/** * Get group with only meta attributes. * * @param groupName * @return * @throws CharonException * @throws IdentitySCIMException * @throws org.wso2.carbon.user.core.UserStoreException */ private Group getGroupOnlyWithMetaAttributes(String groupName) throws CharonException, IdentitySCIMException, org.wso2.carbon.user.core.UserStoreException, BadRequestException { //get other group attributes and set. Group group = new Group(); group.setDisplayName(groupName); SCIMGroupHandler groupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); return groupHandler.getGroupWithAttributes(group, groupName); }
/** * When adding group through SCIM Resource endpoint, add the group attributes to the * Identity_SCIM_GROUP table, in addition to the ones added in UserStore (i.e display name, users) * * @param group */ public void createSCIMAttributes(Group group) throws IdentitySCIMException { try { Map<String, String> attributes = new HashMap<>(); attributes.put(SCIMConstants.CommonSchemaConstants.ID_URI, group.getId()); attributes.put(SCIMConstants.CommonSchemaConstants.CREATED_URI, AttributeUtil.formatDateTime( group.getCreatedDate())); attributes.put(SCIMConstants.CommonSchemaConstants.LAST_MODIFIED_URI, AttributeUtil.formatDateTime( group.getLastModified())); attributes.put(SCIMConstants.CommonSchemaConstants.LOCATION_URI, group.getLocation()); GroupDAO groupDAO = new GroupDAO(); groupDAO.addSCIMGroupAttributes(tenantId, group.getDisplayName(), attributes); } catch (CharonException e) { throw new IdentitySCIMException("Error getting group name from SCIM Group.", e); } }
/** * Set the attributes retrieved from the Identity table, in the given group object. * * @param group * @return */ public Group getGroupWithAttributes(Group group, String groupName) throws IdentitySCIMException, CharonException, BadRequestException { if (!isGroupExisting(groupName)) { logger.debug("The group " + groupName + " is not a SCIM group. Skipping.."); return group; } GroupDAO groupDAO = new GroupDAO(); Map<String, String> attributes = groupDAO.getSCIMGroupAttributes(tenantId, groupName); for (Map.Entry<String, String> entry : attributes.entrySet()) { if (SCIMConstants.CommonSchemaConstants.ID_URI.equals(entry.getKey())) { group.setId(entry.getValue()); } else if (SCIMConstants.CommonSchemaConstants.CREATED_URI.equals(entry.getKey())) { group.setCreatedDate(AttributeUtil.parseDateTime(entry.getValue())); } else if (SCIMConstants.CommonSchemaConstants.LAST_MODIFIED_URI.equals(entry.getKey())) { group.setLastModified(AttributeUtil.parseDateTime(entry.getValue())); } else if (SCIMConstants.CommonSchemaConstants.LOCATION_URI.equals(entry.getKey())) { group.setLocation(entry.getValue()); } } return group; }
scimGroup.setMember(user.getUniqueUserId(), claimValueList.get(0).getValue()); scimGroup.setId(userStoreGroup.getUniqueGroupId()); scimGroup.setSchemas(); scimGroup.setLocation(SCIMCommonConstants.GROUPS_LOCATION + "/" + userStoreGroup.getUniqueGroupId());
Group group = new Group(); group.setDisplayName(groupName); String[] userNames = carbonUM.getUserListOfRole(groupName); for (String userName : userNames) { String userId = carbonUM.getUserClaimValue(userName, SCIMConstants.CommonSchemaConstants.ID_URI, null); group.setMember(userId, userName);
throws CharonException { String displayName = null; displayName = oldGroup.getDisplayName(); try { String userStoreDomainFromSP = getUserStoreDomainFromSP(); IdentityUtil.extractDomainFromName(oldGroup.getDisplayName()))) { throw new CharonException("Group :" + oldGroup.getDisplayName() + "is not belong to user store " + userStoreDomainFromSP + "Hence group updating fail"); oldGroup.setDisplayName(IdentityUtil.addDomainToName(UserCoreUtil.removeDomainFromName(oldGroup.getDisplayName()), IdentityUtil.extractDomainFromName(oldGroup.getDisplayName()))); newGroup.setDisplayName(IdentityUtil.addDomainToName(UserCoreUtil.removeDomainFromName(newGroup.getDisplayName()), IdentityUtil.extractDomainFromName(newGroup.getDisplayName()))); if (IdentityUtil.extractDomainFromName(newGroup.getDisplayName()).equals(primaryDomain) && !(IdentityUtil .extractDomainFromName(oldGroup.getDisplayName()) .equals(primaryDomain))) { String userStoreDomain = IdentityUtil.extractDomainFromName(oldGroup.getDisplayName()); newGroup.setDisplayName(IdentityUtil.addDomainToName(newGroup.getDisplayName(), userStoreDomain)); } else if (!IdentityUtil.extractDomainFromName(oldGroup.getDisplayName()) .equals(IdentityUtil.extractDomainFromName(newGroup.getDisplayName()))) { throw new IdentitySCIMException( "User store domain of the group is not matching with the given SCIM group Id."); newGroup.setDisplayName(SCIMCommonUtils.getGroupNameWithDomain(newGroup.getDisplayName())); oldGroup.setDisplayName(SCIMCommonUtils.getGroupNameWithDomain(oldGroup.getDisplayName()));
public void deleteGroup() throws IdentitySCIMException { try { String filter = GROUP_FILTER + ((Group) scimObject).getDisplayName(); List<Group> groups = (List<Group>) (List<?>) listWithGet(null, null, filter, 1, 1, null, null, SCIM2CommonConstants.GROUP); if (groups != null && groups.size() > 0) { String groupId = groups.get(0).getId(); if (groupId == null) { return; } client.setURL(groupEPURL + "/" + groupId); Scimv2GroupsApi api = new Scimv2GroupsApi(client); ScimApiResponse<String> response = api.deleteGroup(); logger.info("SCIM - delete group operation returned with response code: " + response.getStatusCode()); handleSCIMErrorResponse(response); } } catch (AbstractCharonException e) { throw new IdentitySCIMException("Error in provisioning 'delete group' operation for user : " + userName, e); } catch (ScimApiException e) { throw new IdentitySCIMException(e.getMessage(), e); } catch (IOException e) { throw new IdentitySCIMException("Error in provisioning 'delete group' operation for user : " + userName, e); } }
public Group createGroup() { return new Group(); }
log.debug("Creating group: " + group.toString()); if (isNullOrEmpty(group.getDisplayName())) { throw new BadRequestException("Please provide valid name for group displayName"); String userStoreDomain = SCIMCommonUtils.extractDomainFromName(group.getDisplayName(), identityStore); group.setDisplayName(SCIMCommonUtils.removeDomainFromName(group.getDisplayName())); throw new ConflictException("Group with the name: " + group.getDisplayName() + " already exists in the system."); group.getAttribute(SCIMConstants.GroupSchemaConstants.MEMBERS); String errMsg = "Error occurred while adding group:" + group.getDisplayName() + "to user store"; String errMsg = "Error in retrieving newly added group:" + group.getDisplayName() + " from user store";
Optional<User> user = Optional.ofNullable(getSCIMUser(userId, requiredUserClaims, false)); if (user.isPresent()) { scimGroup.setMember(user.get().getId(), user.get().getUserName()); } else { log.warn("User " + userId + " recorded as member of group " + groupId + " but user " scimGroup.setSchemas(); scimGroup.setLocation(SCIMCommonConstants.GROUPS_LOCATION + "/" + groupId);
@Override public Group updateGroup(Group oldGroup, Group newGroup, Map<String, Boolean> requiredAttributes) throws NotImplementedException, BadRequestException, CharonException, NotFoundException { try { if (log.isDebugEnabled()) { log.debug("Updating group: " + oldGroup.toString()); } //get the claims map from the new scim user object. Map<String, String> claims = SCIMClaimResolver.getClaimsMap(newGroup); //get the claim list to be updated. List<Claim> claimList = getGroupBeanFromClaims(claims).getClaims(); //TODO this is a temporary method. need to remove this once the claim management is completed. claimList = ClaimMapper.getInstance().convertMetaToWso2Dialect(claimList); //set user updated claim values //TODO : Give the domain name identityStore.updateGroupClaims(oldGroup.getId(), claimList); //update the member list separately. updateMemberList(oldGroup, newGroup); if (log.isDebugEnabled()) { log.debug("User: " + newGroup.getDisplayName() + " updated through SCIM."); } //get the updated group from the user core and sent it to client. return this.getGroup(newGroup.getId(), requiredAttributes); } catch (GroupNotFoundException e) { throw new NotFoundException("No such group with the group id : " + oldGroup.getId()); } catch (IdentityStoreException e) { throw new CharonException("Error in updating the Group", e); } }
private void updateMemberList(Group oldGroup, Group newGroup) throws CharonException, IdentityStoreException { // list to store the new user ids which will be added to the group's members. List<String> newUserIds = new ArrayList<>(); MultiValuedAttribute newMembersAttribute = (MultiValuedAttribute) newGroup.getAttribute(SCIMConstants.GroupSchemaConstants.MEMBERS); //add the member ids to newUserIds list if (newMembersAttribute != null) { List<Attribute> membersValues = newMembersAttribute.getAttributeValues(); for (Attribute attribute : membersValues) { ComplexAttribute attributeValue = (ComplexAttribute) attribute; SimpleAttribute valueAttribute = (SimpleAttribute) attributeValue.getSubAttribute(SCIMConstants.CommonSchemaConstants.VALUE); newUserIds.add((String) valueAttribute.getValue()); } } //TODO : add the domain name here. identityStore.updateUsersOfGroup(oldGroup.getId(), newUserIds); } }
Group group = (Group) SCIMClaimResolver.constructSCIMObjectFromAttributes(attributes, SCIMCommonConstants.GROUP); group.setMember(addedUser.getId(), username); group.setId(UUID.randomUUID().toString()); Group newGroup = userManager.createGroup(group, requiredGroupAttributes); if (newGroup != null) {
SCIMClient scimClient = new SCIMClient(); List<String> users = ((Group) scimObject).getMembersWithDisplayName(); Group copiedGroup = null; if (CollectionUtils.isNotEmpty(users)) { copiedGroup.deleteAttribute(SCIMConstants.GroupSchemaConstants.MEMBERS); userId = ((User) filteredUser).getId(); copiedGroup.setMember(userId, user);
private List<Object> listGroups(Map<String, Boolean> requiredAttributes) throws CharonException { List<Object> groupList = new ArrayList<>(); //0th index is to store total number of results; groupList.add(0); try { SCIMGroupHandler groupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); Set<String> roleNames = groupHandler.listSCIMRoles(); for (String roleName : roleNames) { Group group = this.getGroupWithName(roleName); if (group.getId() != null) { groupList.add(group); } } } catch (org.wso2.carbon.user.core.UserStoreException e) { String errMsg = "Error in obtaining role names from user store."; errMsg += e.getMessage(); throw new CharonException(errMsg, e); } catch (IdentitySCIMException | BadRequestException e) { throw new CharonException("Error in retrieving SCIM Group information from database.", e); } //set the totalResults value in index 0 groupList.set(0, groupList.size()-1); return groupList; }
/** * Sets the member to the group. * * @param group * @param userName * @throws BadRequestException * @throws CharonException */ private void setMember(Group group, String userName) throws BadRequestException, CharonException { if (group.isAttributeExist(SCIMConstants.GroupSchemaConstants.MEMBERS)) { MultiValuedAttribute members = (MultiValuedAttribute) group.getAttributeList().get( SCIMConstants.GroupSchemaConstants.MEMBERS); ComplexAttribute complexAttribute = setMemberCommon(userName); members.setAttributeValue(complexAttribute); } else { MultiValuedAttribute members = new MultiValuedAttribute(SCIMConstants.GroupSchemaConstants.MEMBERS); DefaultAttributeFactory.createAttribute(SCIMSchemaDefinitions.SCIMGroupSchemaDefinition.MEMBERS, members); ComplexAttribute complexAttribute = setMemberCommon(userName); members.setAttributeValue(complexAttribute); group.setAttribute(members); } }
List<Object> membersId = group.getMembers(); if (group.isAttributeExist(SCIMConstants.GroupSchemaConstants.MEMBERS)) { MultiValuedAttribute members = (MultiValuedAttribute) group.getAttributeList().get( SCIMConstants.GroupSchemaConstants.MEMBERS); List<Attribute> attributeValues = members.getAttributeValues();
@Override public Group getGroup(String groupId, Map<String, Boolean> requiredAttributes) throws NotImplementedException, BadRequestException, CharonException, NotFoundException { if (log.isDebugEnabled()) { log.debug("Retrieving group: " + groupId); } try { org.wso2.carbon.identity.mgt.Group userStoreGroup = identityStore.getGroup(groupId); //TODO:We need to pass the scim claim dialect for this method List<Claim> claimList = userStoreGroup.getClaims(); //TODO this is a temporary method. need to remove this once the claim management is completed. claimList = ClaimMapper.getInstance().convertGroupToScimDialect(claimList); Group scimGroup = getSCIMGroup(userStoreGroup, claimList); if (log.isDebugEnabled()) { log.debug("Group: " + scimGroup.getDisplayName() + " is retrieved through SCIM."); } return scimGroup; } catch (IdentityStoreException e) { throw new CharonException("Error in getting the group : " + groupId, e); } catch (GroupNotFoundException e) { throw new NotFoundException("Group with the id :" + groupId + " does not exists."); } }
@Override public Group getGroup(String id, Map<String, Boolean> requiredAttributes) throws CharonException { if (log.isDebugEnabled()) { log.debug("Retrieving group with id: " + id); } Group group = null; try { SCIMGroupHandler groupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); //get group name by Id String groupName = groupHandler.getGroupName(id); if (groupName != null) { group = getGroupWithName(groupName); group.setSchemas(); return group; } else { //returning null will send a resource not found error to client by Charon. return null; } } catch (org.wso2.carbon.user.core.UserStoreException e) { throw new CharonException("Error in retrieving group : " + id, e); } catch (IdentitySCIMException e) { throw new CharonException("Error in retrieving SCIM Group information from database.", e); } catch (CharonException | BadRequestException e) { throw new CharonException("Error in retrieving the group", e); } }
(MultiValuedAttribute) (group.getAttribute(SCIMConstants.GroupSchemaConstants.MEMBERS))); List<String> userIds = new ArrayList<>(); if (membersAttribute.isPresent()) {