private boolean isExistingUser(String domainQualifiedUsername, String tenantDomain, UserStoreManager userStoreManager) throws UsernameUpdateServerException { try { return userStoreManager.isExistingUser(domainQualifiedUsername); } catch (UserStoreException e) { throw new UsernameUpdateServerException("Error while validating if user: " + domainQualifiedUsername + " " + "exists in tenant: " + tenantDomain, e); } }
private String getClaimValue(String username, UserStoreManager userStoreManager, String claimURI) throws AccountLockServiceException { try { Map<String, String> values = userStoreManager.getUserClaimValues(username, new String[]{claimURI}, UserCoreConstants.DEFAULT_PROFILE); return values.get(claimURI); } catch (UserStoreException e) { throw new AccountLockServiceException("Error occurred while retrieving claim: " + claimURI, e); } }
userName = CarbonConstants.REGISTRY_ANONNYMOUS_USERNAME; String[] userRoles = realm.getUserStoreManager().getRoleListOfUser(userName); StringBuilder rolesQuery = new StringBuilder(); for (String userRole : userRoles) {
/** * Locks the user account. * * @param userName * @param userStoreManager * @throws IdentityException */ public static void lockUserAccount(String userName, UserStoreManager userStoreManager) throws IdentityException { if (!isIdentityMgtListenerEnable()) { throw IdentityException.error("Cannot lock account, IdentityMgtEventListener is not enabled."); } String domainName = ((org.wso2.carbon.user.core.UserStoreManager) userStoreManager).getRealmConfiguration(). getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME); userName = UserCoreUtil.addDomainToName(userName, domainName); try { if (!userStoreManager.isExistingUser(userName)) { log.error("User " + userName + " does not exist in tenant " + userStoreManager.getTenantId()); throw IdentityException.error("No user account found for user " + userName); } Map<String, String> claims = new HashMap<>(); claims.put(UserIdentityDataStore.ACCOUNT_LOCK, "true"); claims.put(UserIdentityDataStore.UNLOCKING_TIME, "0"); userStoreManager.setUserClaimValues(userName, claims, null); } catch (UserStoreException e) { log.error("Error while reading/storing user identity data", e); throw IdentityException.error("Error while lock user account : " + userName); } }
private void assignApplicationRole(String applicationName, String username) throws IdentityApplicationManagementException { String roleName = getAppRoleName(applicationName); String[] newRoles = {roleName}; try { // assign new application role to the user. UserRealm realm = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm(); if (realm != null) { String[] roleListOfUser = realm.getUserStoreManager().getRoleListOfUser(username); if (ArrayUtils.contains(roleListOfUser, roleName)) { if (log.isDebugEnabled()) { log.debug("The user: " + username + " is already having the role: " + roleName); } } else { realm.getUserStoreManager().updateRoleListOfUser(username, null, newRoles); if (log.isDebugEnabled()) { log.debug("Assigning application role : " + roleName + " to the user : " + username); } } } } catch (UserStoreException e) { throw new IdentityApplicationManagementException("Error while assigning application role: " + roleName + " to the user: " + username, e); } }
/** * Every queue/topic has a role with the same name as the queue/topic name. This role is used * to store the permissions for the user who created the queue/topic.This role should be * deleted when the queue/topic is deleted. * * @param destinationName name of the queue or topic * @throws EventBrokerException */ private static void removeRoleCreateForLoggedInUser(String destinationName) throws EventBrokerException { //For registry we use a modified queue name String newDestinationName = destinationName.replace("@", AT_REPLACE_CHAR); String roleName = UserCoreUtil.addInternalDomainName(TOPIC_ROLE_PREFIX + newDestinationName.replace("/", "-")); try { UserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager(); if (userStoreManager.isExistingRole(roleName)) { userStoreManager.deleteRole(roleName); } } catch (UserStoreException e) { throw new EventBrokerException("Error while deleting " + newDestinationName, e); } } }
if (!manager.isExistingUser(csgUserName)) { manager.addUser( csgUserName, passWord, if (!manager.isExistingRole(roleName)) { manager.addRole(roleName, new String[]{csgUserName}, null);
if (!userRealm.getUserStoreManager().isExistingUser(tenantLessUsername)) { throw new AuthenticationException("Invalid User : " + tenantLessUsername); isSuccessful = userRealm.getUserStoreManager().authenticate(tenantLessUsername, password);
/** * Create a role for the application and assign the user to that role. * * @param applicationName * @throws IdentityApplicationManagementException */ public static void createAppRole(String applicationName, String username) throws IdentityApplicationManagementException { String roleName = getAppRoleName(applicationName); String[] usernames = {username}; try { // create a role for the application and assign the user to that role. if (log.isDebugEnabled()) { log.debug("Creating application role : " + roleName + " and assign the user : " + Arrays.toString(usernames) + " to that role"); } if (CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager(). isExistingRole(roleName)) { String errorMsg = "Application registration failed. The application role \'" + roleName + "\' already exists."; log.error(errorMsg); throw new IdentityApplicationRegistrationFailureException(errorMsg); } CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager() .addRole(roleName, usernames, null); } catch (UserStoreException e) { throw new IdentityApplicationManagementException("Error while creating application role: " + roleName + " with user " + username, e); } }
UserStoreManager manager = realm.getUserStoreManager(); if (manager.isExistingUser(userName)) { if (!manager.isExistingRole(role)) { log.error("Could not find role " + role + " in the user store"); throw new Exception("Could not find role " + role + " in the user store");
.getRoleListOfUser(subjectId); if (roles != null && roles.length > 0) { for (String role : roles) { try { claimValue = CarbonContext.getThreadLocalCarbonContext().getUserRealm(). getUserStoreManager().getUserClaimValue(subjectId, attributeId, null); } catch (UserStoreException e) { if(e.getMessage().startsWith(IdentityCoreConstants.USER_NOT_FOUND)){
private void updateAccountDisableClaim(String value, String domainQualifiedUsername, String tenantDomain, UserStoreManager userStoreManager) throws UsernameUpdateServerException { try { Map<String, String> claimValues = new HashMap<>(); claimValues.put(UsernameUpdateServiceConstants.ACCOUNT_DISABLE_CLAIM, value); userStoreManager.setUserClaimValues(domainQualifiedUsername, claimValues, UserCoreConstants .DEFAULT_PROFILE); } catch (UserStoreException e) { throw new UsernameUpdateServerException("Error while updating account lock claim of user: " + domainQualifiedUsername + " in tenant: " + tenantDomain, e); } }
if (!userStore.isExistingRole(IdentityConstants.IDENTITY_DEFAULT_ROLE)) { Permission permission = new Permission("/permission/admin/login", UserMgtConstants.EXECUTE_ACTION); userStore.addRole(IdentityConstants.IDENTITY_DEFAULT_ROLE, null, new Permission[]{permission}, false); userStore.addUser(username, password, new String[]{IdentityConstants.IDENTITY_DEFAULT_ROLE}, null, null); IdentityPersistenceManager manager = IdentityPersistenceManager.getPersistanceManager();
if (!userStoreManager.isExistingUser(userName)) { log.error("User " + userName + " does not exist in tenant "+userStoreManager.getTenantId()); throw IdentityException.error("No user account found for user " + userName);
try { userStoreManager = getUserStoreManager(tenantId, userStoreDomain); challengeQuestionClaimValue = userStoreManager.getUserClaimValue(username, CHALLENGE_QUESTION_URIS_CLAIM, null); } catch (UserStoreException e) { Map<String, String> challengeQuestions; try { challengeQuestions = userStoreManager.getUserClaimValues(username, challengeQuestionUris.toArray(new String[challengeQuestionUris.size()]), null);
.getTenantUserRealm(tenantId) .getUserStoreManager(); userStoreManager.authenticate(userName, tempCredential);
@Override public void onTenantInitialActivation(int tenantId) throws StratosException { if (log.isDebugEnabled()) { log.debug("AccountLockTenantMgtListener is fired for Tenant ID : " + tenantId); } try { AccountServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId). getUserStoreManager().addRole(AccountConstants.ACCOUNT_LOCK_BYPASS_ROLE, null, null, false); } catch (org.wso2.carbon.user.api.UserStoreException e) { log.error(String.format("Error while adding role: %s on Tenant: %d", AccountConstants.ACCOUNT_LOCK_BYPASS_ROLE, tenantId), e); } }
if(!userStoreManager.isReadOnly()) { userStoreManager.setUserClaimValues(username, new HashMap<String,String> (userIdentityDTO.getUserIdentityDataMap()), null); } else {
userStoreManager.updateCredentialByAdmin(userName, new String(tempPassword)); userStoreManager.getUserClaimValue(userName, IdentityMgtConfig.getInstance() .getAccountRecoveryClaim(),
private void setSubjectClaimForStandardDialect(String tenantAwareUserId, UserStoreManager userStore, AuthenticationContext context, String subjectURI) { try { String value = userStore.getUserClaimValue(tenantAwareUserId, subjectURI, null); if (value != null) { context.setProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE, value); if (log.isDebugEnabled()) { log.debug("Setting \'ServiceProviderSubjectClaimValue\' property value " + "from user store " + value); } } else { if(log.isDebugEnabled()) { log.debug("Subject claim for " + tenantAwareUserId + " not found in user store"); } } } catch (UserStoreException e) { log.error("Error occurred while retrieving " + subjectURI + " claim value for user " + tenantAwareUserId, e); } }