UserStoreManager) userStoreManager).getRealmConfiguration().
            getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
    userName = UserCoreUtil.addDomainToName(userName, domainName);

    try {
        if (!userStoreManager.isExistingUser(userName)) {
            log.error("User " + userName + " does not exist in tenant " + userStoreManager.getTenantId());
            throw IdentityException.error("No user account found for user " + userName + "to enable");
        }
    } catch (UserStoreException e) {
        log.error("Error while reading user identity data", e);
        throw IdentityException.error("Error while enabling user account " + userName);

    }

    UserIdentityDataStore store = IdentityMgtConfig.getInstance().getIdentityDataStore();
    UserIdentityClaimsDO userIdentityDO = store.load(UserCoreUtil.removeDomainFromName(userName), userStoreManager);
    if (userIdentityDO != null) {
        userIdentityDO.setAccountDisabled(false);
        store.store(userIdentityDO, userStoreManager);
    } else {
        throw IdentityException.error("No user account found for user " + userName);
    }

}
 
Example 10
Source File: OutboundProvisioningManager.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
private ProvisioningEntity getInboundProvisioningEntity(ProvisioningEntity provisioningEntity,
                                                        String tenantDomain, ProvisioningOperation operation,
                                                        String userName) throws CarbonException,
                                                                                UserStoreException {
    Map<ClaimMapping, List<String>> outboundAttributes = new HashMap<>();

    if (userName != null) {
        outboundAttributes.put(ClaimMapping.build(
                IdentityProvisioningConstants.USERNAME_CLAIM_URI, null, null, false),
                               Arrays.asList(new String[]{userName}));
    }
    List<String> roleListOfUser = getUserRoles(userName, tenantDomain);
    if (roleListOfUser != null) {
        outboundAttributes.put(ClaimMapping.build(
                IdentityProvisioningConstants.GROUP_CLAIM_URI, null, null, false), roleListOfUser);
    }

    String domainAwareName = userName;

    String domainName = getDomainFromName(provisioningEntity.getEntityName());
    if (domainName != null && !domainName.equals(UserCoreConstants.INTERNAL_DOMAIN)) {
        if (log.isDebugEnabled()) {
            log.debug("Adding domain name : " + domainName + " to user : " + userName);
        }
        domainAwareName = UserCoreUtil.addDomainToName(userName, domainName);
    }
    ProvisioningEntity inboundProvisioningEntity = new ProvisioningEntity(
            ProvisioningEntityType.USER, domainAwareName, operation, outboundAttributes);
    inboundProvisioningEntity.setInboundAttributes(getUserClaims(userName, tenantDomain));
    return inboundProvisioningEntity;
}
 
Example 11
Source File: JDBCIdentityDataStore.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
@Override
public void remove(String userName, UserStoreManager userStoreManager) throws IdentityException {

    super.remove(userName, userStoreManager);
    String domainName = ((org.wso2.carbon.user.core.UserStoreManager) userStoreManager).
            getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
    userName = UserCoreUtil.addDomainToName(userName, domainName);
    Connection connection = IdentityDatabaseUtil.getDBConnection();
    PreparedStatement prepStmt = null;
    try {
        int tenantId = userStoreManager.getTenantId();
        boolean isUsernameCaseSensitive = IdentityUtil.isUserStoreInUsernameCaseSensitive(userName, tenantId);
        String query;
        if (isUsernameCaseSensitive) {
            query = SQLQuery.DELETE_USER_DATA;
        } else {
            query = SQLQuery.DELETE_USER_DATA_CASE_INSENSITIVE;
        }
        prepStmt = connection.prepareStatement(query);
        prepStmt.setInt(1, tenantId);
        prepStmt.setString(2, userName);
        prepStmt.execute();
        IdentityDatabaseUtil.commitTransaction(connection);
    } catch (SQLException | UserStoreException e) {
        IdentityDatabaseUtil.rollbackTransaction(connection);
        throw IdentityException.error("Error while reading user identity data", e);
    } finally {
        IdentityDatabaseUtil.closeStatement(prepStmt);
        IdentityDatabaseUtil.closeConnection(connection);
    }
}
 
Example 12
Source File: User.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
@Override
public String toString() {
    String username = null;
    if (StringUtils.isNotBlank(this.userName)) {
        username = this.userName;
    }
    if (StringUtils.isNotBlank(this.userStoreDomain)) {
        username = UserCoreUtil.addDomainToName(username, userStoreDomain);
    }
    if (StringUtils.isNotBlank(this.tenantDomain)) {
        username = UserCoreUtil.addTenantDomainToEntry(username, tenantDomain);
    }
    return username;
}
 
Example 13
Source File: DefaultProvisioningHandler.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
protected void associateUser(String username, String userStoreDomain, String tenantDomain, String subject,
                             String idp) throws FrameworkException {

    String usernameWithUserstoreDomain = UserCoreUtil.addDomainToName(username, userStoreDomain);
    try {
        // start tenant flow
        FrameworkUtils.startTenantFlow(tenantDomain);
        PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(usernameWithUserstoreDomain);

        if (!StringUtils.isEmpty(idp) && !StringUtils.isEmpty(subject)) {
            FederatedAssociationManager federatedAssociationManager = FrameworkUtils
                    .getFederatedAssociationManager();
            User user = getAssociatedUser(tenantDomain, userStoreDomain, username);
            federatedAssociationManager.createFederatedAssociation(user, idp, subject);

            if (log.isDebugEnabled()) {
                log.debug("Associated local user: " + usernameWithUserstoreDomain + " in tenant: " +
                        tenantDomain + " to the federated subject : " + subject + " in IdP: " + idp);
            }
        } else {
            throw new FrameworkException("Error while associating local user: " + usernameWithUserstoreDomain +
                    " in tenant: " + tenantDomain + " to the federated subject : " + subject + " in IdP: " + idp);
        }
    } catch (FederatedAssociationManagerException e) {
        if (isUserAlreadyAssociated(e)) {
            log.info("An association already exists for user: " + subject + ". Skip association while JIT " +
                    "provisioning");
        } else {
            throw new FrameworkException("Error while associating local user: " + usernameWithUserstoreDomain +
                    " in tenant: " + tenantDomain + " to the federated subject : " + subject + " in IdP: " + idp, e);
        }
    } finally {
        // end tenant flow
        FrameworkUtils.endTenantFlow();
    }
}
 
Example 14
Source File: SSOConsentServiceImpl.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
private String buildSubjectWithUserStoreDomain(AuthenticatedUser authenticatedUser) {

        String userStoreDomain;
        if (authenticatedUser.isFederatedUser()) {
            userStoreDomain = getFederatedUserDomain(authenticatedUser.getFederatedIdPName());
        } else {
            userStoreDomain = authenticatedUser.getUserStoreDomain();
        }

        return UserCoreUtil.addDomainToName(authenticatedUser.getUserName(), userStoreDomain);
    }
 
Example 15
Source File: CassandraUserStoreManager.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
/**
 * Lists the users in the user store.
 */
@Override
protected String[] doListUsers(String filter, int maxItemLimit) throws UserStoreException {

    List<String> users = new ArrayList<String>();
    int arrayLength = 0;

    if (maxItemLimit == 0) {
        return new String[0];
    }

    int givenMax = UserCoreConstants.MAX_USER_ROLE_LIST;

    try {
        givenMax = Integer.parseInt(realmConfig
                .getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_MAX_USER_LIST));
    } catch (Exception e) {
        givenMax = UserCoreConstants.MAX_USER_ROLE_LIST;

        if (log.isDebugEnabled()) {
            log.debug("Realm configuration maximum not set : Using User Core Constant value instead!", e);
        }
    }

    if (maxItemLimit < 0 || maxItemLimit > givenMax) {
        maxItemLimit = givenMax;
    }

    RangeSlicesQuery<String, String, String> rangeSliceQuery = HFactory.createRangeSlicesQuery(keyspace,
            stringSerializer, stringSerializer, stringSerializer);

    rangeSliceQuery.setColumnFamily(CFConstants.UM_USER);
    rangeSliceQuery.setRange(filter, null, false, Integer.MAX_VALUE);
    rangeSliceQuery.addEqualsExpression(CFConstants.UM_TENANT_ID, tenantIdString);

    // TODO - Need to check how to use the filter for range
    rangeSliceQuery.setKeys("", "");
    rangeSliceQuery.setRowCount(maxItemLimit);
    QueryResult<OrderedRows<String, String, String>> result = rangeSliceQuery.execute();
    if (result != null) {
        OrderedRows<String, String, String> rows = result.get();
        if (rows.getCount() <= 0) {
            // reformatted to avoid nesting too many blocks
            return users.toArray(new String[arrayLength]);

        }
        arrayLength = rows.getCount();

        Iterator<Row<String, String, String>> rowsIterator = rows.iterator();

        while (rowsIterator.hasNext()) {
            Row<String, String, String> row = rowsIterator.next();
            if (row.getColumnSlice().getColumnByName(CFConstants.UM_USER_ID).getValue() != null) {
                String name = row.getColumnSlice().getColumnByName(CFConstants.UM_USER_NAME).getValue();
                // append the domain if exist
                name = UserCoreUtil.addDomainToName(name, domain);
                users.add(name);
            }
        }

    }
    return users.toArray(new String[arrayLength]);

}
 
Example 16
Source File: DefaultInboundUserProvisioningListener.java    From carbon-identity-framework with Apache License 2.0 4 votes vote down vote up
@Override
public boolean doPreDeleteUserClaimValue(String userName, String attributeToDelete, String profileName,
                                         UserStoreManager userStoreManager) throws UserStoreException {
    if (!isEnable()) {
        return true;
    }
    Map<ClaimMapping, List<String>> outboundAttributes = new HashMap<>();

    if (userName != null) {
        outboundAttributes.put(ClaimMapping.build(
                        IdentityProvisioningConstants.USERNAME_CLAIM_URI, null, null, false),
                Arrays.asList(new String[]{userName}));
    }

    String domainName = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration());
    if (log.isDebugEnabled()) {
        log.debug("Adding domain name : " + domainName + " to user : " + userName);
    }
    String domainAwareName = UserCoreUtil.addDomainToName(userName, domainName);

    ProvisioningEntity provisioningEntity = new ProvisioningEntity(
            ProvisioningEntityType.USER, domainAwareName, ProvisioningOperation.PATCH,
            outboundAttributes);

    Map<String, String> inboundAttributes = new HashMap<>();
    inboundAttributes.put(attributeToDelete, "");

    // set the in-bound attribute list.
    provisioningEntity.setInboundAttributes(inboundAttributes);

    String tenantDomainName = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();

    ThreadLocalProvisioningServiceProvider threadLocalServiceProvider;
    threadLocalServiceProvider = IdentityApplicationManagementUtil
            .getThreadLocalProvisioningServiceProvider();

    if (threadLocalServiceProvider != null) {

        String serviceProvider = threadLocalServiceProvider.getServiceProviderName();
        tenantDomainName = threadLocalServiceProvider.getTenantDomain();
        if (threadLocalServiceProvider.getServiceProviderType() == ProvisioningServiceProviderType.OAUTH) {
            try {
                serviceProvider = ApplicationManagementService.getInstance()
                        .getServiceProviderNameByClientId(
                                threadLocalServiceProvider.getServiceProviderName(),
                                IdentityApplicationConstants.OAuth2.NAME, tenantDomainName);
            } catch (IdentityApplicationManagementException e) {
                log.error("Error while provisioning", e);
                return true;
            }
        }

        // call framework method to provision the user.
        OutboundProvisioningManager.getInstance().provision(provisioningEntity,
                serviceProvider, threadLocalServiceProvider.getClaimDialect(),
                tenantDomainName, threadLocalServiceProvider.isJustInTimeProvisioning());
    } else {
        // call framework method to provision the user.
        OutboundProvisioningManager.getInstance()
                .provision(provisioningEntity, ApplicationConstants.LOCAL_SP,
                        IdentityProvisioningConstants.WSO2_CARBON_DIALECT, tenantDomainName, false);
    }

    return true;
}
 
Example 17
Source File: DefaultInboundUserProvisioningListener.java    From carbon-identity-framework with Apache License 2.0 4 votes vote down vote up
@Override
public boolean doPreDeleteUser(String userName, UserStoreManager userStoreManager)
        throws UserStoreException {
    if (!isEnable()) {
        return true;
    }

    Map<ClaimMapping, List<String>> outboundAttributes = new HashMap<>();

    outboundAttributes.put(ClaimMapping.build(
            IdentityProvisioningConstants.USERNAME_CLAIM_URI, null, null, false), Arrays
            .asList(new String[]{userName}));

    String domainName = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration());
    if (log.isDebugEnabled()) {
        log.debug("Adding domain name : " + domainName + " to user : " + userName);
    }
    String domainAwareName = UserCoreUtil.addDomainToName(userName, domainName);

    ProvisioningEntity provisioningEntity = new ProvisioningEntity(
            ProvisioningEntityType.USER, domainAwareName, ProvisioningOperation.DELETE,
            outboundAttributes);

    String tenantDomainName = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();

    ThreadLocalProvisioningServiceProvider threadLocalServiceProvider;
    threadLocalServiceProvider = IdentityApplicationManagementUtil
            .getThreadLocalProvisioningServiceProvider();

    if (threadLocalServiceProvider != null) {
        String serviceProvider = threadLocalServiceProvider.getServiceProviderName();
        tenantDomainName = threadLocalServiceProvider.getTenantDomain();
        if (threadLocalServiceProvider.getServiceProviderType() == ProvisioningServiceProviderType.OAUTH) {
            try {
                serviceProvider = ApplicationManagementService.getInstance()
                        .getServiceProviderNameByClientId(
                                threadLocalServiceProvider.getServiceProviderName(),
                                IdentityApplicationConstants.OAuth2.NAME, tenantDomainName);
            } catch (IdentityApplicationManagementException e) {
                log.error("Error while provisioning", e);
                return true;
            }
        }

        // call framework method to provision the user.
        OutboundProvisioningManager.getInstance().provision(provisioningEntity,
                serviceProvider, threadLocalServiceProvider.getClaimDialect(),
                tenantDomainName, threadLocalServiceProvider.isJustInTimeProvisioning());
    } else {
        OutboundProvisioningManager.getInstance()
                .provision(provisioningEntity, ApplicationConstants.LOCAL_SP,
                        IdentityProvisioningConstants.WSO2_CARBON_DIALECT, tenantDomainName, false);
    }

    return true;
}
 
Example 18
Source File: DefaultInboundUserProvisioningListener.java    From carbon-identity-framework with Apache License 2.0 4 votes vote down vote up
@Override
public boolean doPostUpdateUserListOfRole(String roleName, String[] deletedUsers,
                                          String[] newUsers, UserStoreManager userStoreManager) throws UserStoreException {

    if (!isEnable()) {
        return true;
    }

    String[] userList = userStoreManager.getUserListOfRole(roleName);

    Map<ClaimMapping, List<String>> outboundAttributes = new HashMap<>();

    outboundAttributes.put(ClaimMapping.build(
            IdentityProvisioningConstants.GROUP_CLAIM_URI, null, null, false), Arrays
            .asList(new String[]{roleName}));

    outboundAttributes.put(ClaimMapping.build(IdentityProvisioningConstants.USERNAME_CLAIM_URI,
            null, null, false), Arrays.asList(userList));

    outboundAttributes.put(ClaimMapping.build(
            IdentityProvisioningConstants.NEW_USER_CLAIM_URI, null, null, false), Arrays
            .asList(newUsers));

    outboundAttributes.put(ClaimMapping.build(
                    IdentityProvisioningConstants.DELETED_USER_CLAIM_URI, null, null, false),
            Arrays.asList(deletedUsers));

    String domainName = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration());
    if (log.isDebugEnabled()) {
        log.debug("Adding domain name : " + domainName + " to role : " + roleName);
    }
    String domainAwareName = UserCoreUtil.addDomainToName(roleName, domainName);

    ProvisioningEntity provisioningEntity = new ProvisioningEntity(
            ProvisioningEntityType.GROUP, domainAwareName, ProvisioningOperation.PUT,
            outboundAttributes);

    String tenantDomainName = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();

    ThreadLocalProvisioningServiceProvider threadLocalServiceProvider;
    threadLocalServiceProvider = IdentityApplicationManagementUtil
            .getThreadLocalProvisioningServiceProvider();

    if (threadLocalServiceProvider != null) {
        String serviceProvider = threadLocalServiceProvider.getServiceProviderName();
        tenantDomainName = threadLocalServiceProvider.getTenantDomain();
        if (threadLocalServiceProvider.getServiceProviderType() == ProvisioningServiceProviderType.OAUTH) {
            try {
                serviceProvider = ApplicationManagementService.getInstance()
                        .getServiceProviderNameByClientId(
                                threadLocalServiceProvider.getServiceProviderName(),
                                IdentityApplicationConstants.OAuth2.NAME, tenantDomainName);
            } catch (IdentityApplicationManagementException e) {
                log.error("Error while provisioning", e);
                return true;
            }
        }

        // call framework method to provision the user.
        OutboundProvisioningManager.getInstance().provision(provisioningEntity,
                serviceProvider, threadLocalServiceProvider.getClaimDialect(),
                tenantDomainName, threadLocalServiceProvider.isJustInTimeProvisioning());
    } else {
        // call framework method to provision the group.
        OutboundProvisioningManager.getInstance()
                .provision(provisioningEntity, ApplicationConstants.LOCAL_SP,
                        IdentityProvisioningConstants.WSO2_CARBON_DIALECT, tenantDomainName, false);
    }

    return true;
}
 
Example 19
Source File: DefaultInboundUserProvisioningListener.java    From carbon-identity-framework with Apache License 2.0 4 votes vote down vote up
@Override
public boolean doPreAddRole(String roleName, String[] userList, Permission[] permissions,
                            UserStoreManager userStoreManager) throws UserStoreException {

    if (!isEnable()) {
        return true;
    }
    Map<ClaimMapping, List<String>> outboundAttributes = new HashMap<>();

    if (roleName != null) {
        outboundAttributes.put(ClaimMapping.build(
                IdentityProvisioningConstants.GROUP_CLAIM_URI, null, null, false), Arrays
                .asList(new String[]{roleName}));
    }

    if (userList != null && userList.length > 0) {
        outboundAttributes.put(ClaimMapping.build(
                IdentityProvisioningConstants.USERNAME_CLAIM_URI, null, null, false), Arrays
                .asList(userList));
    }

    String domainName = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration());
    if (log.isDebugEnabled()) {
        log.debug("Adding domain name : " + domainName + " to user : " + roleName);
    }
    String domainAwareName = UserCoreUtil.addDomainToName(roleName, domainName);

    ProvisioningEntity provisioningEntity = new ProvisioningEntity(
            ProvisioningEntityType.GROUP, domainAwareName, ProvisioningOperation.POST,
            outboundAttributes);

    String tenantDomainName = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();

    ThreadLocalProvisioningServiceProvider threadLocalServiceProvider;
    threadLocalServiceProvider = IdentityApplicationManagementUtil
            .getThreadLocalProvisioningServiceProvider();

    if (threadLocalServiceProvider != null) {
        String serviceProvider = threadLocalServiceProvider.getServiceProviderName();
        tenantDomainName = threadLocalServiceProvider.getTenantDomain();
        if (threadLocalServiceProvider.getServiceProviderType() == ProvisioningServiceProviderType.OAUTH) {
            try {
                serviceProvider = ApplicationManagementService.getInstance()
                        .getServiceProviderNameByClientId(
                                threadLocalServiceProvider.getServiceProviderName(),
                                IdentityApplicationConstants.OAuth2.NAME, tenantDomainName);
            } catch (IdentityApplicationManagementException e) {
                log.error("Error while provisioning", e);
                return true;
            }
        }

        // call framework method to provision the user.
        OutboundProvisioningManager.getInstance().provision(provisioningEntity,
                serviceProvider, threadLocalServiceProvider.getClaimDialect(),
                tenantDomainName, threadLocalServiceProvider.isJustInTimeProvisioning());
    } else {
        // call framework method to provision the group.
        OutboundProvisioningManager.getInstance()
                .provision(provisioningEntity, ApplicationConstants.LOCAL_SP,
                        IdentityProvisioningConstants.WSO2_CARBON_DIALECT, tenantDomainName, false);
    }

    return true;
}
 
Example 20
Source File: SetMultipleClaimsWFRequestHandler.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
public boolean startSetMultipleClaimsWorkflow(String userStoreDomain, String userName, Map<String, String>
        claims, String profileName) throws WorkflowException {

    WorkflowManagementService workflowService = IdentityWorkflowDataHolder.getInstance().getWorkflowService();

    if (claims == null) {
        claims = new HashMap<>();
    }

    int tenant = CarbonContext.getThreadLocalCarbonContext().getTenantId();
    String fullyQualifiedName = UserCoreUtil.addDomainToName(userName, userStoreDomain);

    Map<String, Object> wfParams = new HashMap<>();
    Map<String, Object> nonWfParams = new HashMap<>();
    wfParams.put(USERNAME, userName);
    wfParams.put(USER_STORE_DOMAIN, userStoreDomain);
    wfParams.put(CLAIMS, claims);
    wfParams.put(PROFILE_NAME, profileName);
    String uuid = UUID.randomUUID().toString();
    Entity[] entities = new Entity[claims.size() + 1];
    entities[0] = new Entity(fullyQualifiedName, UserStoreWFConstants.ENTITY_TYPE_USER, tenant);
    int i = 1;
    for (String key : claims.keySet()) {
        entities[i] = new Entity(key, UserStoreWFConstants.ENTITY_TYPE_CLAIM, tenant);
        i++;
    }
    if (workflowService.isEventAssociated(UserStoreWFConstants.SET_MULTIPLE_USER_CLAIMS_EVENT) &&
            !Boolean.TRUE.equals(getWorkFlowCompleted()) && !isValidOperation(entities)) {
        throw new WorkflowException("Operation is not valid.");
    }
    boolean state = startWorkFlow(wfParams, nonWfParams, uuid).getExecutorResultState().state();

    //WF_REQUEST_ENTITY_RELATIONSHIP table has foreign key to WF_REQUEST, so need to run this after WF_REQUEST is
    // updated
    if (!Boolean.TRUE.equals(getWorkFlowCompleted()) && !state) {

        try {
            workflowService.addRequestEntityRelationships(uuid, entities);
        } catch (InternalWorkflowException e) {
            //debug exception which occurs at DB level since no workflows associated with event
            if (log.isDebugEnabled()) {
                log.debug("No workflow associated with the operation.", e);
            }
        }
    }
    return state;
}