private UserStoreManager getUserStoreManager(UserRealm realm, String userStoreDomain) throws UserStoreException, FrameworkException { UserStoreManager userStoreManager; if (userStoreDomain != null && !userStoreDomain.isEmpty()) { userStoreManager = realm.getUserStoreManager().getSecondaryUserStoreManager( userStoreDomain); } else { userStoreManager = realm.getUserStoreManager(); } if (userStoreManager == null) { throw new FrameworkException("Specified user store is invalid"); } return userStoreManager; }
private static boolean isUsernameEncryptionEnabled() throws CarbonException, UserStoreException { return Boolean.parseBoolean(AdminServicesUtil.getUserRealm().getRealmConfiguration() .getRealmProperties().get(ENCRYPT_USERNAME_IN_URL)); } }
private void addPermission(UserRealm user, String role, String target, String rule) throws UserStoreException { //Do nothing if either the role,target or rule is empty if ((role == null) || (target == null) || (rule == null)) { return; } user.getAuthorizationManager().authorizeRole(role, target, rule); if (log.isDebugEnabled()) { log.debug("Permission " + rule + " ADDED to role: " + role + " for " + target); } }
public void deleteRole(String roleName) throws UserAdminException { try { String loggedInUserName = addPrimaryDomainIfNotExists(getLoggedInUser()); String adminUser = addPrimaryDomainIfNotExists(realm.getRealmConfiguration().getAdminUserName()); boolean isRoleHasAdminPermission; // check whether this role had admin permission isRoleHasAdminPermission = realm.getAuthorizationManager(). isRoleAuthorized(roleName, PERMISSION, UserMgtConstants.EXECUTE_ACTION); if (!isRoleHasAdminPermission) { isRoleHasAdminPermission = realm.getAuthorizationManager(). isRoleAuthorized(roleName, PERMISSION_ADMIN, UserMgtConstants.EXECUTE_ACTION); } if (isRoleHasAdminPermission && !adminUser.equalsIgnoreCase(loggedInUserName)) { log.warn("An attempt to delete role with admin permission by user " + loggedInUserName); throw new UserStoreException("You have not privilege to delete a role with Admin permission"); } realm.getUserStoreManager().deleteRole(roleName); } catch (UserStoreException e) { log.error(e.getMessage(), e); throw new UserAdminException(e.getMessage(), e); } catch (Exception e) { log.error(e.getMessage(), e); throw new UserAdminException(e.getMessage(), e); } }
public static void updateRoleUIPermission(String roleName, String[] rawPermissions) throws UserAdminException { Permission[] permissions = null; UserStoreManager userStoreManager = null; try { String[] optimizedList = UserCoreUtil.optimizePermissions(rawPermissions); UserRealm realm = AdminServicesUtil.getUserRealm(); AuthorizationManager authMan = realm.getAuthorizationManager(); authMan.clearRoleActionOnAllResources(roleName, UserMgtConstants.EXECUTE_ACTION); permissions = new Permission[optimizedList.length]; for (int i = 0; i < optimizedList.length; i++) { authMan.authorizeRole(roleName, optimizedList[i], UserMgtConstants.EXECUTE_ACTION); permissions[i] = new Permission(optimizedList[i], UserMgtConstants.EXECUTE_ACTION); } userStoreManager = realm.getUserStoreManager(); handlePostUpdatePermissionsOfRole(roleName, permissions, userStoreManager); } catch (UserStoreException e) { handleOnUpdatePermissionsOfRoleFailure(e.getMessage(), roleName, permissions, userStoreManager); // not logging already logged throw new UserAdminException(e.getMessage(), e); } catch (CarbonException e) { handleOnUpdatePermissionsOfRoleFailure(e.getMessage(), roleName, null, null); throw new UserAdminException(e.getMessage(), e); } }
private ClaimManager getClaimManager(String tenantDomain, UserRealm realm) throws FrameworkException { ClaimManager claimManager = null; try { claimManager = realm.getClaimManager(); } catch (UserStoreException e) { throw new FrameworkException("Error occurred while retrieving the ClaimManager " + "from Realm for " + tenantDomain + " to handle local claims", e); } return claimManager; }
private ClaimManager getClaimManager(String tenantDomain, UserRealm realm) throws FrameworkException { ClaimManager claimManager = null; try { claimManager = realm.getClaimManager(); } catch (UserStoreException e) { throw new FrameworkException("Error occurred while retrieving the ClaimManager " + "from Realm for " + tenantDomain + " to handle local claims", e); } return claimManager; }
private UserStoreManager getUserStoreManager(UserRealm realm, String userStoreDomain) throws UserStoreException, FrameworkException { UserStoreManager userStoreManager; if (userStoreDomain != null && !userStoreDomain.isEmpty()) { userStoreManager = realm.getUserStoreManager().getSecondaryUserStoreManager( userStoreDomain); } else { userStoreManager = realm.getUserStoreManager(); } if (userStoreManager == null) { throw new FrameworkException("Specified user store is invalid"); } return userStoreManager; }
private static boolean isUsernameEncryptionEnabled() throws CarbonException, UserStoreException { return Boolean.parseBoolean(AdminServicesUtil.getUserRealm().getRealmConfiguration() .getRealmProperties().get(ENCRYPT_USERNAME_IN_URL)); } }
private void removePermission(UserRealm user, String role, String target, String rule) throws UserStoreException { if ((role == null) || (target == null) || (rule == null)) { return; } user.getAuthorizationManager().denyRole(role, target, rule); if (log.isDebugEnabled()) { log.debug("Permission: " + rule + " REMOVED from role: " + role + " for " + target); } }
private ClaimManager getClaimManager(String tenantDomain, UserRealm realm) throws FrameworkException { ClaimManager claimManager = null; try { claimManager = realm.getClaimManager(); } catch (UserStoreException e) { throw new FrameworkException("Error occurred while retrieving the ClaimManager " + "from Realm for " + tenantDomain + " to handle local claims", e); } return claimManager; }
private UserStoreManager getUserStoreManager(UserRealm realm, String userStoreDomain) throws UserStoreException, FrameworkException { UserStoreManager userStoreManager; if (userStoreDomain != null && !userStoreDomain.isEmpty()) { userStoreManager = realm.getUserStoreManager().getSecondaryUserStoreManager( userStoreDomain); } else { userStoreManager = realm.getUserStoreManager(); } if (userStoreManager == null) { throw new FrameworkException("Specified user store is invalid"); } return userStoreManager; }
private static boolean isUsernameEncryptionEnabled() throws CarbonException, UserStoreException { return Boolean.parseBoolean(AdminServicesUtil.getUserRealm().getRealmConfiguration() .getRealmProperties().get(ENCRYPT_USERNAME_IN_URL)); } /**
public static boolean isUserAuthorizedToConfigureProfile(UserRealm realm, String currentUserName, String targetUser) throws UserStoreException { boolean isAuthrized = false; if (currentUserName == null) { //do nothing } else if (currentUserName.equals(targetUser)) { isAuthrized = true; } else { AuthorizationManager authorizer = realm.getAuthorizationManager(); isAuthrized = authorizer.isUserAuthorized(currentUserName, CarbonConstants.UI_ADMIN_PERMISSION_COLLECTION + "/manage/identity/usermgt/profiles", "ui.execute"); } return isAuthrized; }
private ClaimManager getClaimManager() throws UserStoreException { try { UserRealm realm = super.getUserRealm(); if (realm == null) { throw new UserStoreException(NULL_REALM_MESSAGE); } return realm.getClaimManager(); } catch (Exception e) { throw new UserStoreException(e); } } }
public boolean isSharedRolesEnabled() throws UserAdminException { UserStoreManager userManager; try { userManager = realm.getUserStoreManager(); // TODO remove abstract user store return ((AbstractUserStoreManager) userManager).isSharedGroupEnabled(); } catch (UserStoreException e) { log.error(e); throw new UserAdminException("Unable to check shared role enabled", e); } }
private void handleFederatedUserNameEqualsToSuperAdminUserName(UserRealm realm, String username, UserStoreManager userStoreManager, Collection<String> deletingRoles) throws UserStoreException, FrameworkException { if (userStoreManager.getRealmConfiguration().isPrimary() && username.equals(realm.getRealmConfiguration().getAdminUserName())) { if (log.isDebugEnabled()) { log.debug("Federated user's username is equal to super admin's username of local IdP."); } // Whether superadmin login without superadmin role is permitted if (deletingRoles .contains(realm.getRealmConfiguration().getAdminRoleName())) { if (log.isDebugEnabled()) { log.debug("Federated user doesn't have super admin role. Unable to sync roles, since" + " super admin role cannot be unassigned from super admin user"); } throw new FrameworkException( "Federated user which having same username to super admin username of local IdP," + " trying login without having super admin role assigned"); } } }
public static boolean isUserAuthorizedToConfigureProfile(UserRealm realm, String currentUserName, String targetUser) throws UserStoreException { boolean isAuthrized = false; if (currentUserName == null) { //do nothing } else if (currentUserName.equals(targetUser)) { isAuthrized = true; } else { AuthorizationManager authorizer = realm.getAuthorizationManager(); isAuthrized = authorizer.isUserAuthorized(currentUserName, CarbonConstants.UI_ADMIN_PERMISSION_COLLECTION + "/manage/identity/usermgt/profiles", "ui.execute"); } return isAuthrized; }
public ClaimMapping getClaimMapping(String claimURI) throws ClaimManagementException { ClaimMapping claimMapping = null; ClaimManager claimManager; try { UserRealm realm = getRealm(); claimManager = realm.getClaimManager(); if (claimManager != null) { claimMapping = claimManager.getClaimMapping(claimURI); } } catch (org.wso2.carbon.user.api.UserStoreException e) { throw new ClaimManagementException("Error occurred while retrieving claim", e); } return claimMapping; }
public boolean hasMultipleUserStores() throws UserAdminException { try { return realm.getUserStoreManager().getSecondaryUserStoreManager() != null; } catch (UserStoreException e) { log.error(e); throw new UserAdminException("Unable to check for multiple user stores"); } }