/** * When adding group through SCIM Resource endpoint, add the group attributes to the * Identity_SCIM_GROUP table, in addition to the ones added in UserStore (i.e display name, users) * * @param group */ public void createSCIMAttributes(Group group) throws IdentitySCIMException { try { Map<String, String> attributes = new HashMap<>(); attributes.put(SCIMConstants.CommonSchemaConstants.ID_URI, group.getId()); attributes.put(SCIMConstants.CommonSchemaConstants.CREATED_URI, AttributeUtil.formatDateTime( group.getCreatedDate())); attributes.put(SCIMConstants.CommonSchemaConstants.LAST_MODIFIED_URI, AttributeUtil.formatDateTime( group.getLastModified())); attributes.put(SCIMConstants.CommonSchemaConstants.LOCATION_URI, group.getLocation()); GroupDAO groupDAO = new GroupDAO(); groupDAO.addSCIMGroupAttributes(tenantId, group.getDisplayName(), attributes); } catch (CharonException e) { throw new IdentitySCIMException("Error getting group name from SCIM Group.", e); } }
@Override public Group getGroup(String groupId, Map<String, Boolean> requiredAttributes) throws NotImplementedException, BadRequestException, CharonException, NotFoundException { if (log.isDebugEnabled()) { log.debug("Retrieving group: " + groupId); } try { org.wso2.carbon.identity.mgt.Group userStoreGroup = identityStore.getGroup(groupId); //TODO:We need to pass the scim claim dialect for this method List<Claim> claimList = userStoreGroup.getClaims(); //TODO this is a temporary method. need to remove this once the claim management is completed. claimList = ClaimMapper.getInstance().convertGroupToScimDialect(claimList); Group scimGroup = getSCIMGroup(userStoreGroup, claimList); if (log.isDebugEnabled()) { log.debug("Group: " + scimGroup.getDisplayName() + " is retrieved through SCIM."); } return scimGroup; } catch (IdentityStoreException e) { throw new CharonException("Error in getting the group : " + groupId, e); } catch (GroupNotFoundException e) { throw new NotFoundException("Group with the id :" + groupId + " does not exists."); } }
throws CharonException { String displayName = null; displayName = oldGroup.getDisplayName(); try { String userStoreDomainFromSP = getUserStoreDomainFromSP(); IdentityUtil.extractDomainFromName(oldGroup.getDisplayName()))) { throw new CharonException("Group :" + oldGroup.getDisplayName() + "is not belong to user store " + userStoreDomainFromSP + "Hence group updating fail"); oldGroup.setDisplayName(IdentityUtil.addDomainToName(UserCoreUtil.removeDomainFromName(oldGroup.getDisplayName()), IdentityUtil.extractDomainFromName(oldGroup.getDisplayName()))); newGroup.setDisplayName(IdentityUtil.addDomainToName(UserCoreUtil.removeDomainFromName(newGroup.getDisplayName()), IdentityUtil.extractDomainFromName(newGroup.getDisplayName()))); if (IdentityUtil.extractDomainFromName(newGroup.getDisplayName()).equals(primaryDomain) && !(IdentityUtil .extractDomainFromName(oldGroup.getDisplayName()) .equals(primaryDomain))) { String userStoreDomain = IdentityUtil.extractDomainFromName(oldGroup.getDisplayName()); newGroup.setDisplayName(IdentityUtil.addDomainToName(newGroup.getDisplayName(), userStoreDomain)); } else if (!IdentityUtil.extractDomainFromName(oldGroup.getDisplayName()) .equals(IdentityUtil.extractDomainFromName(newGroup.getDisplayName()))) { throw new IdentitySCIMException( "User store domain of the group is not matching with the given SCIM group Id."); newGroup.setDisplayName(SCIMCommonUtils.getGroupNameWithDomain(newGroup.getDisplayName())); oldGroup.setDisplayName(SCIMCommonUtils.getGroupNameWithDomain(oldGroup.getDisplayName()));
throws CharonException, ConflictException, BadRequestException { if (log.isDebugEnabled()) { log.debug("Creating group: " + group.getDisplayName()); String originalName = group.getDisplayName(); String roleNameWithDomain = null; String domainName = ""; if (carbonUM.isExistingRole(group.getDisplayName(), false)) { String error = "Group with name: " + group.getDisplayName() +" already exists in the system."; throw new ConflictException(error); "Hence, can not create the group: " + group.getDisplayName(); throw new IdentitySCIMException(error); } else if (userNames[0].indexOf(UserCoreConstants.DOMAIN_SEPARATOR) > 0 && !StringUtils.containsIgnoreCase(userNames[0], domainName)) { String error = "User: " + userId + " doesn't exist in the same user store. " + "Hence, can not create the group: " + group.getDisplayName(); throw new IdentitySCIMException(error); } else { carbonUM.addRole(group.getDisplayName(), members.toArray(new String[members.size()]), null, false); log.info("Group: " + group.getDisplayName() + " is created through SCIM."); } else { carbonUM.addRole(group.getDisplayName(), null, null, false); log.info("Group: " + group.getDisplayName() + " is created through SCIM.");
if (isNullOrEmpty(group.getDisplayName())) { throw new BadRequestException("Please provide valid name for group displayName"); String userStoreDomain = SCIMCommonUtils.extractDomainFromName(group.getDisplayName(), identityStore); group.setDisplayName(SCIMCommonUtils.removeDomainFromName(group.getDisplayName())); throw new ConflictException("Group with the name: " + group.getDisplayName() + " already exists in the system."); String errMsg = "Error occurred while adding group:" + group.getDisplayName() + "to user store"; String errMsg = "Error in retrieving newly added group:" + group.getDisplayName() + " from user store";
public void deleteGroup() throws IdentitySCIMException { try { String filter = GROUP_FILTER + ((Group) scimObject).getDisplayName(); List<Group> groups = (List<Group>) (List<?>) listWithGet(null, null, filter, 1, 1, null, null, SCIM2CommonConstants.GROUP); if (groups != null && groups.size() > 0) { String groupId = groups.get(0).getId(); if (groupId == null) { return; } client.setURL(groupEPURL + "/" + groupId); Scimv2GroupsApi api = new Scimv2GroupsApi(client); ScimApiResponse<String> response = api.deleteGroup(); logger.info("SCIM - delete group operation returned with response code: " + response.getStatusCode()); handleSCIMErrorResponse(response); } } catch (AbstractCharonException e) { throw new IdentitySCIMException("Error in provisioning 'delete group' operation for user : " + userName, e); } catch (ScimApiException e) { throw new IdentitySCIMException(e.getMessage(), e); } catch (IOException e) { throw new IdentitySCIMException("Error in provisioning 'delete group' operation for user : " + userName, e); } }
@Override public Group updateGroup(Group oldGroup, Group newGroup, Map<String, Boolean> requiredAttributes) throws NotImplementedException, BadRequestException, CharonException, NotFoundException { try { if (log.isDebugEnabled()) { log.debug("Updating group: " + oldGroup.toString()); } //get the claims map from the new scim user object. Map<String, String> claims = SCIMClaimResolver.getClaimsMap(newGroup); //get the claim list to be updated. List<Claim> claimList = getGroupBeanFromClaims(claims).getClaims(); //TODO this is a temporary method. need to remove this once the claim management is completed. claimList = ClaimMapper.getInstance().convertMetaToWso2Dialect(claimList); //set user updated claim values //TODO : Give the domain name identityStore.updateGroupClaims(oldGroup.getId(), claimList); //update the member list separately. updateMemberList(oldGroup, newGroup); if (log.isDebugEnabled()) { log.debug("User: " + newGroup.getDisplayName() + " updated through SCIM."); } //get the updated group from the user core and sent it to client. return this.getGroup(newGroup.getId(), requiredAttributes); } catch (GroupNotFoundException e) { throw new NotFoundException("No such group with the group id : " + oldGroup.getId()); } catch (IdentityStoreException e) { throw new CharonException("Error in updating the Group", e); } }
Optional<Group> group = Optional.ofNullable(getSCIMGroup(groupId, requiredGroupClaims, false)); if (group.isPresent()) { scimUser.setGroup(null, group.get().getId(), group.get().getDisplayName()); } else { log.warn("Group " + groupId + " recorded as a group of user " + userId + " but group "
filter = GROUP_FILTER + additionalInformation.get(SCIM2CommonConstants.OLD_GROUP_NAME); } else { filter = GROUP_FILTER + ((Group) scimObject).getDisplayName();