/** * Retrieves Identity provider information about a given tenant * * @param idPName Unique name of the IdP to which the given IdP roles need to be mapped * @param tenantDomain The tenant domain of whose local roles to be mapped * @param idPRoles IdP roles which need to be mapped to local roles * @throws IdentityProviderManagementException Error when getting role mappings */ @Override public Map<String, LocalRole> getMappedLocalRolesMap(String idPName, String tenantDomain, String[] idPRoles) throws IdentityProviderManagementException { Set<RoleMapping> roleMappings = getMappedLocalRoles(idPName, tenantDomain, idPRoles); Map<String, LocalRole> returnMap = new HashMap<String, LocalRole>(); for (RoleMapping roleMapping : roleMappings) { returnMap.put(roleMapping.getRemoteRole(), roleMapping.getLocalRole()); } return returnMap; }
RoleMapping roleMapping = new RoleMapping(); LocalRole localRole = new LocalRole(); localRole.setLocalRoleName(resultSet.getString(1)); roleMapping.setLocalRole(localRole); roleMapping.setRemoteRole(resultSet.getString(2)); roleMappingList.add(roleMapping); log.debug("Local Role: " + roleMapping.getLocalRole().getLocalRoleName() + " SPRole: " + roleMapping.getRemoteRole());
public static RoleMapping build(OMElement roleMappingOM) { RoleMapping roleMapping = new RoleMapping(); Iterator<?> iter = roleMappingOM.getChildElements(); while (iter.hasNext()) { OMElement element = (OMElement) (iter.next()); String elementName = element.getLocalName(); if ("localRole".equals(elementName)) { roleMapping.setLocalRole(LocalRole.build(element)); } if ("remoteRole".equals(elementName)) { roleMapping.setRemoteRole(element.getText()); } } return roleMapping; }
private static String getLocalRoleName(RoleMapping roleMapping) { return roleMapping.getLocalRole().getLocalRoleName(); }
/** * Map the local roles of a user to service provider mapped role values. * * @param serviceProvider * @param locallyMappedUserRoles List of local roles * @param claimSeparator Separator used to combine individual roles in the returned string. * @return Service Provider mapped roles combined with claimSeparator */ public static String getServiceProviderMappedUserRoles(ServiceProvider serviceProvider, List<String> locallyMappedUserRoles, String claimSeparator) throws FrameworkException { if (isNotEmpty(locallyMappedUserRoles)) { locallyMappedUserRoles = new ArrayList<>(locallyMappedUserRoles); // Get Local Role to Service Provider Role mappings. RoleMapping[] localToSpRoleMapping = serviceProvider.getPermissionAndRoleConfig().getRoleMappings(); if (isNotEmpty(localToSpRoleMapping)) { for (RoleMapping roleMapping : localToSpRoleMapping) { // Check whether a local role is mapped to service provider role. if (locallyMappedUserRoles.contains(getLocalRoleName(roleMapping))) { // Remove the local roles from the list of user roles. locallyMappedUserRoles.removeAll(Collections.singletonList(getLocalRoleName(roleMapping))); // Add the service provider mapped role. locallyMappedUserRoles.add(roleMapping.getRemoteRole()); } } } return StringUtils.join(locallyMappedUserRoles, claimSeparator); } return null; }
LocalRole localRole = new LocalRole(rs2.getString("USER_STORE_ID"), rs2.getString("LOCAL_ROLE")); RoleMapping roleMapping = new RoleMapping(localRole, rs2.getString("ROLE")); roleMappings.add(roleMapping);
while (roleMappingsIter.hasNext()) { OMElement roleMappingsElement = (OMElement) (roleMappingsIter.next()); RoleMapping roleMapping = RoleMapping.build(roleMappingsElement); if (roleMapping != null) { roleMappingsArrList.add(roleMapping);
public static RoleMapping build(OMElement roleMappingOM) { RoleMapping roleMapping = new RoleMapping(); Iterator<?> iter = roleMappingOM.getChildElements(); while (iter.hasNext()) { OMElement element = (OMElement) (iter.next()); String elementName = element.getLocalName(); if ("localRole".equals(elementName)) { roleMapping.setLocalRole(LocalRole.build(element)); } if ("remoteRole".equals(elementName)) { roleMapping.setRemoteRole(element.getText()); } } return roleMapping; }
/** * Validate local roles in role mapping configuration. * * @param validationMsg validation error messages * @param permissionsAndRoleConfig permission and role configurations * @param tenantDomain tenant domain */ private void validateRoleConfigs(List<String> validationMsg, PermissionsAndRoleConfig permissionsAndRoleConfig, String tenantDomain) { if (permissionsAndRoleConfig == null || permissionsAndRoleConfig.getRoleMappings() == null) { return; } try { UserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm() .getUserStoreManager(); for (RoleMapping roleMapping : permissionsAndRoleConfig.getRoleMappings()) { if (!userStoreManager.isExistingRole(roleMapping.getLocalRole().getLocalRoleName())) { validationMsg.add(String.format(ROLE_NOT_AVAILABLE, roleMapping.getLocalRole().getLocalRoleName())); break; } } } catch (UserStoreException e) { validationMsg.add(String.format("Error when checking the existence of local roles in %s.", tenantDomain)); } } }
for (String idPRole : idPRoles) { for (RoleMapping roleMapping : roleMappings) { if (roleMapping.getRemoteRole().equals(idPRole)) { returnSet.add(roleMapping); break;
while (roleMappingsIter.hasNext()) { OMElement roleMappingsElement = (OMElement) (roleMappingsIter.next()); RoleMapping roleMapping = RoleMapping.build(roleMappingsElement); if (roleMapping != null) { roleMappingsArrList.add(roleMapping);
/** * Retrieves Identity provider information about a given tenant * * @param idPName Unique name of the IdP to which the given local roles need to be mapped * @param tenantDomain The tenant domain of whose local roles need to be mapped * @param localRoles Local roles which need to be mapped to IdP roles * @throws IdentityProviderManagementException Error when getting role mappings */ @Override public Map<LocalRole, String> getMappedIdPRolesMap(String idPName, String tenantDomain, LocalRole[] localRoles) throws IdentityProviderManagementException { Set<RoleMapping> roleMappings = getMappedIdPRoles(idPName, tenantDomain, localRoles); Map<LocalRole, String> returnMap = new HashMap<LocalRole, String>(); for (RoleMapping roleMapping : roleMappings) { returnMap.put(roleMapping.getLocalRole(), roleMapping.getRemoteRole()); } return returnMap; }
RoleMapping roleMapping = new RoleMapping(); LocalRole localRole = new LocalRole(); localRole.setLocalRoleName(resultSet.getString(1)); roleMapping.setLocalRole(localRole); roleMapping.setRemoteRole(resultSet.getString(2)); roleMappingList.add(roleMapping); log.debug("Local Role: " + roleMapping.getLocalRole().getLocalRoleName() + " SPRole: " + roleMapping.getRemoteRole());
for (LocalRole localRole : localRoles) { for (RoleMapping roleMapping : roleMappings) { if (roleMapping.getLocalRole().equals(localRole)) { returnSet.add(roleMapping); break;
/** * Get mapped idp roles for given role list * * @param groupList * @param idPRoleMapping * @return */ private List<String> getMappedGroups(List<String> groupList, RoleMapping[] idPRoleMapping) { if (CollectionUtils.isEmpty(groupList)) { return new ArrayList<>(); } Map<String, String> mappedRoles = new HashMap<>(); for (RoleMapping mapping : idPRoleMapping) { mappedRoles.put(mapping.getLocalRole().getLocalRoleName(), mapping.getRemoteRole()); } List<String> mappedUserGroups = new ArrayList<>(); for (Iterator<String> iterator = groupList.iterator(); iterator.hasNext(); ) { String userGroup = iterator.next(); String mappedGroup = null; if ((mappedGroup = mappedRoles.get(userGroup)) != null) { mappedUserGroups.add(mappedGroup); } } return mappedUserGroups; }
.getUserStoreManager(); String role = null; if (mapping.getLocalRole().getUserStoreId() != null) { role = mapping.getLocalRole().getUserStoreId() + CarbonConstants.DOMAIN_SEPARATOR + mapping.getLocalRole().getLocalRoleName(); } else { role = mapping.getLocalRole().getLocalRoleName();
/** * Get mapped idp roles for given role list * * @param groupList * @param idPRoleMapping * @return */ private List<String> getMappedGroups(List<String> groupList, RoleMapping[] idPRoleMapping) { if (CollectionUtils.isEmpty(groupList)) { return new ArrayList<>(); } Map<String, String> mappedRoles = new HashMap<>(); for (RoleMapping mapping : idPRoleMapping) { mappedRoles.put(mapping.getLocalRole().getLocalRoleName(), mapping.getRemoteRole()); } List<String> mappedUserGroups = new ArrayList<>(); for (Iterator<String> iterator = groupList.iterator(); iterator.hasNext(); ) { String userGroup = iterator.next(); String mappedGroup = null; if ((mappedGroup = mappedRoles.get(userGroup)) != null) { mappedUserGroups.add(mappedGroup); } } return mappedUserGroups; }
.getTenantUserRealm(tenantId).getUserStoreManager(); String role = null; if (mapping.getLocalRole().getUserStoreId() != null) { role = mapping.getLocalRole().getUserStoreId() + CarbonConstants.DOMAIN_SEPARATOR + mapping.getLocalRole().getLocalRoleName();
/** * @param identityProvider */ public ExternalIdPConfig(IdentityProvider identityProvider) { this.identityProvider = identityProvider; claimConfiguration = identityProvider.getClaimConfig(); roleConfiguration = identityProvider.getPermissionAndRoleConfig(); justInTimeProConfig = identityProvider.getJustInTimeProvisioningConfig(); RoleMapping[] mappings = roleConfiguration.getRoleMappings(); if (mappings != null && mappings.length > 0) { for (RoleMapping roleMapping : mappings) { if (StringUtils.isNotEmpty(roleMapping.getLocalRole().getUserStoreId())) { this.roleMappings.put(roleMapping.getRemoteRole(), UserCoreUtil.addDomainToName(roleMapping .getLocalRole().getLocalRoleName(), roleMapping.getLocalRole().getUserStoreId())); } else { this.roleMappings.put(roleMapping.getRemoteRole(), roleMapping.getLocalRole() .getLocalRoleName()); } } } }
/** * @param identityProvider */ public ExternalIdPConfig(IdentityProvider identityProvider) { this.identityProvider = identityProvider; claimConfiguration = identityProvider.getClaimConfig(); roleConfiguration = identityProvider.getPermissionAndRoleConfig(); justInTimeProConfig = identityProvider.getJustInTimeProvisioningConfig(); if(roleConfiguration != null) { RoleMapping[] mappings = roleConfiguration.getRoleMappings(); if (mappings != null && mappings.length > 0) { for (RoleMapping roleMapping : mappings) { if (StringUtils.isNotEmpty(roleMapping.getLocalRole().getUserStoreId())) { this.roleMappings.put(roleMapping.getRemoteRole(), UserCoreUtil .addDomainToName(roleMapping.getLocalRole().getLocalRoleName(), roleMapping.getLocalRole().getUserStoreId())); } else { this.roleMappings.put(roleMapping.getRemoteRole(), roleMapping.getLocalRole().getLocalRoleName()); } } } } }