Java源码示例:org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig
示例1
private void updateRoleClaimConfigs(RoleConfig roleApiModel, ServiceProvider application) {
if (roleApiModel != null) {
ClaimConfig claimConfig = getClaimConfig(application);
if (roleApiModel.getClaim() != null) {
claimConfig.setRoleClaimURI(roleApiModel.getClaim().getUri());
}
PermissionsAndRoleConfig permissionAndRoleConfig = getPermissionAndRoleConfig(application);
permissionAndRoleConfig.setRoleMappings(getRoleMappings(roleApiModel));
LocalAndOutboundAuthenticationConfig localAndOutboundConfig = getLocalAndOutboundConfig(application);
setIfNotNull(roleApiModel.getIncludeUserDomain(), localAndOutboundConfig::setUseUserstoreDomainInRoles);
}
}
示例2
/**
* Validate local roles in role mapping configuration.
*
* @param validationMsg validation error messages
* @param permissionsAndRoleConfig permission and role configurations
* @param tenantDomain tenant domain
*/
private void validateRoleConfigs(List<String> validationMsg, PermissionsAndRoleConfig permissionsAndRoleConfig,
String tenantDomain) {
if (permissionsAndRoleConfig == null || permissionsAndRoleConfig.getRoleMappings() == null) {
return;
}
try {
UserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm()
.getUserStoreManager();
for (RoleMapping roleMapping : permissionsAndRoleConfig.getRoleMappings()) {
if (!userStoreManager.isExistingRole(roleMapping.getLocalRole().getLocalRoleName())) {
validationMsg.add(String.format(ROLE_NOT_AVAILABLE, roleMapping.getLocalRole().getLocalRoleName()));
break;
}
}
} catch (UserStoreException e) {
validationMsg.add(String.format("Error when checking the existence of local roles in %s.", tenantDomain));
}
}
示例3
/**
* @param conn
* @param idPId
* @param tenantId
* @param newRoleConfiguration
* @param newRoleConfiguration
* @throws SQLException
* @throws IdentityProviderManagementException
*/
private void updateRoleConfiguration(Connection conn, int idPId, int tenantId,
PermissionsAndRoleConfig newRoleConfiguration) throws SQLException,
IdentityProviderManagementException {
// delete all identity provider roles - this will also clean up idp role mappings.
deleteAllIdPRoles(conn, idPId);
if (newRoleConfiguration == null) {
// bad data - we do not need to deal with.
return;
}
// add identity provider roles.
addIdPRoles(conn, idPId, tenantId, newRoleConfiguration.getIdpRoles());
if (newRoleConfiguration.getRoleMappings() == null
|| newRoleConfiguration.getRoleMappings().length == 0) {
// we do not have any role mappings in the system.
return;
}
// add identity provider role mappings.
addIdPRoleMappings(conn, idPId, tenantId, newRoleConfiguration.getRoleMappings());
}
示例4
/**
* @param conn
* @param idPId
* @param tenantId
* @param newRoleConfiguration
* @param newRoleConfiguration
* @throws SQLException
* @throws IdentityProviderManagementException
*/
private void updateRoleConfiguration(Connection conn, int idPId, int tenantId,
PermissionsAndRoleConfig newRoleConfiguration) throws SQLException,
IdentityProviderManagementException {
// delete all identity provider roles - this will also clean up idp role mappings.
deleteAllIdPRoles(conn, idPId);
if (newRoleConfiguration == null) {
// bad data - we do not need to deal with.
return;
}
// add identity provider roles.
addIdPRoles(conn, idPId, tenantId, newRoleConfiguration.getIdpRoles());
if (newRoleConfiguration.getRoleMappings() == null
|| newRoleConfiguration.getRoleMappings().length == 0) {
// we do not have any role mappings in the system.
return;
}
// add identity provider role mappings.
addIdPRoleMappings(conn, idPId, tenantId, newRoleConfiguration.getRoleMappings());
}
示例5
private void updateRoles(IdentityProvider idp, Roles roles) {
if (roles != null) {
PermissionsAndRoleConfig permissionsAndRoleConfig = new PermissionsAndRoleConfig();
List<org.wso2.carbon.identity.api.server.idp.v1.model.RoleMapping> mappings = roles.getMappings();
List<RoleMapping> internalMappings = new ArrayList<>();
List<String> idpRoles = new ArrayList<>();
if (mappings != null) {
for (org.wso2.carbon.identity.api.server.idp.v1.model.RoleMapping mapping : mappings) {
RoleMapping internalMapping = new RoleMapping();
internalMapping.setLocalRole(new LocalRole(mapping.getLocalRole()));
internalMapping.setRemoteRole(mapping.getIdpRole());
idpRoles.add(mapping.getIdpRole());
internalMappings.add(internalMapping);
}
}
permissionsAndRoleConfig.setIdpRoles(idpRoles.toArray(new String[0]));
permissionsAndRoleConfig.setRoleMappings(internalMappings.toArray(new RoleMapping[0]));
idp.setPermissionAndRoleConfig(permissionsAndRoleConfig);
idp.setProvisioningRole(StringUtils.join(roles.getOutboundProvisioningRoles(), ","));
}
}
示例6
private Roles createRoleResponse(IdentityProvider identityProvider) {
PermissionsAndRoleConfig permissionsAndRoleConfig = identityProvider.getPermissionAndRoleConfig();
Roles roleConfig = new Roles();
List<org.wso2.carbon.identity.api.server.idp.v1.model.RoleMapping> apiRoleMappings = new ArrayList<>();
if (permissionsAndRoleConfig != null) {
if (permissionsAndRoleConfig.getRoleMappings() != null) {
for (RoleMapping roleMapping : permissionsAndRoleConfig.getRoleMappings()) {
org.wso2.carbon.identity.api.server.idp.v1.model.RoleMapping apiRoleMapping = new org.wso2.carbon
.identity.api.server.idp.v1.model.RoleMapping();
apiRoleMapping.setIdpRole(roleMapping.getRemoteRole());
apiRoleMapping.setLocalRole(IdentityUtil.addDomainToName(roleMapping
.getLocalRole().getLocalRoleName(), roleMapping.getLocalRole().getUserStoreId()));
apiRoleMappings.add(apiRoleMapping);
}
}
}
roleConfig.setMappings(apiRoleMappings);
String provRoles = identityProvider.getProvisioningRole();
if (StringUtils.isNotBlank(provRoles)) {
roleConfig.setOutboundProvisioningRoles(Arrays.asList(provRoles.split(",")));
}
return roleConfig;
}
示例7
private PermissionsAndRoleConfig getPermissionAndRoleConfig(ServiceProvider application) {
if (application.getPermissionAndRoleConfig() == null) {
application.setPermissionAndRoleConfig(new PermissionsAndRoleConfig());
}
return application.getPermissionAndRoleConfig();
}
示例8
private void verifyAndUpdateRoleConfiguration(String tenantDomain, int tenantId,
PermissionsAndRoleConfig roleConfiguration)
throws IdentityProviderManagementException {
List<RoleMapping> validRoleMappings = new ArrayList<>();
List<String> validIdPRoles = new ArrayList<>();
for (RoleMapping mapping : roleConfiguration.getRoleMappings()) {
try {
if (mapping.getRemoteRole() == null || mapping.getLocalRole() == null || StringUtils
.isBlank(mapping.getLocalRole().getLocalRoleName())) {
continue;
}
UserStoreManager usm = IdPManagementServiceComponent.getRealmService().getTenantUserRealm(tenantId)
.getUserStoreManager();
String role = mapping.getLocalRole().getLocalRoleName();
if (StringUtils.isNotBlank(mapping.getLocalRole().getUserStoreId())) {
role = IdentityUtil.addDomainToName(role, mapping.getLocalRole().getUserStoreId());
}
// Remove invalid mappings if local role does not exists.
if (usm.isExistingRole(role)) {
validRoleMappings.add(mapping);
validIdPRoles.add(mapping.getRemoteRole());
} else {
if (log.isDebugEnabled()) {
log.debug("Invalid local role name: " + role + " for the federated role: " + mapping
.getRemoteRole());
}
}
} catch (UserStoreException e) {
throw new IdentityProviderManagementException(
"Error occurred while retrieving UserStoreManager for tenant " + tenantDomain, e);
}
}
roleConfiguration.setRoleMappings(validRoleMappings.toArray(new RoleMapping[0]));
roleConfiguration.setIdpRoles(validIdPRoles.toArray(new String[0]));
}
示例9
/**
* @param applicationID
* @param permissionsAndRoleConfiguration
* @param connection
* @throws SQLException
*/
private void updatePermissionAndRoleConfiguration(int applicationID,
PermissionsAndRoleConfig permissionsAndRoleConfiguration, Connection connection)
throws SQLException {
if (permissionsAndRoleConfiguration == null
|| permissionsAndRoleConfiguration.getRoleMappings() == null
|| permissionsAndRoleConfiguration.getRoleMappings().length == 0) {
return;
}
RoleMapping[] roleMappings = permissionsAndRoleConfiguration.getRoleMappings();
int tenantID = CarbonContext.getThreadLocalCarbonContext().getTenantId();
PreparedStatement storeRoleMapPrepStmt = null;
try {
storeRoleMapPrepStmt = connection
.prepareStatement(ApplicationMgtDBQueries.STORE_ROLE_MAPPING);
for (RoleMapping roleMapping : roleMappings) {
// TENANT_ID, IDP_ROLE, SP_ROLE, APP_ID
storeRoleMapPrepStmt.setInt(1, tenantID);
storeRoleMapPrepStmt.setString(2, roleMapping.getLocalRole().getLocalRoleName());
storeRoleMapPrepStmt.setString(3, roleMapping.getRemoteRole());
storeRoleMapPrepStmt.setInt(4, applicationID);
storeRoleMapPrepStmt.addBatch();
if (log.isDebugEnabled()) {
log.debug("Storing Claim Mapping. IDPRole: " + roleMapping.getLocalRole()
+ " SPRole: " + roleMapping.getRemoteRole());
}
}
storeRoleMapPrepStmt.executeBatch();
} finally {
IdentityApplicationManagementUtil.closeStatement(storeRoleMapPrepStmt);
}
}
示例10
/**
* Retrieves Identity provider information about a given tenant
*
* @param idPName Unique name of the IdP to which the given local roles need to be mapped
* @param tenantDomain The tenant domain of whose local roles need to be mapped
* @param localRoles Local roles which need to be mapped to IdP roles
* @throws IdentityProviderManagementException Error when getting role mappings
*/
public Set<RoleMapping> getMappedIdPRoles(String idPName, String tenantDomain,
LocalRole[] localRoles) throws IdentityProviderManagementException {
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
if (StringUtils.isEmpty(idPName)) {
String msg = "Invalid argument: Identity Provider Name value is empty";
throw new IdentityProviderManagementException(msg);
}
IdentityProvider identityProvider = dao.getIdPByName(null, idPName, tenantId, tenantDomain);
if (identityProvider == null) {
identityProvider = new FileBasedIdPMgtDAO().getIdPByName(idPName, tenantDomain);
}
if (identityProvider == null) {
identityProvider = IdPManagementServiceComponent.getFileBasedIdPs().get(
IdentityApplicationConstants.DEFAULT_IDP_CONFIG);
}
PermissionsAndRoleConfig roleConfiguration = identityProvider.getPermissionAndRoleConfig();
if (roleConfiguration != null) {
RoleMapping[] roleMappings = roleConfiguration.getRoleMappings();
if (roleMappings != null && roleMappings.length > 0 && localRoles != null) {
Set<RoleMapping> returnSet = new HashSet<RoleMapping>();
for (LocalRole localRole : localRoles) {
for (RoleMapping roleMapping : roleMappings) {
if (roleMapping.getLocalRole().equals(localRole)) {
returnSet.add(roleMapping);
break;
}
}
}
return returnSet;
}
}
return new HashSet<RoleMapping>();
}
示例11
public ApplicationConfig(ServiceProvider application) {
this.serviceProvider = application;
applicationID = application.getApplicationID();
applicationName = application.getApplicationName();
isSaaSApp = application.isSaasApp();
LocalAndOutboundAuthenticationConfig outboundAuthConfig = application.getLocalAndOutBoundAuthenticationConfig();
if (outboundAuthConfig != null) {
subjectClaimUri = outboundAuthConfig.getSubjectClaimUri();
setUseTenantDomainInLocalSubjectIdentifier(outboundAuthConfig.isUseTenantDomainInLocalSubjectIdentifier());
setUseUserstoreDomainInLocalSubjectIdentifier(outboundAuthConfig
.isUseUserstoreDomainInLocalSubjectIdentifier());
setEnableAuthorization(outboundAuthConfig.isEnableAuthorization());
setUseUserstoreDomainInRole(outboundAuthConfig.isUseUserstoreDomainInRoles());
}
ClaimConfig claimConfig = application.getClaimConfig();
if (claimConfig != null) {
roleClaim = claimConfig.getRoleClaimURI();
alwaysSendMappedLocalSubjectId = claimConfig.isAlwaysSendMappedLocalSubjectId();
List<ClaimMapping> spClaimMappings = new ArrayList<>(Arrays.asList(claimConfig.getClaimMappings()));
setSpDialectClaims(claimConfig, spClaimMappings);
if (CollectionUtils.isNotEmpty(spClaimMappings)) {
for (ClaimMapping claim : spClaimMappings) {
if (claim.getRemoteClaim() != null
&& claim.getRemoteClaim().getClaimUri() != null) {
if (claim.getLocalClaim() != null) {
claimMappings.put(claim.getRemoteClaim().getClaimUri(), claim
.getLocalClaim().getClaimUri());
if (claim.isRequested()) {
requestedClaims.put(claim.getRemoteClaim().getClaimUri(), claim
.getLocalClaim().getClaimUri());
}
if (claim.isMandatory()) {
mandatoryClaims.put(claim.getRemoteClaim().getClaimUri(), claim
.getLocalClaim().getClaimUri());
}
} else {
claimMappings.put(claim.getRemoteClaim().getClaimUri(), null);
if (claim.isRequested()) {
requestedClaims.put(claim.getRemoteClaim().getClaimUri(), null);
}
if (claim.isMandatory()) {
mandatoryClaims.put(claim.getRemoteClaim().getClaimUri(), null);
}
}
}
}
}
}
PermissionsAndRoleConfig permissionRoleConfiguration;
permissionRoleConfiguration = application.getPermissionAndRoleConfig();
if (permissionRoleConfiguration != null) {
ApplicationPermission[] permissionList = permissionRoleConfiguration.getPermissions();
if (permissionList == null) {
permissionList = new ApplicationPermission[0];
}
permissions = new String[permissionList.length];
for (int i = 0; i < permissionList.length; i++) {
ApplicationPermission permission = permissionList[i];
permissions[i] = permission.getValue();
}
RoleMapping[] tempRoleMappings = permissionRoleConfiguration.getRoleMappings();
if (tempRoleMappings != null && tempRoleMappings.length > 0) {
for (RoleMapping roleMapping : tempRoleMappings) {
this.roleMappings.put(roleMapping.getLocalRole().getLocalRoleName(),
roleMapping.getRemoteRole());
}
}
}
}
示例12
/**
* Retrieves Identity provider information about a given tenant
*
* @param idPName Unique name of the IdP to which the given IdP roles need to be mapped
* @param tenantDomain The tenant domain of whose local roles to be mapped
* @param idPRoles IdP roles which need to be mapped to local roles
* @throws IdentityProviderManagementException Error when getting role mappings
*/
@Override
public Set<RoleMapping> getMappedLocalRoles(String idPName, String tenantDomain,
String[] idPRoles) throws IdentityProviderManagementException {
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
if (StringUtils.isEmpty(idPName)) {
String msg = "Invalid argument: Identity Provider Name value is empty";
throw new IdentityProviderManagementException(msg);
}
IdentityProvider identityProvider = dao.getIdPByName(null, idPName, tenantId, tenantDomain);
if (identityProvider == null) {
identityProvider = new FileBasedIdPMgtDAO().getIdPByName(idPName, tenantDomain);
}
if (identityProvider == null) {
identityProvider = IdPManagementServiceComponent.getFileBasedIdPs().get(
IdentityApplicationConstants.DEFAULT_IDP_CONFIG);
}
PermissionsAndRoleConfig roleConfiguration = identityProvider.getPermissionAndRoleConfig();
if (roleConfiguration != null) {
RoleMapping[] roleMappings = roleConfiguration.getRoleMappings();
if (roleMappings != null && roleMappings.length > 0 && idPRoles != null) {
Set<RoleMapping> returnSet = new HashSet<RoleMapping>();
for (String idPRole : idPRoles) {
for (RoleMapping roleMapping : roleMappings) {
if (roleMapping.getRemoteRole().equals(idPRole)) {
returnSet.add(roleMapping);
break;
}
}
}
return returnSet;
}
}
return new HashSet<RoleMapping>();
}
示例13
/**
* Retrieves Identity provider information about a given tenant
*
* @param idPName Unique name of the IdP to which the given local roles need to be mapped
* @param tenantDomain The tenant domain of whose local roles need to be mapped
* @param localRoles Local roles which need to be mapped to IdP roles
* @throws IdentityProviderManagementException Error when getting role mappings
*/
@Override
public Set<RoleMapping> getMappedIdPRoles(String idPName, String tenantDomain,
LocalRole[] localRoles) throws IdentityProviderManagementException {
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
if (StringUtils.isEmpty(idPName)) {
String msg = "Invalid argument: Identity Provider Name value is empty";
throw new IdentityProviderManagementException(msg);
}
IdentityProvider identityProvider = dao.getIdPByName(null, idPName, tenantId, tenantDomain);
if (identityProvider == null) {
identityProvider = new FileBasedIdPMgtDAO().getIdPByName(idPName, tenantDomain);
}
if (identityProvider == null) {
identityProvider = IdPManagementServiceComponent.getFileBasedIdPs().get(
IdentityApplicationConstants.DEFAULT_IDP_CONFIG);
}
PermissionsAndRoleConfig roleConfiguration = identityProvider.getPermissionAndRoleConfig();
if (roleConfiguration != null) {
RoleMapping[] roleMappings = roleConfiguration.getRoleMappings();
if (roleMappings != null && roleMappings.length > 0 && localRoles != null) {
Set<RoleMapping> returnSet = new HashSet<RoleMapping>();
for (LocalRole localRole : localRoles) {
for (RoleMapping roleMapping : roleMappings) {
if (roleMapping.getLocalRole().equals(localRole)) {
returnSet.add(roleMapping);
break;
}
}
}
return returnSet;
}
}
return new HashSet<RoleMapping>();
}
示例14
/**
* @param dbConnection
* @param idPName
* @param tenantId
* @return
* @throws IdentityProviderManagementException
* @throws SQLException
*/
public PermissionsAndRoleConfig getPermissionsAndRoleConfiguration(Connection dbConnection,
String idPName, int idPId, int tenantId)
throws SQLException {
PreparedStatement prepStmt1 = null;
PreparedStatement prepStmt2 = null;
ResultSet rs1 = null;
ResultSet rs2 = null;
PermissionsAndRoleConfig permissionRoleConfiguration = new PermissionsAndRoleConfig();
try {
List<String> idpRoleList = new ArrayList<String>();
// SP_IDP_ROLE
String sqlStmt = IdPManagementConstants.SQLQueries.GET_IDP_ROLES_SQL;
prepStmt1 = dbConnection.prepareStatement(sqlStmt);
prepStmt1.setInt(1, idPId);
rs1 = prepStmt1.executeQuery();
while (rs1.next()) {
idpRoleList.add(rs1.getString("ROLE"));
}
permissionRoleConfiguration.setIdpRoles(idpRoleList.toArray(new String[idpRoleList
.size()]));
List<RoleMapping> roleMappings = new ArrayList<RoleMapping>();
// SP_IDP_ROLE_MAPPINGS.SP_USER_STORE_ID, SP_IDP_ROLE_MAPPINGS.SP_LOCAL_ROLE,
// SP_IDP_ROLES.SP_IDP_ROLE
sqlStmt = IdPManagementConstants.SQLQueries.GET_IDP_ROLE_MAPPINGS_SQL;
prepStmt2 = dbConnection.prepareStatement(sqlStmt);
prepStmt2.setInt(1, idPId);
rs2 = prepStmt2.executeQuery();
while (rs2.next()) {
LocalRole localRole = new LocalRole(rs2.getString("USER_STORE_ID"),
rs2.getString("LOCAL_ROLE"));
RoleMapping roleMapping = new RoleMapping(localRole, rs2.getString("ROLE"));
roleMappings.add(roleMapping);
}
permissionRoleConfiguration.setRoleMappings(roleMappings
.toArray(new RoleMapping[roleMappings.size()]));
return permissionRoleConfiguration;
} finally {
IdentityDatabaseUtil.closeAllConnections(null, rs2, prepStmt2);
IdentityDatabaseUtil.closeAllConnections(null, rs1, prepStmt1);
}
}
示例15
public ApplicationConfig(ServiceProvider application) {
this.serviceProvider = application;
applicationID = application.getApplicationID();
applicationName = application.getApplicationName();
isSaaSApp = application.isSaasApp();
LocalAndOutboundAuthenticationConfig outboundAuthConfig = application.getLocalAndOutBoundAuthenticationConfig();
if (outboundAuthConfig != null) {
subjectClaimUri = outboundAuthConfig.getSubjectClaimUri();
setUseTenantDomainInLocalSubjectIdentifier(outboundAuthConfig.isUseTenantDomainInLocalSubjectIdentifier());
setUseUserstoreDomainInLocalSubjectIdentifier(outboundAuthConfig
.isUseUserstoreDomainInLocalSubjectIdentifier());
}
ClaimConfig claimConfig = application.getClaimConfig();
if (claimConfig != null) {
roleClaim = claimConfig.getRoleClaimURI();
alwaysSendMappedLocalSubjectId = claimConfig.isAlwaysSendMappedLocalSubjectId();
ClaimMapping[] claimMapping = claimConfig.getClaimMappings();
requestedClaims = new HashMap<String, String>();
if (claimMapping != null && claimMapping.length > 0) {
claimMappings = new HashMap<String, String>();
for (ClaimMapping claim : claimMapping) {
if (claim.getRemoteClaim() != null
&& claim.getRemoteClaim().getClaimUri() != null) {
if (claim.getLocalClaim() != null) {
claimMappings.put(claim.getRemoteClaim().getClaimUri(), claim
.getLocalClaim().getClaimUri());
if (claim.isRequested()) {
requestedClaims.put(claim.getRemoteClaim().getClaimUri(), claim
.getLocalClaim().getClaimUri());
}
} else {
claimMappings.put(claim.getRemoteClaim().getClaimUri(), null);
if (claim.isRequested()) {
requestedClaims.put(claim.getRemoteClaim().getClaimUri(), null);
}
}
}
}
}
}
PermissionsAndRoleConfig permissionRoleConfiguration;
permissionRoleConfiguration = application.getPermissionAndRoleConfig();
if (permissionRoleConfiguration != null) {
ApplicationPermission[] permissionList = permissionRoleConfiguration.getPermissions();
if (permissionList == null) {
permissionList = new ApplicationPermission[0];
}
permissions = new String[permissionList.length];
for (int i = 0; i < permissionList.length; i++) {
ApplicationPermission permission = permissionList[i];
permissions[i] = permission.getValue();
}
RoleMapping[] tempRoleMappings = permissionRoleConfiguration.getRoleMappings();
if (tempRoleMappings != null && tempRoleMappings.length > 0) {
this.roleMappings = new HashMap<String, String>();
for (RoleMapping roleMapping : tempRoleMappings) {
this.roleMappings.put(roleMapping.getLocalRole().getLocalRoleName(),
roleMapping.getRemoteRole());
}
}
}
}
示例16
/**
* @param applicationName
* @param permissionsConfig
* @throws IdentityApplicationManagementException
*/
public static void storePermissions(String applicationName, String username, PermissionsAndRoleConfig permissionsConfig)
throws IdentityApplicationManagementException {
Registry tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry(
RegistryType.USER_GOVERNANCE);
String permissionResourcePath = getApplicationPermissionPath();
try {
if (!tenantGovReg.resourceExists(permissionResourcePath)) {
boolean loggedInUserChanged = false;
UserRealm realm =
(UserRealm) CarbonContext.getThreadLocalCarbonContext().getUserRealm();
if (!realm.getAuthorizationManager()
.isUserAuthorized(username, permissionResourcePath,
UserMgtConstants.EXECUTE_ACTION)) {
//Logged in user is not authorized to create the permission.
// Temporarily change the user to the admin for creating the permission
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(
realm.getRealmConfiguration().getAdminUserName());
tenantGovReg = CarbonContext.getThreadLocalCarbonContext()
.getRegistry(RegistryType.USER_GOVERNANCE);
loggedInUserChanged = true;
}
Collection appRootNode = tenantGovReg.newCollection();
appRootNode.setProperty("name", "Applications");
tenantGovReg.put(permissionResourcePath, appRootNode);
if (loggedInUserChanged) {
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username);
}
}
if (permissionsConfig != null) {
ApplicationPermission[] permissions = permissionsConfig.getPermissions();
if (permissions == null || permissions.length < 1) {
return;
}
// creating the application node in the tree
String appNode = permissionResourcePath + PATH_CONSTANT + applicationName;
Collection appNodeColl = tenantGovReg.newCollection();
tenantGovReg.put(appNode, appNodeColl);
// now start storing the permissions
for (ApplicationPermission permission : permissions) {
String permissinPath = appNode + PATH_CONSTANT + permission;
Resource permissionNode = tenantGovReg.newResource();
permissionNode.setProperty("name", permission.getValue());
tenantGovReg.put(permissinPath, permissionNode);
}
}
} catch (Exception e) {
throw new IdentityApplicationManagementException("Error while storing permissions for application " +
applicationName, e);
}
}
示例17
@Override
public ServiceProvider getApplication(String applicationName, String tenantDomain)
throws IdentityApplicationManagementException {
int applicationId = 0;
int tenantID = MultitenantConstants.SUPER_TENANT_ID;
if (tenantDomain != null) {
try {
tenantID = ApplicationManagementServiceComponentHolder.getInstance().getRealmService()
.getTenantManager().getTenantId(tenantDomain);
} catch (UserStoreException e1) {
log.error("Error in reading application", e1);
throw new IdentityApplicationManagementException("Error while reading application", e1);
}
}
Connection connection = IdentityDatabaseUtil.getDBConnection();
try {
// Load basic application data
ServiceProvider serviceProvider = getBasicApplicationData(applicationName, connection,
tenantID);
if ((serviceProvider == null || serviceProvider.getApplicationName() == null)
&& ApplicationConstants.LOCAL_SP.equals(applicationName)) {
ServiceProvider localServiceProvider = new ServiceProvider();
localServiceProvider.setApplicationName(applicationName);
localServiceProvider.setDescription("Local Service Provider");
createApplication(localServiceProvider, tenantDomain);
serviceProvider = getBasicApplicationData(applicationName, connection, tenantID);
}
if (serviceProvider == null) {
return null;
}
applicationId = serviceProvider.getApplicationID();
serviceProvider.setInboundAuthenticationConfig(getInboundAuthenticationConfig(
applicationId, connection, tenantID));
serviceProvider
.setLocalAndOutBoundAuthenticationConfig(getLocalAndOutboundAuthenticationConfig(
applicationId, connection, tenantID));
serviceProvider.setInboundProvisioningConfig(getInboundProvisioningConfiguration(
applicationId, connection, tenantID));
serviceProvider.setOutboundProvisioningConfig(getOutboundProvisioningConfiguration(
applicationId, connection, tenantID));
// Load Claim Mapping
serviceProvider.setClaimConfig(getClaimConfiguration(applicationId, connection,
tenantID));
// Load Role Mappings
List<RoleMapping> roleMappings = getRoleMappingOfApplication(applicationId, connection,
tenantID);
PermissionsAndRoleConfig permissionAndRoleConfig = new PermissionsAndRoleConfig();
permissionAndRoleConfig.setRoleMappings(roleMappings
.toArray(new RoleMapping[roleMappings.size()]));
serviceProvider.setPermissionAndRoleConfig(permissionAndRoleConfig);
RequestPathAuthenticatorConfig[] requestPathAuthenticators = getRequestPathAuthenticators(
applicationId, connection, tenantID);
serviceProvider.setRequestPathAuthenticatorConfigs(requestPathAuthenticators);
List<ServiceProviderProperty> propertyList = getServicePropertiesBySpId(connection, applicationId);
serviceProvider.setSpProperties(propertyList.toArray(new ServiceProviderProperty[propertyList.size()]));
return serviceProvider;
} catch (SQLException e) {
throw new IdentityApplicationManagementException("Failed to update service provider "
+ applicationId, e);
} finally {
IdentityApplicationManagementUtil.closeConnection(connection);
}
}
示例18
/**
* Retrieves Identity provider information about a given tenant
*
* @param idPName Unique name of the IdP to which the given IdP roles need to be mapped
* @param tenantDomain The tenant domain of whose local roles to be mapped
* @param idPRoles IdP roles which need to be mapped to local roles
* @throws IdentityProviderManagementException Error when getting role mappings
*/
public Set<RoleMapping> getMappedLocalRoles(String idPName, String tenantDomain,
String[] idPRoles) throws IdentityProviderManagementException {
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
if (StringUtils.isEmpty(idPName)) {
String msg = "Invalid argument: Identity Provider Name value is empty";
throw new IdentityProviderManagementException(msg);
}
IdentityProvider identityProvider = dao.getIdPByName(null, idPName, tenantId, tenantDomain);
if (identityProvider == null) {
identityProvider = new FileBasedIdPMgtDAO().getIdPByName(idPName, tenantDomain);
}
if (identityProvider == null) {
identityProvider = IdPManagementServiceComponent.getFileBasedIdPs().get(
IdentityApplicationConstants.DEFAULT_IDP_CONFIG);
}
PermissionsAndRoleConfig roleConfiguration = identityProvider.getPermissionAndRoleConfig();
if (roleConfiguration != null) {
RoleMapping[] roleMappings = roleConfiguration.getRoleMappings();
if (roleMappings != null && roleMappings.length > 0 && idPRoles != null) {
Set<RoleMapping> returnSet = new HashSet<RoleMapping>();
for (String idPRole : idPRoles) {
for (RoleMapping roleMapping : roleMappings) {
if (roleMapping.getRemoteRole().equals(idPRole)) {
returnSet.add(roleMapping);
break;
}
}
}
return returnSet;
}
}
return new HashSet<RoleMapping>();
}
示例19
/**
* @param dbConnection
* @param idPName
* @param tenantId
* @return
* @throws IdentityProviderManagementException
* @throws SQLException
*/
public PermissionsAndRoleConfig getPermissionsAndRoleConfiguration(Connection dbConnection,
String idPName, int idPId, int tenantId)
throws IdentityProviderManagementException,
SQLException {
PreparedStatement prepStmt1 = null;
PreparedStatement prepStmt2 = null;
ResultSet rs1 = null;
ResultSet rs2 = null;
PermissionsAndRoleConfig permissionRoleConfiguration = new PermissionsAndRoleConfig();
try {
List<String> idpRoleList = new ArrayList<String>();
// SP_IDP_ROLE
String sqlStmt = IdPManagementConstants.SQLQueries.GET_IDP_ROLES_SQL;
prepStmt1 = dbConnection.prepareStatement(sqlStmt);
prepStmt1.setInt(1, idPId);
rs1 = prepStmt1.executeQuery();
while (rs1.next()) {
idpRoleList.add(rs1.getString("ROLE"));
}
permissionRoleConfiguration.setIdpRoles(idpRoleList.toArray(new String[idpRoleList
.size()]));
List<RoleMapping> roleMappings = new ArrayList<RoleMapping>();
// SP_IDP_ROLE_MAPPINGS.SP_USER_STORE_ID, SP_IDP_ROLE_MAPPINGS.SP_LOCAL_ROLE,
// SP_IDP_ROLES.SP_IDP_ROLE
sqlStmt = IdPManagementConstants.SQLQueries.GET_IDP_ROLE_MAPPINGS_SQL;
prepStmt2 = dbConnection.prepareStatement(sqlStmt);
prepStmt2.setInt(1, idPId);
rs2 = prepStmt2.executeQuery();
while (rs2.next()) {
LocalRole localRole = new LocalRole(rs2.getString("USER_STORE_ID"),
rs2.getString("LOCAL_ROLE"));
RoleMapping roleMapping = new RoleMapping(localRole, rs2.getString("ROLE"));
roleMappings.add(roleMapping);
}
permissionRoleConfiguration.setRoleMappings(roleMappings
.toArray(new RoleMapping[roleMappings.size()]));
return permissionRoleConfiguration;
} finally {
IdentityDatabaseUtil.closeAllConnections(null, rs2, prepStmt2);
IdentityDatabaseUtil.closeAllConnections(null, rs1, prepStmt1);
}
}
示例20
/**
* Check the retireved roles against the role mappings in the IDP and return the updated roles
* @param identityProvider used to retrieve the role mappings
* @param currentRoleClaimValue current roles received through the token
* @return updated roles
*/
private String getUpdatedRoleClaimValue(IdentityProvider identityProvider, String currentRoleClaimValue) {
if (StringUtils.equalsIgnoreCase(IdentityApplicationConstants.RESIDENT_IDP_RESERVED_NAME,
identityProvider.getIdentityProviderName())) {
return currentRoleClaimValue;
}
currentRoleClaimValue = currentRoleClaimValue.replace("\\/", "/").
replace("[", "").replace("]", "").replace("\"", "");
PermissionsAndRoleConfig permissionAndRoleConfig = identityProvider.getPermissionAndRoleConfig();
if (permissionAndRoleConfig != null && ArrayUtils.isNotEmpty(permissionAndRoleConfig.getRoleMappings())) {
String[] receivedRoles = currentRoleClaimValue.split(FrameworkUtils.getMultiAttributeSeparator());
List<String> updatedRoleClaimValues = new ArrayList<>();
String updatedLocalRole;
loop:
for (String receivedRole : receivedRoles) {
for (RoleMapping roleMapping : permissionAndRoleConfig.getRoleMappings()) {
if (roleMapping.getRemoteRole().equals(receivedRole)) {
updatedLocalRole = StringUtils.isEmpty(roleMapping.getLocalRole().getUserStoreId())
? roleMapping.getLocalRole().getLocalRoleName()
: roleMapping.getLocalRole().getUserStoreId() + UserCoreConstants.DOMAIN_SEPARATOR
+ roleMapping.getLocalRole().getLocalRoleName();
updatedRoleClaimValues.add(updatedLocalRole);
continue loop;
}
}
if (!OAuthServerConfiguration.getInstance().isReturnOnlyMappedLocalRoles()) {
updatedRoleClaimValues.add(receivedRole);
}
}
if (!updatedRoleClaimValues.isEmpty()) {
return StringUtils.join(updatedRoleClaimValues, FrameworkUtils.getMultiAttributeSeparator());
}
return null;
}
if (!OAuthServerConfiguration.getInstance().isReturnOnlyMappedLocalRoles()) {
return currentRoleClaimValue;
}
return null;
}
