org.wso2.carbon.user.mgt.common.UserAdminException Java Examples
The following examples show how to use
org.wso2.carbon.user.mgt.common.UserAdminException.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: UserAdmin.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
/**
* List users with given claim value and permission
*
* @param claimValue claim to check
* @param filter filter to check
* @param permission permission to check
* @param maxLimit
* @return
* @throws UserAdminException
*/
public FlaggedName[] listUserByClaimWithPermission(ClaimValue claimValue, String filter, String permission, int
maxLimit)
throws UserAdminException {
List<FlaggedName> permittedUsers = new ArrayList<>();
try {
org.wso2.carbon.user.api.UserRealm realm = UserMgtDSComponent.getRealmService().getTenantUserRealm
(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
AuthorizationManager authorizationManager = realm.getAuthorizationManager();
FlaggedName[] users = getUserAdminProxy().listUsers(claimValue, filter, maxLimit);
for (int i = 0; i < users.length - 1; i++) {
if (authorizationManager.isUserAuthorized(users[i].getItemName(),
permission, UserMgtConstants.EXECUTE_ACTION)) {
permittedUsers.add(users[i]);
}
}
} catch (org.wso2.carbon.user.api.UserStoreException e) {
throw new UserAdminException("Error while filtering authorized users.", e);
}
FlaggedName[] permittedUsersArray = new FlaggedName[permittedUsers.size()];
return permittedUsers.toArray(permittedUsersArray);
}
Example #2
| Source File: UserAdmin.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
private void addUserRole(String roleName, String[] userList, String[] permissions, boolean isSharedRole, boolean
isInternalRole) throws UserAdminException {
String result = null;
if (permissions == null) {
permissions = new String[0];
}
try {
UserRealm realm = (UserRealm) CarbonContext.getThreadLocalCarbonContext().getUserRealm();
if (!isAllowedRoleName(roleName, realm)) {
throw new UserAdminException("Role name is reserved by the system");
}
if (!isInternalRole) {
getUserAdminProxy().addRole(roleName, userList, permissions, isSharedRole);
} else {
getUserAdminProxy().addInternalRole(roleName, userList, permissions);
}
} catch (UserAdminException e) {
throw e;
}
}
Example #3
| Source File: UserAdmin.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
/**
* @param roleName
* @param realm
* @return
* @throws UserAdminException
*/
private boolean isAllowedRoleName(String roleName, UserRealm realm) throws UserAdminException {
if (roleName == null) {
return false;
}
int index;
index = roleName.indexOf(CarbonConstants.DOMAIN_SEPARATOR);
if (index > 0) {
roleName = roleName.substring(index + 1);
}
try {
return !realm.getRealmConfiguration().isReservedRoleName(roleName);
} catch (UserStoreException e) {
throw new UserAdminException(e.getMessage(), e);
}
}
Example #4
| Source File: UserAdmin.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
/**
* Get list of roles which have given permission
*
* @param filter filter to check
* @param permission permission to check
* @param limit
* @return
* @throws UserAdminException
*/
public FlaggedName[] getAllPermittedRoleNames(String filter, String permission, int limit) throws
UserAdminException {
FlaggedName[] roles = getUserAdminProxy().getAllRolesNames(filter, limit);
List<FlaggedName> permittedRoles = new ArrayList<>();
try {
org.wso2.carbon.user.api.UserRealm realm = UserMgtDSComponent.getRealmService().getTenantUserRealm
(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
AuthorizationManager authorizationManager = realm.getAuthorizationManager();
for (int i = 0; i < roles.length - 1; i++) {
if (authorizationManager.isRoleAuthorized(roles[i].getItemName(), permission, UserMgtConstants
.EXECUTE_ACTION)) {
permittedRoles.add(roles[i]);
}
}
permittedRoles.add(roles[roles.length - 1]);
} catch (org.wso2.carbon.user.api.UserStoreException e) {
throw new UserAdminException("Error while filtering authorized roles.", e);
}
FlaggedName[] permittedRolesArray = new FlaggedName[permittedRoles.size()];
return permittedRoles.toArray(permittedRolesArray);
}
Example #5
| Source File: UserAdmin.java From carbon-identity with Apache License 2.0 | 6 votes |
|
/**
* List users with given claim value and permission
*
* @param claimValue claim to check
* @param filter filter to check
* @param permission permission to check
* @param maxLimit
* @return
* @throws UserAdminException
*/
public FlaggedName[] listUserByClaimWithPermission(ClaimValue claimValue, String filter, String permission, int
maxLimit)
throws UserAdminException {
List<FlaggedName> permittedUsers = new ArrayList<>();
try {
org.wso2.carbon.user.api.UserRealm realm = UserMgtDSComponent.getRealmService().getTenantUserRealm
(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
AuthorizationManager authorizationManager = realm.getAuthorizationManager();
FlaggedName[] users = getUserAdminProxy().listUsers(claimValue, filter, maxLimit);
for (int i = 0; i < users.length - 1; i++) {
if (authorizationManager.isUserAuthorized(users[i].getItemName(),
permission, UserMgtConstants.EXECUTE_ACTION)) {
permittedUsers.add(users[i]);
}
}
} catch (org.wso2.carbon.user.api.UserStoreException e) {
throw new UserAdminException("Error while filtering authorized users.", e);
}
FlaggedName[] permittedUsersArray = new FlaggedName[permittedUsers.size()];
return permittedUsers.toArray(permittedUsersArray);
}
Example #6
| Source File: ManagementPermissionUtil.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
/**
* To call relevant event listeners when there is a failure while updating permissions of role.
*
* @param errorMessage Relevant error message.
* @param permissions Permissions updated for the role.
* @throws UserAdminException User Admin Exception.
*/
public static void handleOnUpdatePermissionsOfRoleFailure(String errorMessage, String roleName, Permission[]
permissions, UserStoreManager userStoreManager)
throws UserAdminException {
try {
for (UserManagementErrorEventListener listener : UserMgtDSComponent
.getUserManagementErrorEventListeners()) {
if (listener.isEnable() && !listener.onUpdatePermissionsOfRoleFailure(
UserCoreErrorConstants.ErrorMessages.ERROR_CODE_ERROR_WHILE_UPDATING_PERMISSIONS_OF_ROLE
.getCode(), String.format(
UserCoreErrorConstants.ErrorMessages.ERROR_CODE_ERROR_WHILE_UPDATING_PERMISSIONS_OF_ROLE
.getMessage(), errorMessage), roleName, permissions, userStoreManager)) {
return;
}
}
} catch (UserStoreException ex) {
throw new UserAdminException(
"Exception while executing error listeners after a failure while updating permissions of role "
+ roleName, ex);
}
}
Example #7
| Source File: ManagementPermissionUtil.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
public static Permission[] getRoleUIPermissions(String roleName, String[] rawPermissions)
throws UserAdminException {
Permission[] permissions;
if (ArrayUtils.isEmpty(rawPermissions)) {
return new Permission[0];
}
String[] optimizedList = UserCoreUtil.optimizePermissions(rawPermissions);
permissions = new Permission[optimizedList.length];
int i = 0;
for (String path : optimizedList) {
permissions[i++] = new Permission(path, UserMgtConstants.EXECUTE_ACTION);
}
return permissions;
}
Example #8
| Source File: UserAdmin.java From carbon-identity with Apache License 2.0 | 6 votes |
|
private void addUserRole(String roleName, String[] userList, String[] permissions, boolean isSharedRole, boolean
isInternalRole) throws UserAdminException {
String result = null;
if (permissions == null) {
permissions = new String[0];
}
try {
UserRealm realm = (UserRealm) CarbonContext.getThreadLocalCarbonContext().getUserRealm();
if (!isAllowedRoleName(roleName, realm)) {
throw new UserAdminException("Role name is reserved by the system");
}
if (!isInternalRole) {
getUserAdminProxy().addRole(roleName, userList, permissions, isSharedRole);
} else {
getUserAdminProxy().addInternalRole(roleName, userList, permissions);
}
} catch (UserAdminException e) {
throw e;
}
}
Example #9
| Source File: UserAdmin.java From carbon-identity with Apache License 2.0 | 6 votes |
|
/**
* @param roleName
* @param realm
* @return
* @throws UserAdminException
*/
private boolean isAllowedRoleName(String roleName, UserRealm realm) throws UserAdminException {
int index;
index = roleName.indexOf("/");
if (index > 0) {
roleName = roleName.substring(index + 1);
}
try {
return !realm.getRealmConfiguration().isReservedRoleName(roleName);
} catch (UserStoreException e) {
throw new UserAdminException(e.getMessage(), e);
}
}
Example #10
| Source File: UserAdmin.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
/**
* @param userStoreDomain
* @param fileName
* @param handler
* @param defaultPassword
* @throws UserAdminException
*/
public void bulkImportUsers(String userStoreDomain, String fileName, DataHandler handler, String defaultPassword)
throws UserAdminException {
//password will no longer be used, instead the password will be taken from the file
if (fileName == null || handler == null) {
throw new UserAdminException("Required data not provided");
}
if (StringUtils.isEmpty(userStoreDomain)) {
userStoreDomain = IdentityUtil.getPrimaryDomainName();
}
try {
InputStream inStream = handler.getInputStream();
getUserAdminProxy().bulkImportUsers(userStoreDomain, fileName, inStream, defaultPassword);
} catch (IOException e) {
log.error(e.getMessage(), e);
throw new UserAdminException(e.getMessage(), e);
}
}
Example #11
| Source File: UserAdmin.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* @param filter
* @param limit
* @return
* @throws UserAdminException
*/
public FlaggedName[] listAllUsers(String filter, int limit) throws UserAdminException {
FlaggedName[] names;
names = getUserAdminProxy().listAllUsers(filter, limit);
return names;
}
Example #12
| Source File: UserAdmin.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* Get list of users which have given permission
*
* @param filter filter to check
* @param permission permission to check
* @param limit
* @return
* @throws UserAdminException
*/
public FlaggedName[] listAllUsersWithPermission(String filter, String permission, int limit) throws
UserAdminException {
List<FlaggedName> permittedUsers = new ArrayList<>();
try {
org.wso2.carbon.user.api.UserRealm realm = UserMgtDSComponent.getRealmService().getTenantUserRealm
(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
AuthorizationManager authorizationManager = realm.getAuthorizationManager();
FlaggedName[] users = getUserAdminProxy().listAllUsers(filter, limit);
for (int i = 0; i < users.length - 1; i++) {
if (authorizationManager.isUserAuthorized(users[i].getItemName(),
permission, UserMgtConstants.EXECUTE_ACTION)) {
permittedUsers.add(users[i]);
}
}
permittedUsers.add(users[users.length - 1]);
} catch (org.wso2.carbon.user.api.UserStoreException e) {
throw new UserAdminException("Error while filtering authorized users.", e);
}
FlaggedName[] permittedUsersArray = new FlaggedName[permittedUsers.size()];
return permittedUsers.toArray(permittedUsersArray);
}
Example #13
| Source File: RoleManagementServiceImpl.java From carbon-device-mgt with Apache License 2.0 | 5 votes |
|
private UIPermissionNode getRolePermissions(String roleName) throws UserStoreException, UserAdminException {
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
if (!userRealm.getUserStoreManager().isExistingRole(roleName)) {
throw new IllegalArgumentException("No role exists with the name '" + roleName + "'");
}
final UIPermissionNode rolePermissions = this.getUIPermissionNode(roleName, userRealm);
if (rolePermissions == null) {
if (log.isDebugEnabled()) {
log.debug("No permissions found for the role '" + roleName + "'");
}
}
return rolePermissions;
}
Example #14
| Source File: UserAdmin.java From carbon-identity with Apache License 2.0 | 5 votes |
|
public void addUser(String userName, String password, String[] roles, ClaimValue[] claims,
String profileName) throws UserAdminException {
try {
getUserAdminProxy().addUser(userName, password, roles, claims, profileName);
} catch (UserAdminException e) {
throw e;
}
}
Example #15
| Source File: UserAdmin.java From carbon-identity with Apache License 2.0 | 5 votes |
|
public void changePassword(String userName, String newPassword) throws UserAdminException {
try {
getUserAdminProxy().changePassword(userName, newPassword);
} catch (UserAdminException e) {
throw e;
}
}
Example #16
| Source File: UserAdmin.java From carbon-identity with Apache License 2.0 | 5 votes |
|
public void deleteUser(String userName) throws UserAdminException {
try {
getUserAdminProxy().deleteUser(userName,
CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_CONFIGURATION));
} catch (UserAdminException e) {
throw e;
}
}
Example #17
| Source File: UserAdmin.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* @param roleName
* @param newRoleName
* @throws UserAdminException
*/
public void updateRoleName(String roleName, String newRoleName) throws UserAdminException {
try {
getUserAdminProxy().updateRoleName(roleName, newRoleName);
} catch (UserAdminException e) {
throw e;
}
}
Example #18
| Source File: UserAdmin.java From carbon-identity with Apache License 2.0 | 5 votes |
|
public void updateUsersOfRole(String roleName, FlaggedName[] userList)
throws UserAdminException {
try {
getUserAdminProxy().updateUsersOfRole(roleName, userList);
} catch (UserAdminException e) {
throw e;
}
}
Example #19
| Source File: UserRealmProxy.java From carbon-identity with Apache License 2.0 | 5 votes |
|
public boolean isSharedRolesEnabled() throws UserAdminException {
UserStoreManager userManager;
try {
userManager = realm.getUserStoreManager(); // TODO remove abstract user store
return ((AbstractUserStoreManager) userManager).isSharedGroupEnabled();
} catch (UserStoreException e) {
log.error(e);
throw new UserAdminException("Unable to check shared role enabled", e);
}
}
Example #20
| Source File: RoleManagementServiceImpl.java From carbon-device-mgt with Apache License 2.0 | 5 votes |
|
private UIPermissionNode getRolePermissions(String roleName) throws UserStoreException, UserAdminException {
final UserRealm userRealm = DeviceMgtAPIUtils.getUserRealm();
if (!userRealm.getUserStoreManager().isExistingRole(roleName)) {
throw new IllegalArgumentException("No role exists with the name '" + roleName + "'");
}
final UIPermissionNode rolePermissions = this.getUIPermissionNode(roleName, userRealm);
if (rolePermissions == null) {
if (log.isDebugEnabled()) {
log.debug("No permissions found for the role '" + roleName + "'");
}
}
return rolePermissions;
}
Example #21
| Source File: RoleManagementServiceImpl.java From carbon-device-mgt with Apache License 2.0 | 5 votes |
|
private UIPermissionNode getUIPermissionNode(String roleName, UserRealm userRealm)
throws UserAdminException {
org.wso2.carbon.user.core.UserRealm userRealmCore = null;
if (userRealm instanceof org.wso2.carbon.user.core.UserRealm) {
userRealmCore = (org.wso2.carbon.user.core.UserRealm) userRealm;
}
final UserRealmProxy userRealmProxy = new UserRealmProxy(userRealmCore);
final UIPermissionNode rolePermissions =
userRealmProxy.getRolePermissions(roleName, MultitenantConstants.SUPER_TENANT_ID);
UIPermissionNode[] deviceMgtPermissions = new UIPermissionNode[4];
for (UIPermissionNode permissionNode : rolePermissions.getNodeList()) {
if (permissionNode.getResourcePath().equals("/permission/admin")) {
for (UIPermissionNode node : permissionNode.getNodeList()) {
if (node.getResourcePath().equals("/permission/admin/device-mgt")) {
deviceMgtPermissions[0] = node;
} else if (node.getResourcePath().equals("/permission/admin/login")) {
deviceMgtPermissions[1] = node;
} else if (node.getResourcePath().equals("/permission/admin/manage")) {
// Adding permissions related to app-store in emm-console
for (UIPermissionNode subNode : node.getNodeList()) {
if (subNode.getResourcePath().equals("/permission/admin/manage/mobileapp")) {
deviceMgtPermissions[2] = subNode;
} else if (subNode.getResourcePath().equals("/permission/admin/manage/webapp")) {
deviceMgtPermissions[3] = subNode;
}
}
}
}
}
}
rolePermissions.setNodeList(deviceMgtPermissions);
return rolePermissions;
}
Example #22
| Source File: RoleManagementServiceImpl.java From carbon-device-mgt with Apache License 2.0 | 5 votes |
|
private UIPermissionNode getAllRolePermissions(String roleName, UserRealm userRealm) throws UserAdminException {
org.wso2.carbon.user.core.UserRealm userRealmCore = null;
if (userRealm instanceof org.wso2.carbon.user.core.UserRealm) {
userRealmCore = (org.wso2.carbon.user.core.UserRealm) userRealm;
}
final UserRealmProxy userRealmProxy = new UserRealmProxy(userRealmCore);
final UIPermissionNode rolePermissions =
userRealmProxy.getRolePermissions(roleName, MultitenantConstants.SUPER_TENANT_ID);
return rolePermissions;
}
Example #23
| Source File: CSVUserBulkImport.java From carbon-identity with Apache License 2.0 | 5 votes |
|
private void addUserWithClaims(String username, String[] line, UserStoreManager userStore)
throws UserStoreException, UserAdminException {
String roleString = null;
String[] roles = null;
String password = line[1];
Map<String, String> claims = new HashMap<String, String>();
for (int i = 2; i < line.length; i++) {
if (line[i] != null && !line[i].isEmpty()) {
String[] claimStrings = line[i].split("=");
if (claimStrings.length != 2) {
throw new UserAdminException("Claims and values are not in correct format");
} else {
if (claimStrings[0].contains("role")) {
roleString = claimStrings[1];
} else {
claims.put(claimStrings[0], claimStrings[1]);
}
}
}
}
if (roleString != null && !roleString.isEmpty()) {
roles = roleString.split(":");
}
userStore.addUser(username, password, roles, claims, null, true);
}
Example #24
| Source File: UserAdmin.java From carbon-identity with Apache License 2.0 | 5 votes |
|
public void updateRolesOfUser(String userName, String[] newRoleList) throws UserAdminException {
try {
getUserAdminProxy().updateRolesOfUser(userName, newRoleList);
} catch (UserAdminException e) {
throw e;
}
}
Example #25
| Source File: UserAdmin.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* @param userName
* @param newRoles
* @param deletedRoles
* @throws UserAdminException
*/
public void addRemoveRolesOfUser(String userName, String[] newRoles, String[] deletedRoles)
throws UserAdminException {
try {
getUserAdminProxy().updateRolesOfUser(userName, newRoles, deletedRoles);
} catch (UserAdminException e) {
throw e;
}
}
Example #26
| Source File: RoleManagementServiceImpl.java From carbon-device-mgt with Apache License 2.0 | 5 votes |
|
private UIPermissionNode getAllRolePermissions(String roleName, UserRealm userRealm) throws UserAdminException {
org.wso2.carbon.user.core.UserRealm userRealmCore = null;
if (userRealm instanceof org.wso2.carbon.user.core.UserRealm) {
userRealmCore = (org.wso2.carbon.user.core.UserRealm) userRealm;
}
final UserRealmProxy userRealmProxy = new UserRealmProxy(userRealmCore);
final UIPermissionNode rolePermissions =
userRealmProxy.getRolePermissions(roleName, MultitenantConstants.SUPER_TENANT_ID);
return rolePermissions;
}
Example #27
| Source File: UserRealmProxyTest.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
@Test(expectedExceptions = UserStoreException.class)
public void testChangePasswordSameUserNoOldPasword() throws UserStoreException {
try {
userRealmProxy.changePassword("admin", "newPassword");
} catch (UserAdminException e) {
assertEquals(e.getMessage(), "An attempt to change password with out providing old password");
throw new UserStoreException(e);
}
}
Example #28
| Source File: UserAdmin.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* @param userName
* @param newRoles
* @param deletedRoles
* @throws UserAdminException
*/
public void addRemoveRolesOfUser(String userName, String[] newRoles, String[] deletedRoles)
throws UserAdminException {
try {
getUserAdminProxy().updateRolesOfUser(userName, newRoles, deletedRoles);
} catch (UserAdminException e) {
throw e;
}
}
Example #29
| Source File: UserAdmin.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* @param roleName
* @param newUsers
* @param deletedUsers
* @throws UserAdminException
*/
public void addRemoveUsersOfRole(String roleName, String[] newUsers, String[] deletedUsers)
throws UserAdminException {
try {
getUserAdminProxy().updateUsersOfRole(roleName, newUsers, deletedUsers);
} catch (UserAdminException e) {
throw e;
}
}
Example #30
| Source File: UserAdmin.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* @param roleName
* @param rawResources
* @throws UserAdminException
*/
public void setRoleUIPermission(String roleName, String[] rawResources)
throws UserAdminException {
try {
getUserAdminProxy().setRoleUIPermission(roleName, rawResources);
} catch (UserAdminException e) {
throw e;
}
}
