WIP: Move user-service API implementation as a service #271
Draft
osh.silva
wants to merge 5 commits from osh.silva/device-mgt-core:user-service-10389
into master
4
components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/beans/BasePaginatedResult.java → components/device-mgt/io.entgra.device.mgt.core.device.mgt.common/src/main/java/io/entgra/device/mgt/core/device/mgt/common/BasePaginatedResult.java
4
components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/beans/BasePaginatedResult.java → components/device-mgt/io.entgra.device.mgt.core.device.mgt.common/src/main/java/io/entgra/device/mgt/core/device/mgt/common/BasePaginatedResult.java
4
components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/beans/BasicUserInfoList.java → components/device-mgt/io.entgra.device.mgt.core.device.mgt.common/src/main/java/io/entgra/device/mgt/core/device/mgt/common/BasicUserInfoList.java
4
components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/beans/BasicUserInfoList.java → components/device-mgt/io.entgra.device.mgt.core.device.mgt.common/src/main/java/io/entgra/device/mgt/core/device/mgt/common/BasicUserInfoList.java
@ -0,0 +1,49 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package io.entgra.device.mgt.core.device.mgt.common;
|
||||||
|
|
||||||
|
import com.fasterxml.jackson.annotation.JsonProperty;
|
||||||
|
import io.swagger.annotations.ApiModelProperty;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
public class BasicUserInfoMetadata {
|
||||||
|
|
||||||
|
private List<BasicUserInfo> users = new ArrayList<>();
|
||||||
|
|
||||||
|
private int totalUserCount;
|
||||||
|
|
||||||
|
public int getTotalUserCount() {
|
||||||
|
return totalUserCount;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setTotalUserCount(int totalUserCount) {
|
||||||
|
this.totalUserCount = totalUserCount;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<BasicUserInfo> getList() {
|
||||||
|
return users;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setList(List<BasicUserInfo> users) {
|
||||||
|
this.users = users;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
3
components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/beans/BasicUserInfoWrapper.java → components/device-mgt/io.entgra.device.mgt.core.device.mgt.common/src/main/java/io/entgra/device/mgt/core/device/mgt/common/BasicUserInfoWrapper.java
3
components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/beans/BasicUserInfoWrapper.java → components/device-mgt/io.entgra.device.mgt.core.device.mgt.common/src/main/java/io/entgra/device/mgt/core/device/mgt/common/BasicUserInfoWrapper.java
2
components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/beans/EnrollmentInvitation.java → components/device-mgt/io.entgra.device.mgt.core.device.mgt.common/src/main/java/io/entgra/device/mgt/core/device/mgt/common/EnrollmentInvitation.java
2
components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/beans/EnrollmentInvitation.java → components/device-mgt/io.entgra.device.mgt.core.device.mgt.common/src/main/java/io/entgra/device/mgt/core/device/mgt/common/EnrollmentInvitation.java
@ -0,0 +1,44 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package io.entgra.device.mgt.core.device.mgt.common.exceptions;
|
||||||
|
|
||||||
|
public class UserManagementException extends Exception {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = -3151279311929070297L;
|
||||||
|
|
||||||
|
public UserManagementException(String msg, Exception nestedEx) {
|
||||||
|
super(msg, nestedEx);
|
||||||
|
}
|
||||||
|
|
||||||
|
public UserManagementException(String message, Throwable cause) {
|
||||||
|
super(message, cause);
|
||||||
|
}
|
||||||
|
|
||||||
|
public UserManagementException(String msg) {
|
||||||
|
super(msg);
|
||||||
|
}
|
||||||
|
|
||||||
|
public UserManagementException() {
|
||||||
|
super();
|
||||||
|
}
|
||||||
|
|
||||||
|
public UserManagementException(Throwable cause) {
|
||||||
|
super(cause);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,48 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package io.entgra.device.mgt.core.device.mgt.common.group.mgt;
|
||||||
|
|
||||||
|
import io.swagger.annotations.ApiModelProperty;
|
||||||
|
|
||||||
|
public class GroupFilter {
|
||||||
|
private static final long serialVersionUID = 1998131711L;
|
||||||
|
|
||||||
|
@ApiModelProperty(name = "id", value = "ID of the device group in the device group information database.")
|
||||||
|
private int id;
|
||||||
|
|
||||||
|
@ApiModelProperty(name = "name", value = "The device group name that can be set on the device group by the user.",
|
||||||
|
required = true)
|
||||||
|
private String name;
|
||||||
|
|
||||||
|
public int getId() {
|
||||||
|
return id;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setId(int id) {
|
||||||
|
this.id = id;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getName() {
|
||||||
|
return name;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setName(String name) {
|
||||||
|
this.name = name;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,111 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package io.entgra.device.mgt.core.device.mgt.core.service;
|
||||||
|
|
||||||
|
import io.entgra.device.mgt.core.device.mgt.common.*;
|
||||||
|
import io.entgra.device.mgt.core.device.mgt.common.exceptions.UserManagementException;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Proxy class for all Device Management related operations that take the corresponding plugin type in
|
||||||
|
* and resolve the appropriate plugin implementation
|
||||||
|
*/
|
||||||
|
public interface UserManagementProviderService {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Method to retrieve the filtered roles of the user.
|
||||||
|
*
|
||||||
|
* @param userInfo new user data
|
||||||
|
* @return BasicUserInfoWrapper which has the information about the added user.
|
||||||
|
* @throws UserManagementException If some unusual behaviour is observed while adding the user.
|
||||||
|
*/
|
||||||
|
BasicUserInfoWrapper addUser(UserInfo userInfo) throws UserManagementException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Method to retrieve the filtered roles of the user.
|
||||||
|
*
|
||||||
|
* @param username name of the user
|
||||||
|
* @return BasicUserInfo object which consists of the user data.
|
||||||
|
* @throws UserManagementException If some unusual behaviour is observed while getting the user data.
|
||||||
|
*/
|
||||||
|
BasicUserInfo getUser(String username) throws UserManagementException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Method to retrieve the filtered roles of the user.
|
||||||
|
*
|
||||||
|
* @param username name of the user the permissions are retrieved from
|
||||||
|
* @return List of permissions of the given user.
|
||||||
|
* @throws UserManagementException If some unusual behaviour is observed while fetching the permissions of user.
|
||||||
|
*/
|
||||||
|
List<String> getPermissions(String username) throws UserManagementException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Method to retrieve the filtered roles of the user.
|
||||||
|
*
|
||||||
|
* @param username name of the user the roles are retrieved from
|
||||||
|
* @return List of roles of the given user.
|
||||||
|
* @throws UserManagementException If some unusual behaviour is observed while fetching the roles of user.
|
||||||
|
*/
|
||||||
|
List<String> getRoles(String username) throws UserManagementException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Method to retrieve the filtered roles of the user.
|
||||||
|
*
|
||||||
|
* @param username name of the user the roles are retrieved from
|
||||||
|
* @return Object with the updated user data.
|
||||||
|
* @throws UserManagementException If some unusual behaviour is observed while updating user.
|
||||||
|
*/
|
||||||
|
BasicUserInfo updateUser(String username, UserInfo userInfo) throws UserManagementException;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Method to retrieve the list of users.
|
||||||
|
*
|
||||||
|
* @param appliedFilter filter to be applied when retrieving the user list
|
||||||
|
* @param appliedLimit this value is set to 1-1 to get the whole set of users
|
||||||
|
* @param domain domain of the users
|
||||||
|
* @param limit the maximum number of the users to be retrieved
|
||||||
|
* @param offset the starting index of data retrieval
|
||||||
|
* @throws UserManagementException If some unusual behaviour is observed while fetching the users.
|
||||||
|
*/
|
||||||
|
BasicUserInfoList getUsers(String appliedFilter, int appliedLimit, String domain, int limit, int offset) throws UserManagementException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Method to retrieve the list of users.
|
||||||
|
*
|
||||||
|
* @param basicUserInfo data needed for the user search
|
||||||
|
* @param limit the maximum number of the users to be retrieved
|
||||||
|
* @param offset the starting index of data retrieval
|
||||||
|
* @throws UserManagementException If some unusual behaviour is observed while fetching the users.
|
||||||
|
*/
|
||||||
|
BasicUserInfoList getUsersSearch(BasicUserInfo basicUserInfo, int offset, int limit) throws UserManagementException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Method to retrieve the list of users based on filter.
|
||||||
|
*
|
||||||
|
* @param filter data needed for the user search
|
||||||
|
* @param userStoreDomain domain of the user
|
||||||
|
* @param limit the maximum number of the users to be retrieved
|
||||||
|
* @param offset the starting index of data retrieval
|
||||||
|
* @throws UserManagementException If some unusual behaviour is observed while fetching the users.
|
||||||
|
*/
|
||||||
|
List<UserInfo> getUserNames(String filter, String userStoreDomain, int offset, int limit) throws UserManagementException;
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,563 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package io.entgra.device.mgt.core.device.mgt.core.service;
|
||||||
|
|
||||||
|
import com.google.gson.JsonArray;
|
||||||
|
import io.entgra.device.mgt.core.device.mgt.common.*;
|
||||||
|
import io.entgra.device.mgt.core.device.mgt.common.configuration.mgt.ConfigurationManagementException;
|
||||||
|
import io.entgra.device.mgt.core.device.mgt.common.exceptions.DeviceManagementException;
|
||||||
|
import io.entgra.device.mgt.core.device.mgt.common.exceptions.UserManagementException;
|
||||||
|
import io.entgra.device.mgt.core.device.mgt.core.DeviceManagementConstants;
|
||||||
|
import io.entgra.device.mgt.core.device.mgt.core.internal.DeviceManagementDataHolder;
|
||||||
|
import io.entgra.device.mgt.core.device.mgt.extensions.logger.spi.EntgraLogger;
|
||||||
|
import io.entgra.device.mgt.core.notification.logger.impl.EntgraDeviceEnrolmentLoggerImpl;
|
||||||
|
import org.apache.commons.lang.StringUtils;
|
||||||
|
import org.wso2.carbon.context.CarbonContext;
|
||||||
|
import org.wso2.carbon.user.api.UserRealm;
|
||||||
|
import org.wso2.carbon.user.api.UserStoreException;
|
||||||
|
import org.wso2.carbon.user.api.UserStoreManager;
|
||||||
|
import org.wso2.carbon.user.mgt.UserRealmProxy;
|
||||||
|
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
|
||||||
|
import org.wso2.carbon.user.mgt.common.UserAdminException;
|
||||||
|
|
||||||
|
import java.security.SecureRandom;
|
||||||
|
import java.time.Instant;
|
||||||
|
import java.util.*;
|
||||||
|
|
||||||
|
public class UserManagementProviderServiceImpl implements UserManagementProviderService {
|
||||||
|
|
||||||
|
private static final EntgraLogger log = new EntgraDeviceEnrolmentLoggerImpl(UserManagementProviderServiceImpl.class);
|
||||||
|
|
||||||
|
private static final String ROLE_EVERYONE = "Internal/everyone";
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public BasicUserInfoWrapper addUser(UserInfo userInfo) throws UserManagementException {
|
||||||
|
try {
|
||||||
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
||||||
|
UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().
|
||||||
|
getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
|
||||||
|
String initialUserPassword;
|
||||||
|
if (userInfo.getPassword() != null) {
|
||||||
|
initialUserPassword = userInfo.getPassword();
|
||||||
|
} else {
|
||||||
|
initialUserPassword = this.generateInitialUserPassword();
|
||||||
|
}
|
||||||
|
|
||||||
|
Map<String, String> defaultUserClaims =
|
||||||
|
this.buildDefaultUserClaims(userInfo.getFirstname(), userInfo.getLastname(),
|
||||||
|
userInfo.getEmailAddress(), true);
|
||||||
|
|
||||||
|
userStoreManager.addUser(userInfo.getUsername(), initialUserPassword,
|
||||||
|
userInfo.getRoles(), defaultUserClaims, null);
|
||||||
|
// Outputting debug message upon successful addition of user
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("User '" + userInfo.getUsername() + "' has successfully been added.");
|
||||||
|
}
|
||||||
|
|
||||||
|
BasicUserInfo createdUserInfo = this.getBasicUserInfo(userInfo.getUsername());
|
||||||
|
// Outputting debug message upon successful retrieval of user
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("User by username: " + userInfo.getUsername() + " was found.");
|
||||||
|
}
|
||||||
|
DeviceManagementProviderService managementProviderService = DeviceManagementDataHolder
|
||||||
|
.getInstance().getDeviceManagementProvider();
|
||||||
|
String[] bits = userInfo.getUsername().split("/");
|
||||||
|
String username = bits[bits.length - 1];
|
||||||
|
String recipient = userInfo.getEmailAddress();
|
||||||
|
Properties props = new Properties();
|
||||||
|
props.setProperty("first-name", userInfo.getFirstname());
|
||||||
|
props.setProperty("last-name", userInfo.getLastname());
|
||||||
|
props.setProperty("username", username);
|
||||||
|
props.setProperty("password", initialUserPassword);
|
||||||
|
|
||||||
|
EmailMetaInfo metaInfo = new EmailMetaInfo(recipient, props);
|
||||||
|
BasicUserInfoWrapper userInfoWrapper = new BasicUserInfoWrapper();
|
||||||
|
String message;
|
||||||
|
try {
|
||||||
|
managementProviderService.sendRegistrationEmail(metaInfo);
|
||||||
|
message = "An invitation mail will be sent to this user to initiate device enrollment.";
|
||||||
|
} catch (ConfigurationManagementException e) {
|
||||||
|
message = "Mail Server is not configured. Email invitation will not be sent.";
|
||||||
|
} catch (DeviceManagementException e) {
|
||||||
|
throw new RuntimeException(e);
|
||||||
|
}
|
||||||
|
userInfoWrapper.setBasicUserInfo(createdUserInfo);
|
||||||
|
userInfoWrapper.setMessage(message);
|
||||||
|
return userInfoWrapper;
|
||||||
|
} catch (UserStoreException e) {
|
||||||
|
String msg = "Error occurred while trying to add user '" + userInfo.getUsername() + "' to the " +
|
||||||
|
"underlying user management system";
|
||||||
|
log.error(msg, e);
|
||||||
|
throw new UserManagementException(msg, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public BasicUserInfo getUser(String username) throws UserManagementException {
|
||||||
|
try {
|
||||||
|
return this.getBasicUserInfo(username);
|
||||||
|
} catch (UserStoreException e) {
|
||||||
|
String message = "Error occurred while getting data of user '" + username + "'";
|
||||||
|
log.error(message, e);
|
||||||
|
throw new UserManagementException(message, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<String> getPermissions(String username) throws UserManagementException {
|
||||||
|
try {
|
||||||
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
||||||
|
UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().
|
||||||
|
getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
|
||||||
|
|
||||||
|
List<String> roles = getFilteredRoles(userStoreManager, username);
|
||||||
|
List<String> permissions = new ArrayList<>();
|
||||||
|
UserRealm userRealm = DeviceManagementDataHolder.getInstance().
|
||||||
|
getRealmService().getTenantUserRealm(tenantId);
|
||||||
|
// Get permissions for each role
|
||||||
|
for (String roleName : roles) {
|
||||||
|
try {
|
||||||
|
permissions.addAll(getPermissionsListFromRole(roleName, userRealm, tenantId));
|
||||||
|
} catch (UserAdminException e) {
|
||||||
|
String message = "Error occurred while retrieving the permissions of role '" + roleName + "'";
|
||||||
|
log.error(message, e);
|
||||||
|
throw new UserManagementException(message, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return permissions;
|
||||||
|
} catch (UserStoreException e) {
|
||||||
|
String message = "Error occurred while trying to retrieve roles of the user '" + username + "'";
|
||||||
|
log.error(message, e);
|
||||||
|
throw new UserManagementException(message, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<String> getRoles(String username) throws UserManagementException {
|
||||||
|
try {
|
||||||
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
||||||
|
UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().
|
||||||
|
getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
|
||||||
|
|
||||||
|
List<String> roles = getFilteredRoles(userStoreManager, username);
|
||||||
|
return roles;
|
||||||
|
} catch (UserStoreException e) {
|
||||||
|
String message = "Error occurred while trying to retrieve roles of the user '" + username + "'";
|
||||||
|
log.error(message, e);
|
||||||
|
throw new UserManagementException(message, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public BasicUserInfo updateUser(String username, UserInfo userInfo) throws UserManagementException {
|
||||||
|
try {
|
||||||
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
||||||
|
UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().
|
||||||
|
getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
|
||||||
|
|
||||||
|
Map<String, String> defaultUserClaims =
|
||||||
|
this.buildDefaultUserClaims(userInfo.getFirstname(), userInfo.getLastname(),
|
||||||
|
userInfo.getEmailAddress(), false);
|
||||||
|
if (StringUtils.isNotEmpty(userInfo.getPassword())) {
|
||||||
|
// Decoding Base64 encoded password
|
||||||
|
userStoreManager.updateCredentialByAdmin(username,
|
||||||
|
userInfo.getPassword());
|
||||||
|
log.debug("User credential of username: " + username + " has been changed");
|
||||||
|
}
|
||||||
|
List<String> currentRoles = this.getFilteredRoles(userStoreManager, username);
|
||||||
|
|
||||||
|
List<String> newRoles = new ArrayList<>();
|
||||||
|
if (userInfo.getRoles() != null) {
|
||||||
|
newRoles = Arrays.asList(userInfo.getRoles());
|
||||||
|
}
|
||||||
|
|
||||||
|
List<String> rolesToAdd = new ArrayList<>(newRoles);
|
||||||
|
List<String> rolesToDelete = new ArrayList<>();
|
||||||
|
|
||||||
|
for (String role : currentRoles) {
|
||||||
|
if (newRoles.contains(role)) {
|
||||||
|
rolesToAdd.remove(role);
|
||||||
|
} else {
|
||||||
|
rolesToDelete.add(role);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
rolesToDelete.remove(ROLE_EVERYONE);
|
||||||
|
rolesToAdd.remove(ROLE_EVERYONE);
|
||||||
|
userStoreManager.updateRoleListOfUser(username,
|
||||||
|
rolesToDelete.toArray(new String[rolesToDelete.size()]),
|
||||||
|
rolesToAdd.toArray(new String[rolesToAdd.size()]));
|
||||||
|
userStoreManager.setUserClaimValues(username, defaultUserClaims, null);
|
||||||
|
// Outputting debug message upon successful addition of user
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("User by username: " + username + " was successfully updated.");
|
||||||
|
}
|
||||||
|
|
||||||
|
return this.getBasicUserInfo(username);
|
||||||
|
} catch (UserStoreException e) {
|
||||||
|
String message = "Error occurred while trying to retrieve roles of the user '" + username + "'";
|
||||||
|
log.error(message, e);
|
||||||
|
throw new UserManagementException(message, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public BasicUserInfoList getUsers(String appliedFilter, int appliedLimit, String domain, int limit, int offset)
|
||||||
|
throws UserManagementException {
|
||||||
|
try {
|
||||||
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
||||||
|
UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().
|
||||||
|
getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
|
||||||
|
List<BasicUserInfo> userList, offsetList;
|
||||||
|
|
||||||
|
//As the listUsers function accepts limit only to accommodate offset we are passing offset + limit
|
||||||
|
List<String> users = Arrays.asList(userStoreManager.listUsers(appliedFilter, appliedLimit));
|
||||||
|
if (domain != null && !domain.isEmpty()) {
|
||||||
|
users = getUsersFromDomain(domain, users);
|
||||||
|
}
|
||||||
|
userList = new ArrayList<>(users.size());
|
||||||
|
BasicUserInfo user;
|
||||||
|
for (String username : users) {
|
||||||
|
if (DeviceManagementConstants.User.APIM_RESERVED_USER.equals(username) || DeviceManagementConstants.User.RESERVED_USER.equals(username)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
user = getBasicUserInfo(username);
|
||||||
|
userList.add(user);
|
||||||
|
}
|
||||||
|
|
||||||
|
int toIndex = offset + limit;
|
||||||
|
int listSize = userList.size();
|
||||||
|
int lastIndex = listSize - 1;
|
||||||
|
|
||||||
|
if (offset <= lastIndex) {
|
||||||
|
if (toIndex <= listSize) {
|
||||||
|
offsetList = userList.subList(offset, toIndex);
|
||||||
|
} else {
|
||||||
|
offsetList = userList.subList(offset, listSize);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
offsetList = new ArrayList<>();
|
||||||
|
}
|
||||||
|
|
||||||
|
BasicUserInfoList result = new BasicUserInfoList();
|
||||||
|
result.setList(offsetList);
|
||||||
|
result.setCount(userList.size());
|
||||||
|
|
||||||
|
return result;
|
||||||
|
} catch (UserStoreException e) {
|
||||||
|
String msg = "Error occurred while retrieving the list of users.";
|
||||||
|
log.error(msg, e);
|
||||||
|
throw new UserManagementException(msg, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public BasicUserInfoList getUsersSearch(BasicUserInfo basicUserInfo, int offset, int limit) throws UserManagementException {
|
||||||
|
List<BasicUserInfo> filteredUserList = new ArrayList<>();
|
||||||
|
List<String> commonUsers = null, tempList;
|
||||||
|
try {
|
||||||
|
if (basicUserInfo.getUsername() != null && StringUtils.isNotEmpty(basicUserInfo.getUsername())) {
|
||||||
|
commonUsers = getUserList(null, "*" + basicUserInfo.getUsername() + "*");
|
||||||
|
}
|
||||||
|
if (commonUsers != null) {
|
||||||
|
commonUsers.remove(DeviceManagementConstants.User.APIM_RESERVED_USER);
|
||||||
|
commonUsers.remove(DeviceManagementConstants.User.RESERVED_USER);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!skipSearch(commonUsers) && basicUserInfo.getFirstname() != null && StringUtils.isNotEmpty(basicUserInfo.getFirstname())) {
|
||||||
|
tempList = getUserList(DeviceManagementConstants.User.CLAIM_FIRST_NAME, "*" + basicUserInfo.getFirstname() + "*");
|
||||||
|
if (commonUsers == null) {
|
||||||
|
commonUsers = tempList;
|
||||||
|
} else {
|
||||||
|
commonUsers.retainAll(tempList);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!skipSearch(commonUsers) && basicUserInfo.getLastname() != null && StringUtils.isNotEmpty(basicUserInfo.getLastname())) {
|
||||||
|
tempList = getUserList(DeviceManagementConstants.User.CLAIM_LAST_NAME, "*" + basicUserInfo.getLastname() + "*");
|
||||||
|
if (commonUsers == null || commonUsers.size() == 0) {
|
||||||
|
commonUsers = tempList;
|
||||||
|
} else {
|
||||||
|
commonUsers.retainAll(tempList);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!skipSearch(commonUsers) && basicUserInfo.getEmailAddress() != null && StringUtils.isNotEmpty(basicUserInfo.getEmailAddress())) {
|
||||||
|
tempList = getUserList(DeviceManagementConstants.User.CLAIM_EMAIL_ADDRESS, "*" + basicUserInfo.getEmailAddress() + "*");
|
||||||
|
if (commonUsers == null || commonUsers.size() == 0) {
|
||||||
|
commonUsers = tempList;
|
||||||
|
} else {
|
||||||
|
commonUsers.retainAll(tempList);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
BasicUserInfo newBasicUserInfo;
|
||||||
|
if (commonUsers != null) {
|
||||||
|
for (String user : commonUsers) {
|
||||||
|
newBasicUserInfo = new BasicUserInfo();
|
||||||
|
newBasicUserInfo.setUsername(user);
|
||||||
|
newBasicUserInfo.setEmailAddress(getClaimValue(user, DeviceManagementConstants.User.CLAIM_EMAIL_ADDRESS));
|
||||||
|
newBasicUserInfo.setFirstname(getClaimValue(user, DeviceManagementConstants.User.CLAIM_FIRST_NAME));
|
||||||
|
newBasicUserInfo.setLastname(getClaimValue(user, DeviceManagementConstants.User.CLAIM_LAST_NAME));
|
||||||
|
filteredUserList.add(newBasicUserInfo);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
int toIndex = offset + limit;
|
||||||
|
int listSize = filteredUserList.size();
|
||||||
|
int lastIndex = listSize - 1;
|
||||||
|
|
||||||
|
List<BasicUserInfo> offsetList;
|
||||||
|
if (offset <= lastIndex) {
|
||||||
|
if (toIndex <= listSize) {
|
||||||
|
offsetList = filteredUserList.subList(offset, toIndex);
|
||||||
|
} else {
|
||||||
|
offsetList = filteredUserList.subList(offset, listSize);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
offsetList = new ArrayList<>();
|
||||||
|
}
|
||||||
|
|
||||||
|
BasicUserInfoList basicUserInfoList = new BasicUserInfoList();
|
||||||
|
basicUserInfoList.setList(offsetList);
|
||||||
|
basicUserInfoList.setCount(commonUsers != null ? commonUsers.size() : 0);
|
||||||
|
return basicUserInfoList;
|
||||||
|
} catch (UserStoreException e) {
|
||||||
|
String msg = "Error occurred while retrieving the list of users.";
|
||||||
|
log.error(msg, e);
|
||||||
|
throw new UserManagementException(msg, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<UserInfo> getUserNames(String filter, String userStoreDomain, int offset, int limit) throws UserManagementException {
|
||||||
|
List<UserInfo> userList;
|
||||||
|
try {
|
||||||
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
||||||
|
UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().
|
||||||
|
getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
|
||||||
|
String[] users;
|
||||||
|
if (userStoreDomain.equals("all")) {
|
||||||
|
users = userStoreManager.listUsers(filter + "*", limit);
|
||||||
|
} else {
|
||||||
|
users = userStoreManager.listUsers(userStoreDomain + "/" + filter + "*", limit);
|
||||||
|
}
|
||||||
|
userList = new ArrayList<>();
|
||||||
|
UserInfo user;
|
||||||
|
for (String username : users) {
|
||||||
|
if (DeviceManagementConstants.User.APIM_RESERVED_USER.equals(username) || DeviceManagementConstants.User.RESERVED_USER.equals(username)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
user = new UserInfo();
|
||||||
|
user.setUsername(username);
|
||||||
|
user.setEmailAddress(getClaimValue(username, DeviceManagementConstants.User.CLAIM_EMAIL_ADDRESS));
|
||||||
|
user.setFirstname(getClaimValue(username, DeviceManagementConstants.User.CLAIM_FIRST_NAME));
|
||||||
|
user.setLastname(getClaimValue(username, DeviceManagementConstants.User.CLAIM_LAST_NAME));
|
||||||
|
userList.add(user);
|
||||||
|
}
|
||||||
|
return userList;
|
||||||
|
} catch (UserStoreException e) {
|
||||||
|
String msg = "Error occurred while retrieving the list of users using the filter : " + filter;
|
||||||
|
log.error(msg, e);
|
||||||
|
throw new UserManagementException(msg, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* User search provides an AND search result and if either of the filter returns an empty set of users, there is no
|
||||||
|
* need to carry on the search further. This method decides whether to carry on the search or not.
|
||||||
|
*
|
||||||
|
* @param commonUsers current filtered user list.
|
||||||
|
* @return <code>true</code> if further search is needed.
|
||||||
|
*/
|
||||||
|
private boolean skipSearch(List<String> commonUsers) {
|
||||||
|
return commonUsers != null && commonUsers.size() == 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Searches users which matches a given filter based on a claim
|
||||||
|
*
|
||||||
|
* @param claim the claim value to apply the filter. If <code>null</code> users will be filtered by username.
|
||||||
|
* @param filter the search query.
|
||||||
|
* @return <code>List<String></code> of users which matches.
|
||||||
|
* @throws UserStoreException If unable to search users.
|
||||||
|
*/
|
||||||
|
private ArrayList<String> getUserList(String claim, String filter) throws UserStoreException {
|
||||||
|
String defaultFilter = "*";
|
||||||
|
|
||||||
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
||||||
|
org.wso2.carbon.user.core.UserStoreManager userStoreManager = (org.wso2.carbon.user.core.UserStoreManager) DeviceManagementDataHolder.getInstance().
|
||||||
|
getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
|
||||||
|
|
||||||
|
String appliedFilter = filter + defaultFilter;
|
||||||
|
|
||||||
|
String[] users;
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Searching Users - claim: " + claim + " filter: " + appliedFilter);
|
||||||
|
}
|
||||||
|
if (StringUtils.isEmpty(claim)) {
|
||||||
|
users = userStoreManager.listUsers(appliedFilter, -1);
|
||||||
|
} else {
|
||||||
|
users = userStoreManager.getUserList(claim, appliedFilter, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Returned user count: " + users.length);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new ArrayList<>(Arrays.asList(users));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Iterates through the list of all users and returns a list of users from the specified user store domain
|
||||||
|
* @param domain user store domain name
|
||||||
|
* @param users list of all users from UserStoreManager
|
||||||
|
* @return list of users from specified user store domain
|
||||||
|
*/
|
||||||
|
public List<String> getUsersFromDomain(String domain, List<String> users) {
|
||||||
|
List<String> userList = new ArrayList<>();
|
||||||
|
for(String username : users) {
|
||||||
|
String[] domainName = username.split("/");
|
||||||
|
if(domain.equals(DeviceManagementConstants.User.PRIMARY_USER_STORE) && domainName.length == 1) {
|
||||||
|
userList.add(username);
|
||||||
|
} else if (domainName[0].equals(domain) && domainName.length > 1) {
|
||||||
|
userList.add(username);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return userList;
|
||||||
|
}
|
||||||
|
|
||||||
|
private String generateInitialUserPassword() {
|
||||||
|
int passwordLength = 6;
|
||||||
|
//defining the pool of characters to be used for initial password generation
|
||||||
|
String lowerCaseCharset = "abcdefghijklmnopqrstuvwxyz";
|
||||||
|
String upperCaseCharset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
|
||||||
|
String numericCharset = "0123456789";
|
||||||
|
SecureRandom randomGenerator = new SecureRandom();
|
||||||
|
String totalCharset = lowerCaseCharset + upperCaseCharset + numericCharset;
|
||||||
|
int totalCharsetLength = totalCharset.length();
|
||||||
|
StringBuilder initialUserPassword = new StringBuilder();
|
||||||
|
for (int i = 0; i < passwordLength; i++) {
|
||||||
|
initialUserPassword.append(
|
||||||
|
totalCharset.charAt(randomGenerator.nextInt(totalCharsetLength)));
|
||||||
|
}
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Initial user password is created for new user: " + initialUserPassword);
|
||||||
|
}
|
||||||
|
return initialUserPassword.toString();
|
||||||
|
}
|
||||||
|
|
||||||
|
private BasicUserInfo getBasicUserInfo(String username) throws UserStoreException {
|
||||||
|
BasicUserInfo userInfo = new BasicUserInfo();
|
||||||
|
userInfo.setUsername(username);
|
||||||
|
userInfo.setEmailAddress(getClaimValue(username, DeviceManagementConstants.User.CLAIM_EMAIL_ADDRESS));
|
||||||
|
userInfo.setFirstname(getClaimValue(username, DeviceManagementConstants.User.CLAIM_FIRST_NAME));
|
||||||
|
userInfo.setLastname(getClaimValue(username, DeviceManagementConstants.User.CLAIM_LAST_NAME));
|
||||||
|
userInfo.setCreatedDate(getClaimValue(username, DeviceManagementConstants.User.CLAIM_CREATED));
|
||||||
|
userInfo.setModifiedDate(getClaimValue(username, DeviceManagementConstants.User.CLAIM_MODIFIED));
|
||||||
|
return userInfo;
|
||||||
|
}
|
||||||
|
|
||||||
|
private String getClaimValue(String username, String claimUri) throws UserStoreException {
|
||||||
|
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
|
||||||
|
UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().
|
||||||
|
getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
|
||||||
|
return userStoreManager.getUserClaimValue(username, claimUri, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
private Map<String, String> buildDefaultUserClaims(String firstName, String lastName, String emailAddress,
|
||||||
|
boolean isFresh) {
|
||||||
|
Map<String, String> defaultUserClaims = new HashMap<>();
|
||||||
|
defaultUserClaims.put(DeviceManagementConstants.User.CLAIM_FIRST_NAME, firstName);
|
||||||
|
defaultUserClaims.put(DeviceManagementConstants.User.CLAIM_LAST_NAME, lastName);
|
||||||
|
defaultUserClaims.put(DeviceManagementConstants.User.CLAIM_EMAIL_ADDRESS, emailAddress);
|
||||||
|
if (isFresh) {
|
||||||
|
defaultUserClaims.put(DeviceManagementConstants.User.CLAIM_CREATED, String.valueOf(Instant.now().getEpochSecond()));
|
||||||
|
} else {
|
||||||
|
defaultUserClaims.put(DeviceManagementConstants.User.CLAIM_MODIFIED, String.valueOf(Instant.now().getEpochSecond()));
|
||||||
|
}
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Default claim map is created for new user: " + defaultUserClaims.toString());
|
||||||
|
}
|
||||||
|
return defaultUserClaims;
|
||||||
|
}
|
||||||
|
|
||||||
|
private List<String> getFilteredRoles(UserStoreManager userStoreManager, String username)
|
||||||
|
throws UserStoreException {
|
||||||
|
String[] roleListOfUser;
|
||||||
|
roleListOfUser = userStoreManager.getRoleListOfUser(username);
|
||||||
|
List<String> filteredRoles = new ArrayList<>();
|
||||||
|
for (String role : roleListOfUser) {
|
||||||
|
if (!(role.startsWith("Internal/") || role.startsWith("Authentication/"))) {
|
||||||
|
filteredRoles.add(role);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return filteredRoles;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a list of permissions of a given role
|
||||||
|
* @param roleName name of the role
|
||||||
|
* @param tenantId the user's tenetId
|
||||||
|
* @param userRealm user realm of the tenant
|
||||||
|
* @return list of permissions
|
||||||
|
* @throws UserAdminException If unable to get the permissions
|
||||||
|
*/
|
||||||
|
private static List<String> getPermissionsListFromRole(String roleName, UserRealm userRealm, int tenantId)
|
||||||
|
throws UserAdminException {
|
||||||
|
org.wso2.carbon.user.core.UserRealm userRealmCore;
|
||||||
|
try {
|
||||||
|
userRealmCore = (org.wso2.carbon.user.core.UserRealm) userRealm;
|
||||||
|
} catch (ClassCastException e) {
|
||||||
|
String message = "Provided UserRealm object is not an instance of org.wso2.carbon.user.core.UserRealm";
|
||||||
|
log.error(message, e);
|
||||||
|
throw new UserAdminException(message, e);
|
||||||
|
}
|
||||||
|
UserRealmProxy userRealmProxy = new UserRealmProxy(userRealmCore);
|
||||||
|
List<String> permissionsList = new ArrayList<>();
|
||||||
|
final UIPermissionNode rolePermissions = userRealmProxy.getRolePermissions(roleName, tenantId);
|
||||||
|
iteratePermissions(rolePermissions, permissionsList);
|
||||||
|
return permissionsList;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Extract permissions from a UiPermissionNode using recursions
|
||||||
|
* @param uiPermissionNode an UiPermissionNode Object to extract permissions
|
||||||
|
* @param list provided list to add permissions
|
||||||
|
*/
|
||||||
|
public static void iteratePermissions(UIPermissionNode uiPermissionNode, List<String> list) {
|
||||||
|
// To prevent NullPointer exceptions
|
||||||
|
if (uiPermissionNode == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
for (UIPermissionNode permissionNode : uiPermissionNode.getNodeList()) {
|
||||||
|
if (permissionNode != null) {
|
||||||
|
if(permissionNode.isSelected()){
|
||||||
|
list.add(permissionNode.getResourcePath());
|
||||||
|
}
|
||||||
|
if (permissionNode.getNodeList() != null
|
||||||
|
&& permissionNode.getNodeList().length > 0) {
|
||||||
|
iteratePermissions(permissionNode, list);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in new issue