/** * Gets instance * <p/> * As this is only called in start up syn and null check is not needed * * @param configuration a primary <code>RealmConfiguration</code> * @return <code>IdentityMgtConfig</code> */ public static IdentityMgtConfig getInstance(RealmConfiguration configuration) { identityMgtConfig = new IdentityMgtConfig(configuration); return identityMgtConfig; }
if (claimValue.contains(IdentityMgtConfig.getInstance().getChallengeQuestionSeparator())) { challengesUris = claimValue.split(IdentityMgtConfig.getInstance().getChallengeQuestionSeparator()); } else { challengesUris = new String[]{claimValue.trim()};
public static void storeUserIdentityClaims(UserIdentityClaimsDO identityClaims, org.wso2.carbon.user.core.UserStoreManager userStoreManager) throws IdentityException { IdentityMgtConfig.getInstance().getIdentityDataStore() .store(identityClaims, userStoreManager); }
public UserRecoveryDataDO(String userName, int tenantId) { this.tenantId = tenantId; this.userName = userName; int expireTimeInMinutes = IdentityMgtConfig.getInstance().getNotificationExpireTime(); this.expireTime = Long.toString(System.currentTimeMillis() + (expireTimeInMinutes * 60 * 1000L)); this.isValid = true; }
/** * Generates a random password * * @return */ public static char[] generateTemporaryPassword() { IdentityMgtConfig config = IdentityMgtConfig.getInstance(); return config.getPasswordGenerator().generatePassword(); }
IdentityMgtConfig config = IdentityMgtConfig.getInstance(); if (!config.isEnableAuthPolicy()) { return true; if (authenticated && config.isAuthPolicyOneTimePasswordCheck() && (!userStoreManager.isReadOnly()) && userOTPEnabled) { config.getNotificationSendingModules(); if (IdentityMgtConfig.getInstance().isNotificationInternallyManaged()) { notificationSendingModule.setNotificationData(notificationData); notificationSendingModule.setNotification(emailNotification); if (authenticated && config.isAuthPolicyExpirePasswordCheck() && !userOTPEnabled && (!userStoreManager.isReadOnly())) { if (!authenticated && config.isAuthPolicyAccountLockOnFailure()) { if (userIdentityDTO.getFailAttempts() >= config.getAuthPolicyMaxLoginAttempts()) { log.info("User, " + userName + " has exceed the max failed login attempts. " + "User account would be locked"); IdentityErrorMsgContext customErrorMessageContext = new IdentityErrorMsgContext(UserCoreConstants.ErrorCode.USER_IS_LOCKED, userIdentityDTO.getFailAttempts(), config.getAuthPolicyMaxLoginAttempts()); IdentityUtil.setIdentityErrorMsg(customErrorMessageContext); int lockTime = IdentityMgtConfig.getInstance().getAuthPolicyLockingTime(); if (lockTime != 0) { userIdentityDTO.setUnlockTime(System.currentTimeMillis() +
log.debug("Post add user is called in IdentityMgtEventListener"); IdentityMgtConfig config = IdentityMgtConfig.getInstance(); if (config.isEnableUserAccountVerification() && IdentityUtil.threadLocalProperties.get().containsKey(EMPTY_PASSWORD_USED)) { if (config.isAuthPolicyAccountLockOnCreation()) { userIdentityClaimsDO.setAccountLock(true); try { config.getIdentityDataStore().store(userIdentityClaimsDO, userStoreManager); } catch (IdentityException e) { if (!config.isEnableUserAccountVerification() && !config.isAuthPolicyAccountLockOnCreation() && userIdentityClaimsDO != null) { try { if (log.isDebugEnabled()) {
private static boolean isIdentityMgtListenerEnable() { String listenerClassName = IdentityMgtConfig.getInstance().getProperty (IdentityMgtConstants.PropertyConfig.IDENTITY_MGT_LISTENER_CLASS); if (StringUtils.isBlank(listenerClassName)) { listenerClassName = IdentityMgtEventListener.class.getName(); } IdentityEventListenerConfig identityEventListenerConfig = IdentityUtil.readEventListenerProperty (UserOperationEventListener.class.getName(), listenerClassName); if (identityEventListenerConfig == null) { return true; } if (StringUtils.isNotBlank(identityEventListenerConfig.getEnable())) { return Boolean.parseBoolean(identityEventListenerConfig.getEnable()); } else { return true; } }
if (IdentityMgtConfig.getInstance().isCaptchaVerificationInternallyManaged()) { try { CaptchaUtil.processCaptchaInfoBean(captcha); if (!IdentityMgtConfig.getInstance().isSaasEnabled()) { String loggedInTenant = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); if (tenantDomain != null && !tenantDomain.isEmpty() && !loggedInTenant.equals(tenantDomain)) { if (!(IdentityMgtConfig.getInstance().isNotificationInternallyManaged())) { vBean.setNotificationData(notificationDto);
IdentityMgtConfig config = IdentityMgtConfig.getInstance(); if (!config.isEnableAuthPolicy()) { return true; log.debug("Username :" + userName + "does not exists in the system, ErrorCode :" + UserCoreConstants.ErrorCode.USER_DOES_NOT_EXIST); if (config.isAuthPolicyAccountExistCheck()) { throw new UserStoreException(UserCoreConstants.ErrorCode.USER_DOES_NOT_EXIST); UserCoreConstants.ErrorCode.USER_IS_LOCKED, userIdentityDTO.getFailAttempts(), config.getAuthPolicyMaxLoginAttempts()); IdentityUtil.setIdentityErrorMsg(customErrorMessageContext); String errorMsg = "User account is locked for user : " + userName
if (!IdentityUtil.threadLocalProperties.get().containsKey(DO_PRE_SET_USER_CLAIM_VALUES)) { IdentityUtil.threadLocalProperties.get().put(DO_PRE_SET_USER_CLAIM_VALUES, true); IdentityMgtConfig config = IdentityMgtConfig.getInstance(); UserIdentityDataStore identityDataStore = IdentityMgtConfig.getInstance().getIdentityDataStore(); UserIdentityClaimsDO identityDTO = identityDataStore.load(userName, userStoreManager); if (identityDTO == null) { && IdentityMgtConfig.getInstance().isAccountEnableNotificationSending()) { sendEmail(usernameWithDomain, tenantId, IdentityMgtConstants.Notification.ACCOUNT_ENABLE); && IdentityMgtConfig.getInstance().isAccountDisableNotificationSending()) { sendEmail(usernameWithDomain, tenantId, IdentityMgtConstants.Notification.ACCOUNT_DISABLE);
if (IdentityMgtConfig.getInstance().isCaptchaVerificationInternallyManaged()) { try { CaptchaUtil.processCaptchaInfoBean(captcha); if (IdentityMgtConfig.getInstance().isSaasEnabled()) { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); if (IdentityMgtConfig.getInstance().isSaasEnabled()) { PrivilegedCarbonContext.endTenantFlow();
public RecoveryProcessor() { List<NotificationSendingModule> notificationSendingModules = IdentityMgtConfig.getInstance().getNotificationSendingModules(); this.defaultModule = notificationSendingModules.get(0); for (NotificationSendingModule module : notificationSendingModules) { this.modules.put(module.getNotificationType(), module); } this.dataStore = IdentityMgtConfig.getInstance().getRecoveryDataStore(); this.notificationSender = new NotificationSender(); questionProcessor = new ChallengeQuestionProcessor(); }
public IdentityMgtEventListener() { identityMgtConfig = IdentityMgtConfig.getInstance(); // Get the policy registry with the loaded policies. policyRegistry = identityMgtConfig.getPolicyRegistry(); module = IdentityMgtConfig.getInstance().getIdentityDataStore(); String isAdminUnlockSysProp = System.getProperty(UNLOCK_ADMIN_SYS_PROP); // If the system property unlockAdmin is set, then admin account will be unlocked if (StringUtils.isNotBlank(isAdminUnlockSysProp) && Boolean.parseBoolean(isAdminUnlockSysProp)) { log.info("unlockAdmin system property is defined. Hence unlocking admin account"); unlockAdmin(); } }
if (!IdentityUtil.threadLocalProperties.get().containsKey(DO_PRE_UPDATE_CREDENTIAL_BY_ADMIN)) { IdentityUtil.threadLocalProperties.get().put(DO_PRE_UPDATE_CREDENTIAL_BY_ADMIN, true); IdentityMgtConfig config = IdentityMgtConfig.getInstance(); UserIdentityDataStore identityDataStore = IdentityMgtConfig.getInstance().getIdentityDataStore(); UserIdentityClaimsDO identityDTO = identityDataStore.load(userName, userStoreManager); boolean isAccountDisabled = identityDTO.isAccountDisabled(); .toString().trim().length() < 1)) { if (!config.isEnableTemporaryPassword()) { log.error("Empty passwords are not allowed"); return false;
public static UserDTO processUserId(String userId) throws IdentityException { if (userId == null || userId.trim().length() < 1) { throw IdentityException.error("Can not proceed with out a user id"); } UserDTO userDTO = new UserDTO(userId); if (!IdentityMgtConfig.getInstance().isSaasEnabled()) { validateTenant(userDTO); } userDTO.setTenantId(getTenantId(userDTO.getTenantDomain())); return userDTO; }
String email = userStoreManager.getUserClaimValue(userName, IdentityMgtConfig.getInstance() .getAccountRecoveryClaim(), null); log.debug("Sending email to " + email);
if (IdentityMgtConfig.getInstance().isAuthPolicyAccountLockCheck()) { String accountLock = Utils.getClaimFromUserStoreManager( userId, tenantId, UserIdentityDataStore.ACCOUNT_LOCK); } else if (IdentityMgtConfig.getInstance().isAuthPolicyAccountDisableCheck()) { String accountDisable = Utils.getClaimFromUserStoreManager( userId, tenantId, UserIdentityDataStore.ACCOUNT_DISABLED);
UserDTO userDTO = Utils.processUserId(username); if (IdentityMgtConfig.getInstance().isSaasEnabled()) { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); log.info("Credential is updated for user : " + userDTO.getUserId() + " and tenant domain : " + userDTO.getTenantDomain()); IdentityMgtConfig.getInstance().getRecoveryDataStore().invalidate(userDTO.getUserId(), tenantId); bean = new VerificationBean(true); } else if (recoveryProcessor.verifyConfirmationCode(3, userDTO.getUserId(), confirmationCode).isVerified()) { log.info("Credential is updated for user : " + userDTO.getUserId() + " and tenant domain : " + userDTO.getTenantDomain()); IdentityMgtConfig.getInstance().getRecoveryDataStore().invalidate(userDTO.getUserId(), tenantId); bean = new VerificationBean(true); } else { if (IdentityMgtConfig.getInstance().isSaasEnabled()) { PrivilegedCarbonContext.endTenantFlow();
if (IdentityMgtConfig.getInstance().isCaptchaVerificationInternallyManaged()) { try { CaptchaUtil.processCaptchaInfoBean(captchaInfoBean);