public int getTenantId() throws UserStoreException { return getUserStoreManager().getTenantId(); }
private Collection<String> getRolesToAdd(UserStoreManager userStoreManager, String[] newRoles) throws UserStoreException { Collection<String> addingRoles = new ArrayList<>(); Collections.addAll(addingRoles, newRoles); Collection<String> allExistingRoles = removeDomainFromNamesExcludeInternal( Arrays.asList(userStoreManager.getRoleNames()), userStoreManager.getTenantId()); addingRoles.retainAll(allExistingRoles); return addingRoles; }
public int getTenantIdofUser(String username) throws UserStoreException { if (Util.isSuperTenant()) { return getUserStoreManager().getTenantId(username); } else { StringBuilder stringBuilder = new StringBuilder(AUTH_FAIL); stringBuilder.append(CarbonContext.getThreadLocalCarbonContext().getTenantDomain()).append(" tenant id - ") .append(CarbonContext.getThreadLocalCarbonContext().getTenantId()).append(" user - ") .append(CarbonContext.getThreadLocalCarbonContext().getUsername()); log.warn(stringBuilder.toString()); throw new UserStoreException("Access Denied"); } }
@Override public boolean doPreDeleteUser(String userName, UserStoreManager userStoreManager) throws UserStoreException { if (!isEnable()) { return true; } String domainName = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration()); if (StringUtils.isBlank(domainName)) { domainName = UserAccountAssociationConstants.PRIMARY_USER_DOMAIN; } try { if (log.isDebugEnabled()) { log.debug("User account associations for user " + userName + " with tenant id " + userStoreManager.getTenantId() + " is getting deleted."); } UserAccountAssociationDAO.getInstance().deleteUserAssociation(domainName, userStoreManager.getTenantId() , userName); return true; } catch (UserAccountAssociationException e) { throw new UserStoreException(String.format(UserAccountAssociationConstants.ErrorMessages .ERROR_WHILE_DELETING_USER_ASSOC.getDescription(), userName), e); } }
/** * return when search using meta data; list of groups * @param attributeName attribute which is used to search * @param filterOperation operator value * @param attributeValue search value * @return list of groups * @throws org.wso2.carbon.user.core.UserStoreException * @throws IdentitySCIMException */ private String[] getGroupNamesFromDB(String attributeName, String filterOperation, String attributeValue) throws org.wso2.carbon.user.core.UserStoreException, IdentitySCIMException { String searchAttribute = getSearchAttribute(filterOperation, attributeValue, SQL_FILTERING_DELIMITER); SCIMGroupHandler groupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); return groupHandler.getGroupListFromAttributeName(attributeName, searchAttribute); }
/** * Delete federated user account associations a user has upon deleting the local user account. * * @param userName * @param userStoreManager * @return * @throws UserStoreException */ @Override public boolean doPreDeleteUser(String userName, UserStoreManager userStoreManager) throws UserStoreException { if (!isEnable()) { return true; } String userStoreDomain = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration()); if (StringUtils.isBlank(userStoreDomain)) { userStoreDomain = UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME; } int tenantId = userStoreManager.getTenantId(); if (log.isDebugEnabled()) { log.debug("doPreDeleteUser method executed in ProfileMgtEventListener for user:" + getFullQualifiedUsername(userName, userStoreDomain, IdentityTenantUtil.getTenantDomain(tenantId))); } deleteFederatedIdpAccountAssociations(userName, userStoreDomain, tenantId); return true; }
/** * Get group with only meta attributes. * * @param groupName * @return * @throws CharonException * @throws IdentitySCIMException * @throws org.wso2.carbon.user.core.UserStoreException */ private Group getGroupOnlyWithMetaAttributes(String groupName) throws CharonException, IdentitySCIMException, org.wso2.carbon.user.core.UserStoreException, BadRequestException { //get other group attributes and set. Group group = new Group(); group.setDisplayName(groupName); SCIMGroupHandler groupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); return groupHandler.getGroupWithAttributes(group, groupName); }
/** * Remove user claims from ClaimCache * * @param userName */ private boolean removeUserClaimsFromCache(String userName, UserStoreManager userStoreManager) throws UserStoreException { ClaimCache claimCache = ClaimCache.getInstance(); AuthenticatedUser authenticatedUser = new AuthenticatedUser(); authenticatedUser.setUserName(userName); authenticatedUser.setTenantDomain(IdentityTenantUtil.getTenantDomain(userStoreManager.getTenantId())); authenticatedUser.setUserStoreDomain(UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration())); ClaimCacheKey cacheKey = new ClaimCacheKey(authenticatedUser); if (cacheKey != null) { claimCache.clearCacheEntry(cacheKey); } return true; }
/** * Remove user claims from ClaimCache * * @param userName */ private boolean removeUserClaimsFromCache(String userName, UserStoreManager userStoreManager) throws UserStoreException { ClaimCache claimCache = ClaimCache.getInstance(); AuthenticatedUser authenticatedUser = new AuthenticatedUser(); authenticatedUser.setUserName(userName); authenticatedUser.setTenantDomain(IdentityTenantUtil.getTenantDomain(userStoreManager.getTenantId())); authenticatedUser.setUserStoreDomain(UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration())); ClaimCacheKey cacheKey = new ClaimCacheKey(authenticatedUser); if (cacheKey != null) { claimCache.clearCacheEntry(cacheKey); } return true; }
private void removeTokensFromCache(String userName, UserStoreManager userStoreManager) throws UserStoreException { String userStoreDomain = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration()); String tenantDomain = IdentityTenantUtil.getTenantDomain(userStoreManager.getTenantId()); Set<String> accessTokens; Set<String> authorizationCodes; AuthenticatedUser authenticatedUser = new AuthenticatedUser(); authenticatedUser.setUserStoreDomain(userStoreDomain); authenticatedUser.setTenantDomain(tenantDomain); authenticatedUser.setUserName(userName); try { accessTokens = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getAccessTokensByUser(authenticatedUser); authorizationCodes = OAuthTokenPersistenceFactory.getInstance() .getAuthorizationCodeDAO().getAuthorizationCodesByUser(authenticatedUser); removeAccessTokensFromCache(accessTokens); removeAuthzCodesFromCache(authorizationCodes); } catch (IdentityOAuth2Exception e) { String errorMsg = "Error occurred while retrieving access tokens issued for user : " + userName; log.error(errorMsg, e); } }
/** * Remove ClaimCache Entry if available. * * @param username * @param userStoreManager */ private void removeClaimCacheEntry(String username, UserStoreManager userStoreManager) throws UserStoreException { AuthenticatedUser authenticatedUser = new AuthenticatedUser(); authenticatedUser.setUserName(username); authenticatedUser.setTenantDomain(IdentityTenantUtil.getTenantDomain(userStoreManager.getTenantId())); authenticatedUser.setUserStoreDomain(UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration())); ClaimMetaDataCacheEntry cacheEntry = ClaimMetaDataCache.getInstance().getValueFromCache( new ClaimMetaDataCacheKey(authenticatedUser)); if(cacheEntry == null) { return; } ClaimCache.getInstance().clearCacheEntry(cacheEntry.getClaimCacheKey()); } }
/** * Remove ClaimCache Entry if available. * * @param username * @param userStoreManager */ private void removeClaimCacheEntry(String username, UserStoreManager userStoreManager) throws UserStoreException { AuthenticatedUser authenticatedUser = new AuthenticatedUser(); authenticatedUser.setUserName(username); authenticatedUser.setTenantDomain(IdentityTenantUtil.getTenantDomain(userStoreManager.getTenantId())); authenticatedUser.setUserStoreDomain(UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration())); ClaimMetaDataCacheEntry cacheEntry = ClaimMetaDataCache.getInstance().getValueFromCache( new ClaimMetaDataCacheKey(authenticatedUser)); if(cacheEntry == null) { return; } ClaimCache.getInstance().clearCacheEntry(cacheEntry.getClaimCacheKey()); } }
@Override public boolean doPreDeleteRole(String roleName, UserStoreManager userStoreManager) throws UserStoreException { if (!isEnable() || isCalledViaIdentityMgtListners()) { return true; } try { DeleteRoleWFRequestHandler deleteRoleWFRequestHandler = new DeleteRoleWFRequestHandler(); String domain = userStoreManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig .PROPERTY_DOMAIN_NAME); int tenantId = userStoreManager.getTenantId() ; String currentUser = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername(); PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(currentUser); return deleteRoleWFRequestHandler.startDeleteRoleFlow(domain, roleName); } catch (WorkflowException e) { // Sending e.getMessage() since it is required to give error message to end user. throw new UserStoreException(e.getMessage(), e); } finally { PrivilegedCarbonContext.endTenantFlow(); } }
@Override public boolean doPreDeleteUser(String userName, UserStoreManager userStoreManager) throws UserStoreException { if (!isEnable() || isCalledViaIdentityMgtListners()) { return true; } try { DeleteUserWFRequestHandler deleteUserWFRequestHandler = new DeleteUserWFRequestHandler(); String domain = userStoreManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig .PROPERTY_DOMAIN_NAME); int tenantId = userStoreManager.getTenantId() ; String currentUser = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername(); PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(currentUser); return deleteUserWFRequestHandler.startDeleteUserFlow(domain, userName); } catch (WorkflowException e) { // Sending e.getMessage() since it is required to give error message to end user. throw new UserStoreException(e.getMessage(), e); } finally { PrivilegedCarbonContext.endTenantFlow(); } }
@Override public boolean doPreSetUserClaimValues(String userName, Map<String, String> claims, String profileName, UserStoreManager userStoreManager) throws UserStoreException { if (!isEnable() || isCalledViaIdentityMgtListners()) { return true; } try { SetMultipleClaimsWFRequestHandler setMultipleClaimsWFRequestHandler = new SetMultipleClaimsWFRequestHandler(); String domain = userStoreManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig .PROPERTY_DOMAIN_NAME); int tenantId = userStoreManager.getTenantId() ; String currentUser = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername(); PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(currentUser); return setMultipleClaimsWFRequestHandler.startSetMultipleClaimsWorkflow(domain, userName, claims, profileName); } catch (WorkflowException e) { // Sending e.getMessage() since it is required to give error message to end user. throw new UserStoreException(e.getMessage(), e); } finally { PrivilegedCarbonContext.endTenantFlow(); } }
@Override public boolean doPreUpdateRoleName(String roleName, String newRoleName, UserStoreManager userStoreManager) throws UserStoreException { if (!isEnable() || isCalledViaIdentityMgtListners()) { return true; } try { UpdateRoleNameWFRequestHandler updateRoleNameWFRequestHandler = new UpdateRoleNameWFRequestHandler(); String domain = userStoreManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig .PROPERTY_DOMAIN_NAME); int tenantId = userStoreManager.getTenantId() ; String currentUser = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername(); PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(currentUser); return updateRoleNameWFRequestHandler.startUpdateRoleNameFlow(domain, roleName, newRoleName); } catch (WorkflowException e) { // Sending e.getMessage() since it is required to give error message to end user. throw new UserStoreException(e.getMessage(), e); } finally { PrivilegedCarbonContext.endTenantFlow(); } }
@Override public boolean doPreAddUser(String userName, Object credential, String[] roleList, Map<String, String> claims, String profile, UserStoreManager userStoreManager) throws UserStoreException { if (!isEnable() || isCalledViaIdentityMgtListners()) { return true; } try { AddUserWFRequestHandler addUserWFRequestHandler = new AddUserWFRequestHandler(); String domain = userStoreManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig .PROPERTY_DOMAIN_NAME); int tenantId = userStoreManager.getTenantId() ; String currentUser = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername(); PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(currentUser); return addUserWFRequestHandler.startAddUserFlow(domain, userName, credential, roleList, claims, profile); } catch (WorkflowException e) { // Sending e.getMessage() since it is required to give error message to end user. throw new UserStoreException(e.getMessage(), e); } finally { PrivilegedCarbonContext.endTenantFlow(); } }
@Override public boolean doPreUpdateUserListOfRole(String roleName, String[] deletedUsers, String[] newUsers, UserStoreManager userStoreManager) throws UserStoreException { if (!isEnable() || isCalledViaIdentityMgtListners()) { return true; } try { UpdateRoleUsersWFRequestHandler updateRoleUsersWFRequestHandler = new UpdateRoleUsersWFRequestHandler(); String domain = userStoreManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig .PROPERTY_DOMAIN_NAME); int tenantId = userStoreManager.getTenantId() ; String currentUser = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername(); PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(currentUser); return updateRoleUsersWFRequestHandler.startUpdateRoleUsersFlow(domain, roleName, deletedUsers, newUsers); } catch (WorkflowException e) { // Sending e.getMessage() since it is required to give error message to end user. throw new UserStoreException(e.getMessage(), e); } finally { PrivilegedCarbonContext.endTenantFlow(); } }
@Override public boolean doPreAddRole(String roleName, String[] userList, Permission[] permissions, UserStoreManager userStoreManager) throws UserStoreException { try { if (!isEnable() || isCalledViaIdentityMgtListners()) { return true; } AddRoleWFRequestHandler addRoleWFRequestHandler = new AddRoleWFRequestHandler(); String domain = userStoreManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig .PROPERTY_DOMAIN_NAME); int tenantId = userStoreManager.getTenantId() ; String currentUser = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername(); PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(currentUser); return addRoleWFRequestHandler.startAddRoleFlow(domain, roleName, userList, permissions); } catch (WorkflowException e) { // Sending e.getMessage() since it is required to give error message to end user. throw new UserStoreException(e.getMessage(), e); } finally { PrivilegedCarbonContext.endTenantFlow(); } }
@Override public boolean doPreUpdateRoleListOfUser(String userName, String[] deletedRoles, String[] newRoles, UserStoreManager userStoreManager) throws UserStoreException { if (!isEnable() || isCalledViaIdentityMgtListners()) { return true; } try { UpdateUserRolesWFRequestHandler updateUserRolesWFRequestHandler = new UpdateUserRolesWFRequestHandler(); String domain = userStoreManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig .PROPERTY_DOMAIN_NAME); int tenantId = userStoreManager.getTenantId() ; String currentUser = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername(); PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(currentUser); return updateUserRolesWFRequestHandler.startUpdateUserRolesFlow(domain, userName, deletedRoles, newRoles); } catch (WorkflowException e) { // Sending e.getMessage() since it is required to give error message to end user. throw new UserStoreException(e.getMessage(), e); } finally { PrivilegedCarbonContext.endTenantFlow(); } }