/** * @param conn * @param idPId * @param tenantId * @param newRoleConfiguration * @param newRoleConfiguration * @throws SQLException * @throws IdentityProviderManagementException */ private void updateRoleConfiguration(Connection conn, int idPId, int tenantId, PermissionsAndRoleConfig newRoleConfiguration) throws SQLException, IdentityProviderManagementException { // delete all identity provider roles - this will also clean up idp role mappings. deleteAllIdPRoles(conn, idPId); if (newRoleConfiguration == null) { // bad data - we do not need to deal with. return; } // add identity provider roles. addIdPRoles(conn, idPId, tenantId, newRoleConfiguration.getIdpRoles()); if (newRoleConfiguration.getRoleMappings() == null || newRoleConfiguration.getRoleMappings().length == 0) { // we do not have any role mappings in the system. return; } // add identity provider role mappings. addIdPRoleMappings(conn, idPId, tenantId, newRoleConfiguration.getRoleMappings()); }
|| permissionsAndRoleConfiguration.getRoleMappings() == null || permissionsAndRoleConfiguration.getRoleMappings().length == 0) { return; RoleMapping[] roleMappings = permissionsAndRoleConfiguration.getRoleMappings(); int tenantID = CarbonContext.getThreadLocalCarbonContext().getTenantId();
throws SQLException { if (permissionsAndRoleConfiguration == null || permissionsAndRoleConfiguration.getRoleMappings() == null || ArrayUtils.isEmpty(permissionsAndRoleConfiguration.getRoleMappings())) { return; RoleMapping[] roleMappings = permissionsAndRoleConfiguration.getRoleMappings(); int tenantID = CarbonContext.getThreadLocalCarbonContext().getTenantId();
/** * Map the local roles of a user to service provider mapped role values. * * @param serviceProvider * @param locallyMappedUserRoles List of local roles * @param claimSeparator Separator used to combine individual roles in the returned string. * @return Service Provider mapped roles combined with claimSeparator */ public static String getServiceProviderMappedUserRoles(ServiceProvider serviceProvider, List<String> locallyMappedUserRoles, String claimSeparator) throws FrameworkException { if (isNotEmpty(locallyMappedUserRoles)) { locallyMappedUserRoles = new ArrayList<>(locallyMappedUserRoles); // Get Local Role to Service Provider Role mappings. RoleMapping[] localToSpRoleMapping = serviceProvider.getPermissionAndRoleConfig().getRoleMappings(); if (isNotEmpty(localToSpRoleMapping)) { for (RoleMapping roleMapping : localToSpRoleMapping) { // Check whether a local role is mapped to service provider role. if (locallyMappedUserRoles.contains(getLocalRoleName(roleMapping))) { // Remove the local roles from the list of user roles. locallyMappedUserRoles.removeAll(Collections.singletonList(getLocalRoleName(roleMapping))); // Add the service provider mapped role. locallyMappedUserRoles.add(roleMapping.getRemoteRole()); } } } return StringUtils.join(locallyMappedUserRoles, claimSeparator); } return null; }
/** * Validate local roles in role mapping configuration. * * @param validationMsg validation error messages * @param permissionsAndRoleConfig permission and role configurations * @param tenantDomain tenant domain */ private void validateRoleConfigs(List<String> validationMsg, PermissionsAndRoleConfig permissionsAndRoleConfig, String tenantDomain) { if (permissionsAndRoleConfig == null || permissionsAndRoleConfig.getRoleMappings() == null) { return; } try { UserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm() .getUserStoreManager(); for (RoleMapping roleMapping : permissionsAndRoleConfig.getRoleMappings()) { if (!userStoreManager.isExistingRole(roleMapping.getLocalRole().getLocalRoleName())) { validationMsg.add(String.format(ROLE_NOT_AVAILABLE, roleMapping.getLocalRole().getLocalRoleName())); break; } } } catch (UserStoreException e) { validationMsg.add(String.format("Error when checking the existence of local roles in %s.", tenantDomain)); } } }
if (permissionAndRoleConfig != null && ArrayUtils.isNotEmpty(permissionAndRoleConfig.getRoleMappings())) { loop: for (String receivedRole : receivedRoles) { for (RoleMapping roleMapping : permissionAndRoleConfig.getRoleMappings()) { if (roleMapping.getRemoteRole().equals(receivedRole)) { updatedRoleClaimValues.add(roleMapping.getLocalRole().getLocalRoleName());
RoleMapping[] roleMappings = roleConfiguration.getRoleMappings();
RoleMapping[] roleMappings = roleConfiguration.getRoleMappings();
/** * @param identityProvider */ public ExternalIdPConfig(IdentityProvider identityProvider) { this.identityProvider = identityProvider; claimConfiguration = identityProvider.getClaimConfig(); roleConfiguration = identityProvider.getPermissionAndRoleConfig(); justInTimeProConfig = identityProvider.getJustInTimeProvisioningConfig(); RoleMapping[] mappings = roleConfiguration.getRoleMappings(); if (mappings != null && mappings.length > 0) { for (RoleMapping roleMapping : mappings) { if (StringUtils.isNotEmpty(roleMapping.getLocalRole().getUserStoreId())) { this.roleMappings.put(roleMapping.getRemoteRole(), UserCoreUtil.addDomainToName(roleMapping .getLocalRole().getLocalRoleName(), roleMapping.getLocalRole().getUserStoreId())); } else { this.roleMappings.put(roleMapping.getRemoteRole(), roleMapping.getLocalRole() .getLocalRoleName()); } } } }
/** * @param identityProvider */ public ExternalIdPConfig(IdentityProvider identityProvider) { this.identityProvider = identityProvider; claimConfiguration = identityProvider.getClaimConfig(); roleConfiguration = identityProvider.getPermissionAndRoleConfig(); justInTimeProConfig = identityProvider.getJustInTimeProvisioningConfig(); if(roleConfiguration != null) { RoleMapping[] mappings = roleConfiguration.getRoleMappings(); if (mappings != null && mappings.length > 0) { for (RoleMapping roleMapping : mappings) { if (StringUtils.isNotEmpty(roleMapping.getLocalRole().getUserStoreId())) { this.roleMappings.put(roleMapping.getRemoteRole(), UserCoreUtil .addDomainToName(roleMapping.getLocalRole().getLocalRoleName(), roleMapping.getLocalRole().getUserStoreId())); } else { this.roleMappings.put(roleMapping.getRemoteRole(), roleMapping.getLocalRole().getLocalRoleName()); } } } } }
/** * @param identityProvider */ public ExternalIdPConfig(IdentityProvider identityProvider) { this.identityProvider = identityProvider; claimConfiguration = identityProvider.getClaimConfig(); roleConfiguration = identityProvider.getPermissionAndRoleConfig(); justInTimeProConfig = identityProvider.getJustInTimeProvisioningConfig(); if(roleConfiguration != null) { RoleMapping[] mappings = roleConfiguration.getRoleMappings(); if (mappings != null && mappings.length > 0) { for (RoleMapping roleMapping : mappings) { if (StringUtils.isNotEmpty(roleMapping.getLocalRole().getUserStoreId())) { this.roleMappings.put(roleMapping.getRemoteRole(), UserCoreUtil .addDomainToName(roleMapping.getLocalRole().getLocalRoleName(), roleMapping.getLocalRole().getUserStoreId())); } else { this.roleMappings.put(roleMapping.getRemoteRole(), roleMapping.getLocalRole().getLocalRoleName()); } } } } }
if (roleConfiguration != null && roleConfiguration.getRoleMappings() != null) { for (RoleMapping mapping : roleConfiguration.getRoleMappings()) { UserStoreManager usm = null; try {
.getPermissionAndRoleConfig().getIdpRoles()); if (identityProvider.getPermissionAndRoleConfig().getRoleMappings() != null && identityProvider.getPermissionAndRoleConfig().getRoleMappings().length > 0) { .getPermissionAndRoleConfig().getRoleMappings());
&& newIdentityProvider.getPermissionAndRoleConfig().getRoleMappings() != null) { for (RoleMapping mapping : newIdentityProvider.getPermissionAndRoleConfig() .getRoleMappings()) { UserStoreManager usm = null; try {
RoleMapping[] tempRoleMappings = permissionRoleConfiguration.getRoleMappings();
RoleMapping[] tempRoleMappings = permissionRoleConfiguration.getRoleMappings();
.getPermissionAndRoleConfig().getRoleMappings());
.getPermissionAndRoleConfig().getRoleMappings());
RoleMapping[] tempRoleMappings = permissionRoleConfiguration.getRoleMappings();
.getPermissionAndRoleConfig().getRoleMappings());