@Override public boolean doPreDeleteUser(String userName, UserStoreManager userStoreManager) throws UserStoreException { if (!isEnable()) { return true; } String domainName = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration()); if (StringUtils.isBlank(domainName)) { domainName = UserAccountAssociationConstants.PRIMARY_USER_DOMAIN; } try { if (log.isDebugEnabled()) { log.debug("User account associations for user " + userName + " with tenant id " + userStoreManager.getTenantId() + " is getting deleted."); } UserAccountAssociationDAO.getInstance().deleteUserAssociation(domainName, userStoreManager.getTenantId() , userName); return true; } catch (UserAccountAssociationException e) { throw new UserStoreException(String.format(UserAccountAssociationConstants.ErrorMessages .ERROR_WHILE_DELETING_USER_ASSOC.getDescription(), userName), e); } }
private boolean isUserExistsInDomain(UserStoreManager userStoreManager, String userName) throws UserStoreException { boolean isExists = false; if (userStoreManager.isExistingUser(userName)) { isExists = true; } return isExists; }
public boolean hasMultipleUserStores() throws UserAdminException { try { return realm.getUserStoreManager().getSecondaryUserStoreManager() != null; } catch (UserStoreException e) { log.error(e); throw new UserAdminException("Unable to check for multiple user stores"); } }
/** * This method will return whether SCIM is enabled or not for a particular userStore. (from SCIMEnabled user * store property) * @param userStoreName user store name * @return whether scim is enabled or not for the particular user store */ private boolean isSCIMEnabled(String userStoreName) { UserStoreManager userStoreManager = carbonUM.getSecondaryUserStoreManager(userStoreName); if (userStoreManager != null) { try { return userStoreManager.isSCIMEnabled(); } catch (UserStoreException e) { log.error("Error while evaluating isSCIMEnalbed for user store " + userStoreName, e); } } return false; }
private Collection<String> getRolesToAdd(UserStoreManager userStoreManager, String[] newRoles) throws UserStoreException { Collection<String> addingRoles = new ArrayList<>(); Collections.addAll(addingRoles, newRoles); Collection<String> allExistingRoles = removeDomainFromNamesExcludeInternal( Arrays.asList(userStoreManager.getRoleNames()), userStoreManager.getTenantId()); addingRoles.retainAll(allExistingRoles); return addingRoles; }
public void addUserClaimValue(String userName, String claimURI, String claimValue, String profileName) throws UserStoreException { String existingClaimValue = getUserStoreManager().getUserClaimValue(userName, claimURI, profileName); if (existingClaimValue == null) { existingClaimValue = EMPTY; } if (claimValue != null && !EMPTY.equals(claimValue) && !EMPTY.equals(existingClaimValue)) { claimValue = existingClaimValue + "," + claimValue; } getUserStoreManager().setUserClaimValue(userName, claimURI, claimValue, profileName); }
private void addMultiAttributeSperatorToRequestedClaims(AuthenticatedUser authenticatedUser, org.wso2.carbon.user.core.UserStoreManager userStore, Map<String, String> spRequestedClaims) { if (!spRequestedClaims.isEmpty()) { RealmConfiguration realmConfiguration = userStore.getRealmConfiguration(); String claimSeparator = realmConfiguration.getUserStoreProperty(IdentityCoreConstants .MULTI_ATTRIBUTE_SEPARATOR); if (StringUtils.isNotBlank(claimSeparator)) { spRequestedClaims.put(IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR, claimSeparator); } } }
private boolean isAccountLockByPassForUser(UserStoreManager userStoreManager, String userName) throws AccountLockException { try { String[] roleList = userStoreManager.getRoleListOfUser(userName); if (!ArrayUtils.isEmpty(roleList)) { return ArrayUtils.contains(roleList, AccountConstants.ACCOUNT_LOCK_BYPASS_ROLE); } } catch (UserStoreException e) { throw new AccountLockException("Error occurred while listing user role: " + userName, e); } return false; } }
getTenantUserRealm(tenantId); UserStoreManager userStoreManager = userRealm.getUserStoreManager(). getSecondaryUserStoreManager(user.getUserStoreDomain()); if (userStoreManager.isExistingUser(user.getUserName())) { return !(isUserDisabled(userStoreManager, user) || isUserLocked(userStoreManager, user));
/** * @param userName Current username * @param userStoreManager User store * @return State whether current user is a privileged user * @throws AccountLockException */ protected boolean isAccountLock(String userName, UserStoreManager userStoreManager) throws AccountLockException { String accountLockedClaim; try { Map<String, String> values = userStoreManager.getUserClaimValues(userName, new String[]{ AccountConstants.ACCOUNT_LOCKED_CLAIM}, UserCoreConstants.DEFAULT_PROFILE); accountLockedClaim = values.get(AccountConstants.ACCOUNT_LOCKED_CLAIM); } catch (UserStoreException e) { throw new AccountLockException("Error occurred while retrieving " + AccountConstants .ACCOUNT_LOCKED_CLAIM + " claim value", e); } return Boolean.parseBoolean(accountLockedClaim); }
if (realm.getUserStoreManager().getTenantId() != SecurityServiceHolder.getRealmService().getTenantManager().getTenantId(MultitenantUtils.getTenantDomain(user))) { if (log.isDebugEnabled()) { isAuthenticated = realm.getUserStoreManager().authenticate( tenantAwareUserName, password);
getTenantUserRealm(tenantId).getUserStoreManager(); if (log.isDebugEnabled()) { log.debug("SCIM enable in Userstore level : " + userStoreManager.isSCIMEnabled() + ", for " + "Tenant ID : " + tenantId + ", validating for the existing SCIM ID : " + validateSCIMID); if (userStoreManager.isSCIMEnabled()) { String adminUsername = ClaimsMgtUtil.getAdminUserNameFromTenantId(IdentityTenantUtil.getRealmService(), tenantId); String scimId = userStoreManager.getUserClaimValue(adminUsername, SCIMConstants .CommonSchemaConstants.ID_URI, UserCoreConstants.DEFAULT_PROFILE); if (log.isDebugEnabled()) { .setUserClaimValues(adminUsername, scimClaims, UserCoreConstants.DEFAULT_PROFILE); userStoreManager.setUserClaimValues(adminUsername, scimClaims, UserCoreConstants.DEFAULT_PROFILE);
accountLockedClaim = userStoreManager.getUserClaimValue(userName, AccountConstants.ACCOUNT_LOCKED_CLAIM, null); } catch (UserStoreException e) { long unlockTime = 0; try { String userClaimValue = userStoreManager.getUserClaimValue(userName, AccountConstants.ACCOUNT_UNLOCK_TIME_CLAIM, null); if (NumberUtils.isNumber(userClaimValue)) { newClaims.put(AccountConstants.FAILED_LOGIN_ATTEMPTS_CLAIM, "0"); try { userStoreManager.setUserClaimValues(userName, newClaims, null); } catch (UserStoreException e) { throw new AccountLockException("Error occurred while storing " + AccountConstants
/** * @param dto * @return * @throws IdentityException * @throws RegistryException */ public boolean addOpenIdToProfile(OpenIDDTO dto) throws IdentityException, RegistryException { String openID = dto.getOpenID(); String tenantDomain = MultitenantUtils.getDomainNameFromOpenId(openID); UserRealm realm = IdentityTenantUtil.getRealm(tenantDomain, dto.getUserName()); try { if (realm.getUserStoreManager().isExistingUser(dto.getUserName())) { if (dto.getPassword() != null) { boolean authenticated = realm.getUserStoreManager().authenticate( dto.getUserName(), dto.getPassword()); if (authenticated) { return doOpenIDSignUp(dto.getUserName(), dto.getOpenID()); } } else { return doOpenIDSignUp(dto.getUserName(), dto.getOpenID()); } } } catch (Exception e) { throw new IdentityException(e.getMessage(), e); } return false; }
private String getSubjectClaimFromUserStore(String subjectClaimUri, AuthenticatedUser authenticatedUser) throws UserStoreException, IdentityException { UserStoreManager userStoreManager = IdentityTenantUtil .getRealm(authenticatedUser.getTenantDomain(), authenticatedUser.toFullQualifiedUsername()) .getUserStoreManager(); return userStoreManager .getSecondaryUserStoreManager(authenticatedUser.getUserStoreDomain()) .getUserClaimValue(authenticatedUser.getUserName(), subjectClaimUri, null); }
public boolean authenticate(String userName, String credential) throws UserStoreException { return getUserStoreManager().authenticate(userName, credential); }
String[] userNames = carbonUM.getUserListOfRole(groupName); String userId = carbonUM.getUserClaimValue(userName, SCIMConstants.CommonSchemaConstants.ID_URI, null); group.setMember(userId, userName); SCIMGroupHandler groupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); group = groupHandler.getGroupWithAttributes(group, groupName); return group;
/** * Set claim to user store manager * * @param user user * @param claim claim uri * @param value claim value * @throws IdentityException if fails */ public static void setClaimInUserStoreManager(User user, String claim, String value) throws UserStoreException { String fullUserName = IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()); int tenantId = IdentityTenantUtil.getTenantId(user.getTenantDomain()); org.wso2.carbon.user.core.UserStoreManager userStoreManager = null; RealmService realmService = IdentityRecoveryServiceDataHolder.getInstance().getRealmService(); if (realmService.getTenantUserRealm(tenantId) != null) { userStoreManager = (org.wso2.carbon.user.core.UserStoreManager) realmService.getTenantUserRealm(tenantId). getUserStoreManager(); } if (userStoreManager != null) { Map<String, String> values = userStoreManager.getUserClaimValues(fullUserName, new String[]{ claim}, UserCoreConstants.DEFAULT_PROFILE); String oldValue = values.get(claim); if (oldValue == null || !oldValue.equals(value)) { Map<String, String> claimMap = new HashMap<String, String>(); claimMap.put(claim, value); userStoreManager.setUserClaimValues(fullUserName, claimMap, UserCoreConstants.DEFAULT_PROFILE); } } }
public int getTenantId() throws UserStoreException { return getUserStoreManager().getTenantId(); }
@Override public boolean doPostUpdateCredentialByAdmin(String userName, Object credential, UserStoreManager userStoreManager) throws UserStoreException { if (!isEnable()) { return true; } Map<String, String> userClaims = new HashMap<>(); userClaims.put(IdentityMgtConstants.LAST_PASSWORD_UPDATE_TIME, Long .toString(System.currentTimeMillis())); userStoreManager.setUserClaimValues(userName, userClaims, null); return true; }