forked from community/device-mgt-core
Merge pull request 'user store role mapping feature' (#266) from amalka.subasinghe/device-mgt-core:master into master
Reviewed-on: community/device-mgt-core#266Bug#10494
commit
50f369fe87
@ -0,0 +1,230 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<!--
|
||||
~ Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
~
|
||||
~ Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
~ Version 2.0 (the "License"); you may not use this file except
|
||||
~ in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing,
|
||||
~ software distributed under the License is distributed on an
|
||||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
~ KIND, either express or implied. See the License for the
|
||||
~ specific language governing permissions and limitations
|
||||
~ under the License.
|
||||
-->
|
||||
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<parent>
|
||||
<artifactId>device-mgt-extensions</artifactId>
|
||||
<groupId>io.entgra.device.mgt.core</groupId>
|
||||
<version>5.0.31-SNAPSHOT</version>
|
||||
<relativePath>../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<artifactId>io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper</artifactId>
|
||||
<packaging>bundle</packaging>
|
||||
<name>Entgra IoT - User store role mapping Module</name>
|
||||
<description>Entgra IoT - User store role mapping Module</description>
|
||||
<url>http://entgra.io</url>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.felix</groupId>
|
||||
<artifactId>maven-scr-plugin</artifactId>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<artifactId>maven-compiler-plugin</artifactId>
|
||||
<configuration>
|
||||
<source>1.8</source>
|
||||
<target>1.8</target>
|
||||
</configuration>
|
||||
<version>2.3.2</version>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.felix</groupId>
|
||||
<artifactId>maven-bundle-plugin</artifactId>
|
||||
<version>1.4.0</version>
|
||||
<extensions>true</extensions>
|
||||
<configuration>
|
||||
<instructions>
|
||||
<Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
|
||||
<Bundle-Name>${project.artifactId}</Bundle-Name>
|
||||
<Bundle-Version>${io.entgra.device.mgt.core.version}</Bundle-Version>
|
||||
<Bundle-Description>IOT - User store role mapping Module</Bundle-Description>
|
||||
<Private-Package>io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal</Private-Package>
|
||||
<Import-Package>
|
||||
org.osgi.framework.*;version="${imp.package.version.osgi.framework}",
|
||||
org.osgi.service.*;version="${imp.package.version.osgi.service}",
|
||||
org.apache.commons.logging,
|
||||
org.apache.axis2.*;version="${axis2.osgi.version.range}",
|
||||
org.wso2.carbon.core,
|
||||
org.wso2.carbon.utils.*,
|
||||
javax.xml.bind;resolution:=optional,
|
||||
javax.xml.bind.annotation,
|
||||
javax.xml.parsers,
|
||||
org.w3c.dom,
|
||||
org.wso2.carbon,
|
||||
org.wso2.carbon.context,
|
||||
org.wso2.carbon.user.api,
|
||||
org.wso2.carbon.user.core.common,
|
||||
org.wso2.carbon.user.core.service,
|
||||
org.wso2.carbon.user.mgt.common,
|
||||
io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.service,
|
||||
io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.exception
|
||||
</Import-Package>
|
||||
<Export-Package>
|
||||
!io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal,
|
||||
io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.*;version="${project.version}"
|
||||
</Export-Package>
|
||||
</instructions>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.jacoco</groupId>
|
||||
<artifactId>jacoco-maven-plugin</artifactId>
|
||||
<configuration>
|
||||
<destFile>${basedir}/target/coverage-reports/jacoco-unit.exec</destFile>
|
||||
</configuration>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>jacoco-initialize</id>
|
||||
<goals>
|
||||
<goal>prepare-agent</goal>
|
||||
</goals>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>jacoco-site</id>
|
||||
<phase>test</phase>
|
||||
<goals>
|
||||
<goal>report</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<dataFile>${basedir}/target/coverage-reports/jacoco-unit.exec</dataFile>
|
||||
<outputDirectory>${basedir}/target/coverage-reports/site</outputDirectory>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<!-- <plugin>-->
|
||||
<!-- <groupId>org.apache.maven.plugins</groupId>-->
|
||||
<!-- <artifactId>maven-surefire-plugin</artifactId>-->
|
||||
<!-- <configuration>-->
|
||||
<!-- <systemPropertyVariables>-->
|
||||
<!-- <log4j.configuration>file:src/test/resources/carbon-home/repository/conf/log4j.properties-->
|
||||
<!-- </log4j.configuration>-->
|
||||
<!-- </systemPropertyVariables>-->
|
||||
<!-- <suiteXmlFiles>-->
|
||||
<!-- <file>src/test/resources/testng.xml</file>-->
|
||||
<!-- </suiteXmlFiles>-->
|
||||
<!-- </configuration>-->
|
||||
<!-- </plugin>-->
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.eclipse.osgi</groupId>
|
||||
<artifactId>org.eclipse.osgi</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.eclipse.osgi</groupId>
|
||||
<artifactId>org.eclipse.osgi.services</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.carbon</groupId>
|
||||
<artifactId>org.wso2.carbon.core</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.carbon</groupId>
|
||||
<artifactId>org.wso2.carbon.logging</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.carbon</groupId>
|
||||
<artifactId>org.wso2.carbon.utils</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.carbon</groupId>
|
||||
<artifactId>org.wso2.carbon.user.api</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.carbon</groupId>
|
||||
<artifactId>org.wso2.carbon.user.core</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.carbon.identity.framework</groupId>
|
||||
<artifactId>org.wso2.carbon.user.mgt</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-inline</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.testng</groupId>
|
||||
<artifactId>testng</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.orbit.com.h2database</groupId>
|
||||
<artifactId>h2</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.httpcomponents.wso2</groupId>
|
||||
<artifactId>httpcore</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.apache.httpcomponents</groupId>
|
||||
<artifactId>httpclient</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.carbon</groupId>
|
||||
<artifactId>org.wso2.carbon.securevault</artifactId>
|
||||
<!--<version>${carbon.kernel.version}</version>-->
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.securevault</groupId>
|
||||
<artifactId>org.wso2.securevault</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>xerces.wso2</groupId>
|
||||
<artifactId>xercesImpl</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.axis2.wso2</groupId>
|
||||
<artifactId>axis2</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.carbon</groupId>
|
||||
<artifactId>org.wso2.carbon.queuing</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.xml.bind</groupId>
|
||||
<artifactId>jaxb-api</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>io.entgra.device.mgt.core</groupId>
|
||||
<artifactId>io.entgra.device.mgt.core.server.bootup.heartbeat.beacon</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
@ -0,0 +1,139 @@
|
||||
/*
|
||||
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper;
|
||||
|
||||
import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.bean.RoleMapping;
|
||||
import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.bean.UserStoreRoleMappingConfig;
|
||||
import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal.UserStoreRoleMappingDataHolder;
|
||||
import io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.exception.HeartBeatManagementException;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
import org.wso2.carbon.core.ServerStartupObserver;
|
||||
import org.wso2.carbon.user.api.UserStoreException;
|
||||
import org.wso2.carbon.user.api.UserStoreManager;
|
||||
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.concurrent.Executors;
|
||||
import java.util.concurrent.ScheduledExecutorService;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
public class UserStoreRoleMapper implements ServerStartupObserver {
|
||||
private static final Log log = LogFactory.getLog(UserStoreRoleMapper.class);
|
||||
|
||||
private UserStoreRoleMappingConfig config = null;
|
||||
@Override
|
||||
public void completingServerStartup() {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void completedServerStartup() {
|
||||
|
||||
config = UserStoreRoleMappingDataHolder.getInstance()
|
||||
.getUserStoreRoleMappingConfigManager().getUserStoreRoleMappingConfig();
|
||||
|
||||
try {
|
||||
if ((config.isEnabled() &&
|
||||
UserStoreRoleMappingDataHolder.getInstance().getHeartBeatService().isTaskPartitioningEnabled() &&
|
||||
UserStoreRoleMappingDataHolder.getInstance().getHeartBeatService().isQualifiedToExecuteTask())
|
||||
|| (config.isEnabled() &&
|
||||
!UserStoreRoleMappingDataHolder.getInstance().getHeartBeatService().isTaskPartitioningEnabled())) {
|
||||
Runnable periodicTask = new Runnable() {
|
||||
public void run() {
|
||||
updateRoleMapping();
|
||||
log.info("UserStoreRoleMapper executed....");
|
||||
}
|
||||
};
|
||||
|
||||
ScheduledExecutorService executor =
|
||||
Executors.newSingleThreadScheduledExecutor();
|
||||
|
||||
executor.scheduleAtFixedRate(periodicTask, config.getInitialDelayInSeconds(), config.getPeriodInSeconds(), TimeUnit.SECONDS);
|
||||
}
|
||||
} catch (HeartBeatManagementException e) {
|
||||
log.error("Error while accessing heart beat service " + e.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
private void updateRoleMapping() {
|
||||
try {
|
||||
PrivilegedCarbonContext.startTenantFlow();
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(
|
||||
MultitenantConstants.SUPER_TENANT_ID);
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(
|
||||
MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
|
||||
|
||||
List<RoleMapping> roleMappings = config.getMappings();
|
||||
|
||||
if (!roleMappings.isEmpty()) {
|
||||
UserStoreManager userStoreManager =
|
||||
UserStoreRoleMappingDataHolder.getInstance().getRealmService()
|
||||
.getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager();
|
||||
|
||||
for (RoleMapping mapping : roleMappings) {
|
||||
if (userStoreManager.isExistingRole(mapping.getSecondaryRole())) {
|
||||
String[] users = userStoreManager.getUserListOfRole(mapping.getSecondaryRole());
|
||||
if (users != null && users.length > 0) {
|
||||
List<String> primaryRoles = mapping.getInternalRoles();
|
||||
for (String role : primaryRoles) {
|
||||
if (userStoreManager.isExistingRole(role)) {
|
||||
String[] existingUsers = userStoreManager.getUserListOfRole(role);
|
||||
List<String> existingUserList = new ArrayList<>(Arrays.asList(existingUsers));
|
||||
List<String> newUserList = new ArrayList<>();
|
||||
for (String user : users) {
|
||||
if (existingUserList.contains(user)) {
|
||||
// if contains, remove from existing list
|
||||
existingUserList.remove(user);
|
||||
} else {
|
||||
// new user
|
||||
newUserList.add(user);
|
||||
}
|
||||
}
|
||||
|
||||
List<String> deleteUserList = new ArrayList<>();
|
||||
if (!existingUserList.isEmpty()) {
|
||||
String domain = mapping.getSecondaryRole().substring(0, mapping.getSecondaryRole().indexOf("/"));
|
||||
for (String user : existingUserList) {
|
||||
if (user.startsWith(domain.toUpperCase())) {
|
||||
deleteUserList.add(user);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// update user list of given role
|
||||
if (!newUserList.isEmpty() || !deleteUserList.isEmpty()) {
|
||||
userStoreManager.updateUserListOfRole(role, deleteUserList.toArray(new String[0]), newUserList.toArray(new String[0]));
|
||||
log.info("update user role mapping executed.....");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch (UserStoreException e) {
|
||||
log.error("Error while getting user store..." + e.getMessage());
|
||||
} finally {
|
||||
PrivilegedCarbonContext.endTenantFlow();
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,76 @@
|
||||
/*
|
||||
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper;
|
||||
|
||||
import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.bean.UserStoreRoleMappingConfig;
|
||||
import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.exception.UserStoreRoleMapperException;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.w3c.dom.Document;
|
||||
import org.wso2.carbon.utils.CarbonUtils;
|
||||
|
||||
import javax.xml.bind.JAXBContext;
|
||||
import javax.xml.bind.JAXBException;
|
||||
import javax.xml.bind.Unmarshaller;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import java.io.File;
|
||||
|
||||
public class UserStoreRoleMappingConfigManager {
|
||||
|
||||
private static final Log log = LogFactory.getLog(UserStoreRoleMappingConfigManager.class);
|
||||
private static final String USERSTORE_ROLE_MAPPING_CONFIG_PATH = CarbonUtils.getCarbonConfigDirPath() +
|
||||
File.separator + "user-store-role-mapping-config.xml";
|
||||
|
||||
private final UserStoreRoleMappingConfig userStoreRoleMappingConfig;
|
||||
|
||||
public UserStoreRoleMappingConfigManager() throws UserStoreRoleMapperException {
|
||||
try {
|
||||
File UserStoreRoleMappingConfig = new File(USERSTORE_ROLE_MAPPING_CONFIG_PATH);
|
||||
Document doc = convertToDocument(UserStoreRoleMappingConfig);
|
||||
JAXBContext smsContext = JAXBContext.newInstance(UserStoreRoleMappingConfig.class);
|
||||
Unmarshaller unmarshaller = smsContext.createUnmarshaller();
|
||||
this.userStoreRoleMappingConfig = (UserStoreRoleMappingConfig) unmarshaller.unmarshal(doc);
|
||||
} catch (JAXBException e) {
|
||||
String msg = "Error occurred while initializing config '" + USERSTORE_ROLE_MAPPING_CONFIG_PATH + "'";
|
||||
log.error(msg, e);
|
||||
throw new UserStoreRoleMapperException(msg, e);
|
||||
}
|
||||
}
|
||||
|
||||
private static Document convertToDocument(File file) throws UserStoreRoleMapperException {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
factory.setNamespaceAware(true);
|
||||
|
||||
try {
|
||||
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
factory.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
|
||||
DocumentBuilder docBuilder = factory.newDocumentBuilder();
|
||||
return docBuilder.parse(file);
|
||||
} catch (Exception e) {
|
||||
throw new UserStoreRoleMapperException("Error occurred while parsing " + USERSTORE_ROLE_MAPPING_CONFIG_PATH +
|
||||
" file, while converting to a org.w3c.dom.Document", e);
|
||||
}
|
||||
}
|
||||
|
||||
public UserStoreRoleMappingConfig getUserStoreRoleMappingConfig() {
|
||||
return this.userStoreRoleMappingConfig;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,58 @@
|
||||
/*
|
||||
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.bean;
|
||||
|
||||
import javax.xml.bind.annotation.XmlAttribute;
|
||||
import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlElementWrapper;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
import java.util.List;
|
||||
|
||||
@XmlRootElement(
|
||||
name = "mapping"
|
||||
)
|
||||
public class RoleMapping {
|
||||
private String secondaryRole;
|
||||
|
||||
private List<String> internalRoles;
|
||||
|
||||
@XmlAttribute(
|
||||
name = "secondaryRole"
|
||||
)
|
||||
public String getSecondaryRole() {
|
||||
return secondaryRole;
|
||||
}
|
||||
|
||||
public void setSecondaryRole(String secondaryRole) {
|
||||
this.secondaryRole = secondaryRole;
|
||||
}
|
||||
|
||||
@XmlElementWrapper(
|
||||
name = "internalRoles"
|
||||
)
|
||||
@XmlElement(
|
||||
name = "role"
|
||||
)
|
||||
public List<String> getInternalRoles() {
|
||||
return internalRoles;
|
||||
}
|
||||
|
||||
public void setInternalRoles(List<String> internalRoles) {
|
||||
this.internalRoles = internalRoles;
|
||||
}
|
||||
}
|
@ -0,0 +1,83 @@
|
||||
/*
|
||||
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.bean;
|
||||
|
||||
import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlElementWrapper;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
import java.util.List;
|
||||
|
||||
@XmlRootElement(
|
||||
name = "UserStoreRoleMappingConfig"
|
||||
)
|
||||
public class UserStoreRoleMappingConfig {
|
||||
|
||||
private boolean enabled;
|
||||
private List<RoleMapping> mappings;
|
||||
|
||||
private long initialDelayInSeconds;
|
||||
|
||||
private long periodInSeconds;
|
||||
|
||||
@XmlElement(
|
||||
name = "enabled"
|
||||
)
|
||||
public boolean isEnabled() {
|
||||
return enabled;
|
||||
}
|
||||
|
||||
public void setEnabled(boolean enabled) {
|
||||
this.enabled = enabled;
|
||||
}
|
||||
|
||||
@XmlElementWrapper(
|
||||
name = "mappings"
|
||||
)
|
||||
@XmlElement(
|
||||
name = "mapping"
|
||||
)
|
||||
public List<RoleMapping> getMappings() {
|
||||
return mappings;
|
||||
}
|
||||
|
||||
public void setMappings(List<RoleMapping> mappings) {
|
||||
this.mappings = mappings;
|
||||
}
|
||||
|
||||
@XmlElement(
|
||||
name = "initialDelayInSeconds"
|
||||
)
|
||||
public long getInitialDelayInSeconds() {
|
||||
return initialDelayInSeconds;
|
||||
}
|
||||
|
||||
public void setInitialDelayInSeconds(long initialDelayInSeconds) {
|
||||
this.initialDelayInSeconds = initialDelayInSeconds;
|
||||
}
|
||||
|
||||
@XmlElement(
|
||||
name = "periodInSeconds"
|
||||
)
|
||||
public long getPeriodInSeconds() {
|
||||
return periodInSeconds;
|
||||
}
|
||||
|
||||
public void setPeriodInSeconds(long periodInSeconds) {
|
||||
this.periodInSeconds = periodInSeconds;
|
||||
}
|
||||
}
|
@ -0,0 +1,26 @@
|
||||
/*
|
||||
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.exception;
|
||||
|
||||
public class UserStoreRoleMapperException extends Exception {
|
||||
|
||||
public UserStoreRoleMapperException(String msg, Exception e) {
|
||||
super(msg, e);
|
||||
}
|
||||
}
|
@ -0,0 +1,94 @@
|
||||
/*
|
||||
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal;
|
||||
|
||||
import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.UserStoreRoleMappingConfigManager;
|
||||
import io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.service.HeartBeatManagementService;
|
||||
import org.wso2.carbon.context.CarbonContext;
|
||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
import org.wso2.carbon.user.api.UserRealm;
|
||||
import org.wso2.carbon.user.api.UserStoreException;
|
||||
import org.wso2.carbon.user.api.UserStoreManager;
|
||||
import org.wso2.carbon.user.core.service.RealmService;
|
||||
import org.wso2.carbon.utils.ConfigurationContextService;
|
||||
|
||||
public class UserStoreRoleMappingDataHolder {
|
||||
|
||||
private ConfigurationContextService configurationContextService;
|
||||
private RealmService realmService;
|
||||
private UserStoreRoleMappingConfigManager userStoreRoleMappingConfigManager;
|
||||
private HeartBeatManagementService heartBeatService;
|
||||
private static final UserStoreRoleMappingDataHolder thisInstance = new UserStoreRoleMappingDataHolder();
|
||||
|
||||
private UserStoreRoleMappingDataHolder() {}
|
||||
|
||||
public static UserStoreRoleMappingDataHolder getInstance() {
|
||||
return thisInstance;
|
||||
}
|
||||
|
||||
public ConfigurationContextService getConfigurationContextService() {
|
||||
return configurationContextService;
|
||||
}
|
||||
|
||||
public void setConfigurationContextService(ConfigurationContextService configurationContextService) {
|
||||
this.configurationContextService = configurationContextService;
|
||||
}
|
||||
|
||||
public UserStoreManager getUserStoreManager() throws UserStoreException {
|
||||
if (realmService == null) {
|
||||
String msg = "Realm service has not initialized.";
|
||||
throw new IllegalStateException(msg);
|
||||
}
|
||||
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
|
||||
return realmService.getTenantUserRealm(tenantId).getUserStoreManager();
|
||||
}
|
||||
|
||||
public UserRealm getUserRealm() throws UserStoreException {
|
||||
UserRealm realm;
|
||||
if (realmService == null) {
|
||||
throw new IllegalStateException("Realm service not initialized");
|
||||
}
|
||||
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
||||
realm = realmService.getTenantUserRealm(tenantId);
|
||||
return realm;
|
||||
}
|
||||
|
||||
public RealmService getRealmService() {
|
||||
return realmService;
|
||||
}
|
||||
|
||||
public void setRealmService(RealmService realmService) {
|
||||
this.realmService = realmService;
|
||||
}
|
||||
|
||||
public UserStoreRoleMappingConfigManager getUserStoreRoleMappingConfigManager() {
|
||||
return userStoreRoleMappingConfigManager;
|
||||
}
|
||||
|
||||
public void setUserStoreRoleMappingConfigManager(UserStoreRoleMappingConfigManager userStoreRoleMappingConfigManager) {
|
||||
this.userStoreRoleMappingConfigManager = userStoreRoleMappingConfigManager;
|
||||
}
|
||||
|
||||
public HeartBeatManagementService getHeartBeatService() {
|
||||
return heartBeatService;
|
||||
}
|
||||
|
||||
public void setHeartBeatService(HeartBeatManagementService heartBeatService) {
|
||||
this.heartBeatService = heartBeatService;
|
||||
}
|
||||
}
|
@ -0,0 +1,135 @@
|
||||
/*
|
||||
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal;
|
||||
|
||||
import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.UserStoreRoleMapper;
|
||||
import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.UserStoreRoleMappingConfigManager;
|
||||
import io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.service.HeartBeatManagementService;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.osgi.framework.BundleContext;
|
||||
import org.osgi.service.component.ComponentContext;
|
||||
import org.wso2.carbon.core.ServerStartupObserver;
|
||||
import org.wso2.carbon.user.core.service.RealmService;
|
||||
import org.wso2.carbon.utils.ConfigurationContextService;
|
||||
|
||||
/**
|
||||
* @scr.component name="io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal.UserStoreRoleMappingServiceComponent"
|
||||
* immediate="true"
|
||||
* @scr.reference name="user.realmservice.default"
|
||||
* interface="org.wso2.carbon.user.core.service.RealmService"
|
||||
* cardinality="1..1"
|
||||
* policy="dynamic"
|
||||
* bind="setRealmService"
|
||||
* unbind="unsetRealmService"
|
||||
* @scr.reference name="config.context.service"
|
||||
* interface="org.wso2.carbon.utils.ConfigurationContextService"
|
||||
* cardinality="0..1"
|
||||
* policy="dynamic"
|
||||
* bind="setConfigurationContextService"
|
||||
* unbind="unsetConfigurationContextService"
|
||||
* @scr.reference name="entgra.heart.beat.service"
|
||||
* interface="io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.service.HeartBeatManagementService"
|
||||
* cardinality="0..1"
|
||||
* policy="dynamic"
|
||||
* bind="setHeartBeatService"
|
||||
* unbind="unsetHeartBeatService"
|
||||
*/
|
||||
public class UserStoreRoleMappingServiceComponent {
|
||||
|
||||
private static final Log log = LogFactory.getLog(UserStoreRoleMappingServiceComponent.class);
|
||||
|
||||
protected void activate(ComponentContext ctx) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Activating Role Management Service Component");
|
||||
}
|
||||
try {
|
||||
BundleContext bundleContext = ctx.getBundleContext();
|
||||
UserStoreRoleMapper mapper = new UserStoreRoleMapper();
|
||||
bundleContext.registerService(ServerStartupObserver.class.getName(), mapper, null);
|
||||
UserStoreRoleMappingDataHolder.getInstance().setUserStoreRoleMappingConfigManager(new UserStoreRoleMappingConfigManager());
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Role Management Service Component has been successfully activated");
|
||||
}
|
||||
} catch (Throwable e) {
|
||||
log.error("Error occurred while activating Role Management Service Component", e);
|
||||
}
|
||||
}
|
||||
|
||||
protected void deactivate(ComponentContext ctx) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("De-activating Role Manager Service Component");
|
||||
}
|
||||
}
|
||||
|
||||
protected void setConfigurationContextService(ConfigurationContextService configurationContextService) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Setting ConfigurationContextService");
|
||||
}
|
||||
|
||||
UserStoreRoleMappingDataHolder.getInstance().setConfigurationContextService(configurationContextService);
|
||||
}
|
||||
|
||||
protected void unsetConfigurationContextService(ConfigurationContextService configurationContextService) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Un-setting ConfigurationContextService");
|
||||
}
|
||||
UserStoreRoleMappingDataHolder.getInstance().setConfigurationContextService(null);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets Realm Service.
|
||||
*
|
||||
* @param realmService An instance of RealmService
|
||||
*/
|
||||
protected void setRealmService(RealmService realmService) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Setting Realm Service");
|
||||
}
|
||||
UserStoreRoleMappingDataHolder.getInstance().setRealmService(realmService);
|
||||
}
|
||||
|
||||
/**
|
||||
* Unsets Realm Service.
|
||||
*
|
||||
* @param realmService An instance of RealmService
|
||||
*/
|
||||
protected void unsetRealmService(RealmService realmService) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Unsetting Realm Service");
|
||||
}
|
||||
UserStoreRoleMappingDataHolder.getInstance().setRealmService(null);
|
||||
}
|
||||
|
||||
@SuppressWarnings("unused")
|
||||
protected void setHeartBeatService(HeartBeatManagementService heartBeatService) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Setting heart beat service");
|
||||
}
|
||||
UserStoreRoleMappingDataHolder.getInstance().setHeartBeatService(heartBeatService);
|
||||
}
|
||||
|
||||
@SuppressWarnings("unused")
|
||||
protected void unsetHeartBeatService(HeartBeatManagementService heartBeatManagementService) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Removing heart beat service");
|
||||
}
|
||||
UserStoreRoleMappingDataHolder.getInstance().setHeartBeatService(null);
|
||||
}
|
||||
}
|
@ -0,0 +1,105 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
~
|
||||
~ Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
~ Version 2.0 (the "License"); you may not use this file except
|
||||
~ in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing,
|
||||
~ software distributed under the License is distributed on an
|
||||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
~ KIND, either express or implied. See the License for the
|
||||
~ specific language governing permissions and limitations
|
||||
~ under the License.
|
||||
-->
|
||||
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
|
||||
<parent>
|
||||
<groupId>io.entgra.device.mgt.core</groupId>
|
||||
<artifactId>device-mgt-extensions-feature</artifactId>
|
||||
<version>5.0.31-SNAPSHOT</version>
|
||||
<relativePath>../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<artifactId>io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.feature</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
<name>Entgra IoT - User store role mapper feature</name>
|
||||
<url>http://entgra.io</url>
|
||||
<description>
|
||||
This feature contains the core bundles required for user store role mapping functionality
|
||||
</description>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>io.entgra.device.mgt.core</groupId>
|
||||
<artifactId>io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<artifactId>maven-resources-plugin</artifactId>
|
||||
<version>2.6</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>copy-resources</id>
|
||||
<phase>generate-resources</phase>
|
||||
<goals>
|
||||
<goal>copy-resources</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<outputDirectory>src/main/resources</outputDirectory>
|
||||
<resources>
|
||||
<resource>
|
||||
<directory>resources</directory>
|
||||
<includes>
|
||||
<include>build.properties</include>
|
||||
<include>p2.inf</include>
|
||||
</includes>
|
||||
</resource>
|
||||
</resources>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.wso2.maven</groupId>
|
||||
<artifactId>carbon-p2-plugin</artifactId>
|
||||
<version>${carbon.p2.plugin.version}</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>p2-feature-generation</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>p2-feature-gen</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<id>io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper</id>
|
||||
<propertiesFile>../../etc/feature.properties</propertiesFile>
|
||||
<adviceFile>
|
||||
<properties>
|
||||
<propertyDef>org.wso2.carbon.p2.category.type:server
|
||||
</propertyDef>
|
||||
<propertyDef>org.eclipse.equinox.p2.type.group:true
|
||||
</propertyDef>
|
||||
</properties>
|
||||
</adviceFile>
|
||||
<bundles>
|
||||
<bundleDef>
|
||||
io.entgra.device.mgt.core:io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper:${io.entgra.device.mgt.core.version}
|
||||
</bundleDef>
|
||||
</bundles>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</project>
|
@ -0,0 +1,19 @@
|
||||
#
|
||||
# Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
#
|
||||
# Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
# Version 2.0 (the "License"); you may not use this file except
|
||||
# in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing,
|
||||
# software distributed under the License is distributed on an
|
||||
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
# KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
|
||||
custom = true
|
@ -0,0 +1,35 @@
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
<!--
|
||||
~ Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
~
|
||||
~ Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
~ Version 2.0 (the "License"); you may not use this file except
|
||||
~ in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing,
|
||||
~ software distributed under the License is distributed on an
|
||||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
~ KIND, either express or implied. See the License for the
|
||||
~ specific language governing permissions and limitations
|
||||
~ under the License.
|
||||
-->
|
||||
<UserStoreRoleMappingConfig>
|
||||
<enabled>false</enabled>
|
||||
<initialDelayInSeconds>30</initialDelayInSeconds>
|
||||
<periodInSeconds>3600</periodInSeconds>
|
||||
<mappings>
|
||||
<mapping secondaryRole="ENTGRA.IO/css_galle">
|
||||
<internalRoles>
|
||||
<role>Internal/branch_css</role>
|
||||
</internalRoles>
|
||||
</mapping>
|
||||
<mapping secondaryRole="ENTGRA.IO/css_nugegoda">
|
||||
<internalRoles>
|
||||
<role>Internal/branch_css</role>
|
||||
</internalRoles>
|
||||
</mapping>
|
||||
</mappings>
|
||||
</UserStoreRoleMappingConfig>
|
@ -0,0 +1,2 @@
|
||||
instructions.configure = \
|
||||
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper_${feature.version}/conf/user-store-role-mapping-config.xml,target:${installFolder}/../../../repository/conf/user-store-role-mapping-config.xml,overwrite:true);\
|
Loading…
Reference in new issue