private void handleFederatedUserNameEqualsToSuperAdminUserName(UserRealm realm, String username, UserStoreManager userStoreManager, Collection<String> deletingRoles) throws UserStoreException, FrameworkException { if (userStoreManager.getRealmConfiguration().isPrimary() && username.equals(realm.getRealmConfiguration().getAdminUserName())) { if (log.isDebugEnabled()) { log.debug("Federated user's username is equal to super admin's username of local IdP."); } // Whether superadmin login without superadmin role is permitted if (deletingRoles .contains(realm.getRealmConfiguration().getAdminRoleName())) { if (log.isDebugEnabled()) { log.debug("Federated user doesn't have super admin role. Unable to sync roles, since" + " super admin role cannot be unassigned from super admin user"); } throw new FrameworkException( "Federated user which having same username to super admin username of local IdP," + " trying login without having super admin role assigned"); } } }
private void handleFederatedUserNameEqualsToSuperAdminUserName(UserRealm realm, String username, UserStoreManager userStoreManager, Collection<String> deletingRoles) throws UserStoreException, FrameworkException { if (userStoreManager.getRealmConfiguration().isPrimary() && username.equals(realm.getRealmConfiguration().getAdminUserName())) { if (log.isDebugEnabled()) { log.debug("Federated user's username is equal to super admin's username of local IdP."); } // Whether superadmin login without superadmin role is permitted if (deletingRoles .contains(realm.getRealmConfiguration().getAdminRoleName())) { if (log.isDebugEnabled()) { log.debug("Federated user doesn't have super admin role. Unable to sync roles, since" + " super admin role cannot be unassigned from super admin user"); } throw new FrameworkException( "Federated user which having same username to super admin username of local IdP," + " trying login without having super admin role assigned"); } } }
private String getAdminRole() throws UserStoreException { return CarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getAdminRoleName(); }
private void handleFederatedUserNameEqualsToSuperAdminUserName(UserRealm realm, String username, UserStoreManager userStoreManager, Collection<String> deletingRoles) throws UserStoreException, FrameworkException { if (userStoreManager.getRealmConfiguration().isPrimary() && username.equals(realm.getRealmConfiguration().getAdminUserName())) { if (log.isDebugEnabled()) { log.debug("Federated user's username is equal to super admin's username of local IdP."); } // Whether superadmin login without superadmin role is permitted if (deletingRoles .contains(realm.getRealmConfiguration().getAdminRoleName())) { if (log.isDebugEnabled()) { log.debug("Federated user doesn't have super admin role. Unable to sync roles, since" + " super admin role cannot be unassigned from super admin user"); } throw new FrameworkException( "Federated user which having same username to super admin username of local IdP," + " trying login without having super admin role assigned"); } } }
String adminRole = EventBrokerHolder.getInstance().getRealmService(). getBootstrapRealmConfiguration().getAdminRoleName(); String[] allRoles = userRealm.getUserStoreManager().getRoleNames();
String adminRole = realm.getRealmConfiguration().getAdminRoleName(); AuthorizationManager authMan = realm.getAuthorizationManager(); if (!authMan.isRoleAuthorized(adminRole, CarbonConstants.UI_PERMISSION_COLLECTION,
String adminRole = realm.getRealmConfiguration().getAdminRoleName(); AuthorizationManager authMan = realm.getAuthorizationManager(); if (!authMan.isRoleAuthorized(adminRole, CarbonConstants.UI_PERMISSION_COLLECTION,
String[] roles = mgr.getRoleListOfUser(userName, credentialType); Arrays.sort(roles); if (Arrays.binarySearch(roles, realmConfig.getAdminRoleName()) > -1 && loggedInUserName != null && !userName.equals(loggedInUserName) && !realmConfig.getAdminUserName().equals(loggedInUserName) &&
String[] roles = mgr.getRoleListOfUser(userName, credentialType); Arrays.sort(roles); if (Arrays.binarySearch(roles, realmConfig.getAdminRoleName()) > -1 && loggedInUserName != null && !userName.equals(loggedInUserName) && !realmConfig.getAdminUserName().equals(loggedInUserName) &&
"permissions to a role belong to another tenant"); if (realm.getRealmConfiguration().getAdminRoleName().equalsIgnoreCase(roleName)) { String msg = "UI permissions of Admin is not allowed to change"; log.error(msg);
.addDomainToName(userStoreManager.getRealmConfiguration().getAdminRoleName(), domainName);
String adminRole = EventBrokerHolder.getInstance().getRealmService(). getBootstrapRealmConfiguration().getAdminRoleName(); TopicRolePermission topicRolePermission; try {
if ((Arrays.binarySearch(roles, realmConfig.getAdminRoleName()) > -1 || isRoleHasAdminPermission) && !realmConfig.getAdminUserName().equals(loggedInUserName)) { log.warn("An attempt to assign user to Admin permission role by user : " +
.addDomainToName(userStoreManager.getRealmConfiguration().getAdminRoleName(), domainName);
if ((Arrays.binarySearch(roles, realmConfig.getAdminRoleName()) > -1 || isRoleHasAdminPermission) && !realmConfig.getAdminUserName().equals(loggedInUserName)) { log.warn("An attempt to assign user to Admin permission role by user : " +
.addDomainToName(userStoreManager.getRealmConfiguration().getAdminRoleName(), domainName);
"permissions to a role belong to another tenant"); if (realm.getRealmConfiguration().getAdminRoleName().equalsIgnoreCase(roleName)) { String msg = "UI permissions of Admin is not allowed to change"; log.error(msg);
/** * Check if the given user has the admin role privileges * * @param username - the user to be checked for permissions * @return - true if given user is a admin role owned user, false otherwise * @throws EventBrokerException - if fails to get list of user roles */ public static boolean isAdmin(String username) throws EventBrokerException { boolean isAdmin = false; try { String[] userRoles = EventBrokerHolder.getInstance().getRealmService(). getTenantUserRealm(CarbonContext.getThreadLocalCarbonContext().getTenantId()). getUserStoreManager().getRoleListOfUser(username); String adminRole = EventBrokerHolder.getInstance().getRealmService(). getBootstrapRealmConfiguration().getAdminRoleName(); for (String userRole : userRoles) { if (adminRole.equals(userRole)) { isAdmin = true; break; } } } catch (UserStoreException e) { throw new EventBrokerException("Failed to get list of user roles", e); } return isAdmin; }
if (realm.getRealmConfiguration().getAdminRoleName().equals(roleName)) { throw new UserStoreException("UI permission of admin is not allowed to change!");
public RealmConfigurationDTO getRealmConfiguration() throws UserStoreException { UserRealm userRealm = getApplicableUserRealm(); RealmConfiguration realmConfig = userRealm.getRealmConfiguration(); RealmConfigurationDTO realmConfigDTO = new RealmConfigurationDTO(); realmConfigDTO.setRealmClassName(realmConfig.getRealmClassName()); realmConfigDTO.setUserStoreClass(realmConfig.getUserStoreClass()); realmConfigDTO.setAuthorizationManagerClass(realmConfig.getAuthorizationManagerClass()); realmConfigDTO.setAdminRoleName(realmConfig.getAdminRoleName()); realmConfigDTO.setAdminUserName(realmConfig.getAdminUserName()); realmConfigDTO.setAdminPassword(realmConfig.getAdminPassword()); realmConfigDTO.setEveryOneRoleName(realmConfig.getEveryOneRoleName()); realmConfigDTO.setUserStoreProperties(getPropertyValueArray(realmConfig .getUserStoreProperties())); realmConfigDTO.setAuthzProperties(getPropertyValueArray(realmConfig.getAuthzProperties())); realmConfigDTO.setRealmProperties(getPropertyValueArray(realmConfig.getRealmProperties())); return realmConfigDTO; }