Java Code Examples for org.wso2.carbon.user.core.util.UserCoreUtil#getDomainFromThreadLocal()
The following examples show how to use
org.wso2.carbon.user.core.util.UserCoreUtil#getDomainFromThreadLocal() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: FrameworkUtils.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
public static String prependUserStoreDomainToName(String authenticatedSubject) {
if (authenticatedSubject == null || authenticatedSubject.trim().isEmpty()) {
throw new IllegalArgumentException("Invalid argument. authenticatedSubject : "
+ authenticatedSubject);
}
if (!authenticatedSubject.contains(CarbonConstants.DOMAIN_SEPARATOR)) {
if (UserCoreUtil.getDomainFromThreadLocal() != null
&& !UserCoreUtil.getDomainFromThreadLocal().isEmpty()) {
authenticatedSubject = UserCoreUtil.getDomainFromThreadLocal()
+ CarbonConstants.DOMAIN_SEPARATOR + authenticatedSubject;
}
} else if (authenticatedSubject.indexOf(CarbonConstants.DOMAIN_SEPARATOR) == 0) {
throw new IllegalArgumentException("Invalid argument. authenticatedSubject : "
+ authenticatedSubject + " begins with \'" + CarbonConstants.DOMAIN_SEPARATOR
+ "\'");
}
return authenticatedSubject;
}
Example 2
| Source File: FrameworkUtils.java From carbon-identity with Apache License 2.0 | 6 votes |
|
public static String prependUserStoreDomainToName(String authenticatedSubject) {
if (authenticatedSubject == null || authenticatedSubject.trim().isEmpty()) {
throw new IllegalArgumentException("Invalid argument. authenticatedSubject : "
+ authenticatedSubject);
}
if (!authenticatedSubject.contains(CarbonConstants.DOMAIN_SEPARATOR)) {
if (UserCoreUtil.getDomainFromThreadLocal() != null
&& !UserCoreUtil.getDomainFromThreadLocal().isEmpty()) {
authenticatedSubject = UserCoreUtil.getDomainFromThreadLocal()
+ CarbonConstants.DOMAIN_SEPARATOR + authenticatedSubject;
}
} else if (authenticatedSubject.indexOf(CarbonConstants.DOMAIN_SEPARATOR) == 0) {
throw new IllegalArgumentException("Invalid argument. authenticatedSubject : "
+ authenticatedSubject + " begins with \'" + CarbonConstants.DOMAIN_SEPARATOR
+ "\'");
}
return authenticatedSubject;
}
Example 3
| Source File: AbstractApplicationAuthenticator.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
protected String getUserStoreAppendedName(String userName) {
if (!userName.contains(CarbonConstants.DOMAIN_SEPARATOR) && UserCoreUtil.getDomainFromThreadLocal() != null
&& !"".equals(UserCoreUtil.getDomainFromThreadLocal())) {
userName = UserCoreUtil.getDomainFromThreadLocal() + CarbonConstants.DOMAIN_SEPARATOR + userName;
}
return userName;
}
Example 4
| Source File: AuthenticatedUser.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* Returns an AuthenticatedUser instance populated from the given subject identifier string.
* It is assumed that this user is authenticated from a local authenticator thus extract user
* store domain and tenant domain from the given string.
*
* @param authenticatedSubjectIdentifier a string in
* <userstore_domain>/<username>@<tenant_domain> format
* @return populated AuthenticatedUser instance
*/
public static AuthenticatedUser createLocalAuthenticatedUserFromSubjectIdentifier(
String authenticatedSubjectIdentifier) {
if (authenticatedSubjectIdentifier == null || authenticatedSubjectIdentifier.trim().isEmpty()) {
throw new IllegalArgumentException(
"Failed to create Local Authenticated User from the given subject identifier." +
" Invalid argument. authenticatedSubjectIdentifier : " + authenticatedSubjectIdentifier);
}
AuthenticatedUser authenticatedUser = new AuthenticatedUser();
if (authenticatedSubjectIdentifier.indexOf(CarbonConstants.DOMAIN_SEPARATOR) > 0) {
if (UserCoreUtil.getDomainFromThreadLocal() != null && !UserCoreUtil.getDomainFromThreadLocal().isEmpty()) {
String[] subjectIdentifierSplits =
authenticatedSubjectIdentifier.split(CarbonConstants.DOMAIN_SEPARATOR, 2);
authenticatedUser.setUserStoreDomain(subjectIdentifierSplits[0]);
authenticatedUser.setUserName(MultitenantUtils.getTenantAwareUsername(subjectIdentifierSplits[1]));
} else {
authenticatedUser.setUserName(MultitenantUtils.getTenantAwareUsername(authenticatedSubjectIdentifier));
}
} else {
authenticatedUser.setUserName(MultitenantUtils.getTenantAwareUsername(authenticatedSubjectIdentifier));
}
authenticatedUser.setTenantDomain(MultitenantUtils.getTenantDomain(authenticatedSubjectIdentifier));
authenticatedUser.setAuthenticatedSubjectIdentifier(authenticatedSubjectIdentifier);
return authenticatedUser;
}
Example 5
| Source File: AbstractApplicationAuthenticator.java From carbon-identity with Apache License 2.0 | 5 votes |
|
protected String getUserStoreAppendedName(String userName) {
if (!userName.contains(CarbonConstants.DOMAIN_SEPARATOR) && UserCoreUtil.getDomainFromThreadLocal() != null
&& !"".equals(UserCoreUtil.getDomainFromThreadLocal())) {
userName = UserCoreUtil.getDomainFromThreadLocal() + CarbonConstants.DOMAIN_SEPARATOR + userName;
}
return userName;
}
Example 6
| Source File: AccessTokenGrantHandler.java From carbon-device-mgt with Apache License 2.0 | 4 votes |
|
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
if (!super.validateGrant(tokReqMsgCtx)) {
return false;
} else {
OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();
String username = null;
String userTenantDomain = null;
String clientId = oAuth2AccessTokenReqDTO.getClientId();
String spTenantDomain = null;
OAuthValidationResponse response;
ServiceProvider serviceProvider;
boolean authStatus = false;
String accessToken = null;
RequestParameter[] parameters = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
for (RequestParameter parameter : parameters) {
if (TOKEN_GRANT_PARAM.equals(parameter.getKey())) {
if (parameter.getValue() != null && parameter.getValue().length > 0) {
accessToken = parameter.getValue()[0];
}
}
}
if (accessToken != null && !accessToken.isEmpty()) {
try {
response = tokenValidator.validateToken(accessToken);
} catch (RemoteException e) {
log.error("Failed to validate the OAuth token provided.", e);
return false;
}
if (response != null && response.isValid()) {
authStatus = true;
username = response.getUserName() + "@" + response.getTenantDomain();
userTenantDomain = MultitenantUtils.getTenantDomain(username);
spTenantDomain = response.getTenantDomain();
} else if (response != null && !response.isValid()) {
throw new IdentityOAuth2Exception("Authentication failed for the provided access token");
}
}
try {
serviceProvider = OAuth2ServiceComponentHolder.getApplicationMgtService()
.getServiceProviderByClientId(clientId, "oauth2", spTenantDomain);
} catch (IdentityApplicationManagementException var15) {
throw new IdentityOAuth2Exception("Error occurred while retrieving OAuth2 application data for client id "
+ clientId, var15);
}
if (!serviceProvider.isSaasApp() && !userTenantDomain.equals(spTenantDomain)) {
if (log.isDebugEnabled()) {
log.debug("Non-SaaS service provider tenant domain is not same as user tenant domain; "
+ spTenantDomain + " != " + userTenantDomain);
}
return false;
} else {
String tenantAwareUserName = MultitenantUtils.getTenantAwareUsername(username);
username = tenantAwareUserName + "@" + userTenantDomain;
if (authStatus) {
if (!username.contains("/") && StringUtils.isNotBlank(UserCoreUtil.getDomainFromThreadLocal())) {
username = UserCoreUtil.getDomainFromThreadLocal() + "/" + username;
}
AuthenticatedUser user = OAuth2Util.getUserFromUserName(username);
user.setAuthenticatedSubjectIdentifier(user.toString());
tokReqMsgCtx.setAuthorizedUser(user);
tokReqMsgCtx.setScope(oAuth2AccessTokenReqDTO.getScope());
return authStatus;
} else {
throw new IdentityOAuth2Exception("Authentication failed for " + username);
}
}
}
}
Example 7
| Source File: ServicePasswordCallbackHandler.java From carbon-identity with Apache License 2.0 | 4 votes |
|
public boolean authenticateUser(String user, String password) throws Exception {
boolean isAuthenticated = false;
boolean isAuthorized = false;
// verify whether user is in same tenant that service has been deployed.
if (realm.getUserStoreManager().getTenantId() !=
SecurityServiceHolder.getRealmService().getTenantManager().getTenantId(MultitenantUtils.getTenantDomain(user))) {
if (log.isDebugEnabled()) {
log.debug("User : " + user + " trying access service which is deployed in different tenant domain");
}
return false;
}
String tenantAwareUserName = MultitenantUtils.getTenantAwareUsername(user);
try {
isAuthenticated = realm.getUserStoreManager().authenticate(
tenantAwareUserName, password);
if (isAuthenticated) {
int index = tenantAwareUserName.indexOf("/");
if (index < 0) {
String domain = UserCoreUtil.getDomainFromThreadLocal();
if (domain != null) {
tenantAwareUserName = domain + "/" + tenantAwareUserName;
}
}
isAuthorized = realm.getAuthorizationManager()
.isUserAuthorized(tenantAwareUserName,
serviceGroupId + "/" + serviceId,
UserCoreConstants.INVOKE_SERVICE_PERMISSION);
}
return isAuthorized;
} catch (Exception e) {
log.error("Error in authenticating user.", e);
throw e;
}
}
