From 77d82238e28f98f6b0bcf06f6416e1ef645dc0d1 Mon Sep 17 00:00:00 2001 From: navodzoysa Date: Fri, 20 Oct 2023 11:57:26 +0530 Subject: [PATCH 1/9] Add android remove account scope to ui config --- .../src/main/resources/conf/mdm-ui-config.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml index f3d64058e3d..28114158a9c 100644 --- a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml +++ b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/mdm-ui-config.xml @@ -318,6 +318,7 @@ dm:metadata:create dm:metadata:update and:ops:add-google-acc + and:ops:authenticate-acc and:ops:update-default-sim and:ops:add-google-acc and:ops:device-info From 9054329e34cbf6814706f35a92f0d9c90143db7f Mon Sep 17 00:00:00 2001 From: Rajitha Kumara Date: Fri, 20 Oct 2023 14:48:38 +0530 Subject: [PATCH 2/9] Fix not detecting resource path --- .../service/api/admin/DeviceTypeManagementAdminService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/admin/DeviceTypeManagementAdminService.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/admin/DeviceTypeManagementAdminService.java index ed5add345b9..55122c2bd04 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/admin/DeviceTypeManagementAdminService.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/api/admin/DeviceTypeManagementAdminService.java @@ -75,7 +75,7 @@ import javax.ws.rs.core.Response; description = "Add, Edit or View a Device Type", key = "dm:admin:device-type:modify", roles = {"Internal/devicemgt-admin"}, - permissions = {"/device-mgt/admin/device-type"} + permissions = {"/device-mgt/admin/device-type/modify"} ), @Scope( name = "Getting Details of a Device Type", From 9ab12d1b3fb7c5c62ca52bca30878344652b6faf Mon Sep 17 00:00:00 2001 From: prathabanKavin Date: Sun, 22 Oct 2023 12:02:13 +0530 Subject: [PATCH 3/9] Add tenant view perm to role permissions --- .../mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java | 3 ++- .../device/mgt/core/device/mgt/api/jaxrs/util/Constants.java | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java index bca483f6c09..19009bf4364 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/RoleManagementServiceImpl.java @@ -340,7 +340,8 @@ public class RoleManagementServiceImpl implements RoleManagementService { for (UIPermissionNode node : permissionNode.getNodeList()) { if (Constants.Permission.LOGIN.equals(node.getResourcePath()) || Constants.Permission.DEVICE_MGT.equals(node.getResourcePath()) || - Constants.Permission.APP_MGT.equals(node.getResourcePath())) { + Constants.Permission.APP_MGT.equals(node.getResourcePath()) || + Constants.Permission.TENANT.equals(node.getResourcePath())) { deviceMgtPermissionsList.add(node); } } diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java index 0a9b6efa268..75ba2cc3225 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/Constants.java @@ -84,6 +84,7 @@ public class Constants { public static final String LOGIN = "/permission/admin/login"; public static final String DEVICE_MGT = "/permission/admin/device-mgt"; public static final String APP_MGT = "/permission/admin/app-mgt"; + public static final String TENANT = "/permission/admin/tenants"; } } From 944c304a689151e7a84e4a9399add196a3b5f5f0 Mon Sep 17 00:00:00 2001 From: "amalka.subasinghe" Date: Tue, 24 Oct 2023 16:13:08 +0530 Subject: [PATCH 4/9] user store role mapping feature --- .../pom.xml | 223 ++++++++++++++++++ .../role/mapper/UserStoreRoleMapper.java | 122 ++++++++++ .../UserStoreRoleMappingConfigManager.java | 76 ++++++ .../role/mapper/bean/RoleMapping.java | 58 +++++ .../bean/UserStoreRoleMappingConfig.java | 45 ++++ .../UserStoreRoleMapperException.java | 26 ++ .../UserStoreRoleMappingDataHolder.java | 85 +++++++ .../UserStoreRoleMappingServiceComponent.java | 112 +++++++++ components/device-mgt-extensions/pom.xml | 1 + .../pom.xml | 105 +++++++++ .../src/main/resources/build.properties | 19 ++ .../conf/user-store-role-mapping-config.xml | 38 +++ .../src/main/resources/p2.inf | 2 + features/device-mgt-extensions/pom.xml | 1 + pom.xml | 5 + 15 files changed, 918 insertions(+) create mode 100644 components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/pom.xml create mode 100644 components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMapper.java create mode 100644 components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMappingConfigManager.java create mode 100644 components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/bean/RoleMapping.java create mode 100644 components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/bean/UserStoreRoleMappingConfig.java create mode 100644 components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/exception/UserStoreRoleMapperException.java create mode 100644 components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/internal/UserStoreRoleMappingDataHolder.java create mode 100644 components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/internal/UserStoreRoleMappingServiceComponent.java create mode 100644 features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/pom.xml create mode 100644 features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/build.properties create mode 100644 features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/conf/user-store-role-mapping-config.xml create mode 100644 features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/p2.inf diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/pom.xml b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/pom.xml new file mode 100644 index 00000000000..902f1767638 --- /dev/null +++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/pom.xml @@ -0,0 +1,223 @@ + + + + + + + device-mgt-extensions + io.entgra.device.mgt.core + 5.0.31-SNAPSHOT + ../pom.xml + + + 4.0.0 + io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper + bundle + Entgra IoT - User store role mapping Module + Entgra IoT - User store role mapping Module + http://entgra.io + + + + + org.apache.felix + maven-scr-plugin + + + maven-compiler-plugin + + 1.8 + 1.8 + + 2.3.2 + + + org.apache.felix + maven-bundle-plugin + 1.4.0 + true + + + ${project.artifactId} + ${project.artifactId} + ${io.entgra.device.mgt.core.version} + IOT - User store role mapping Module + io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal + + org.osgi.framework.*;version="${imp.package.version.osgi.framework}", + org.osgi.service.*;version="${imp.package.version.osgi.service}", + org.apache.commons.logging, + org.apache.axis2.*;version="${axis2.osgi.version.range}", + org.wso2.carbon.core, + org.wso2.carbon.utils.*, + javax.xml.bind;resolution:=optional, + javax.xml.bind.annotation, + javax.xml.parsers, + org.w3c.dom, + org.wso2.carbon, + org.wso2.carbon.context, + org.wso2.carbon.user.api, + org.wso2.carbon.user.core.common, + org.wso2.carbon.user.core.service, + org.wso2.carbon.user.mgt.common + + + !io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal, + io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.*;version="${project.version}" + + + + + + org.jacoco + jacoco-maven-plugin + + ${basedir}/target/coverage-reports/jacoco-unit.exec + + + + jacoco-initialize + + prepare-agent + + + + jacoco-site + test + + report + + + ${basedir}/target/coverage-reports/jacoco-unit.exec + ${basedir}/target/coverage-reports/site + + + + + + + + + + + + + + + + + + + + + + + org.eclipse.osgi + org.eclipse.osgi + + + org.eclipse.osgi + org.eclipse.osgi.services + + + org.wso2.carbon + org.wso2.carbon.core + + + org.wso2.carbon + org.wso2.carbon.logging + + + org.wso2.carbon + org.wso2.carbon.utils + provided + + + org.wso2.carbon + org.wso2.carbon.user.api + provided + + + org.wso2.carbon + org.wso2.carbon.user.core + provided + + + org.wso2.carbon.identity.framework + org.wso2.carbon.user.mgt + provided + + + org.mockito + mockito-inline + test + + + org.testng + testng + test + + + org.wso2.orbit.com.h2database + h2 + test + + + org.apache.httpcomponents.wso2 + httpcore + test + + + org.wso2.apache.httpcomponents + httpclient + test + + + org.wso2.carbon + org.wso2.carbon.securevault + + test + + + org.wso2.securevault + org.wso2.securevault + test + + + xerces.wso2 + xercesImpl + test + + + org.apache.axis2.wso2 + axis2 + test + + + org.wso2.carbon + org.wso2.carbon.queuing + test + + + javax.xml.bind + jaxb-api + test + + + diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMapper.java b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMapper.java new file mode 100644 index 00000000000..9419631b5b1 --- /dev/null +++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMapper.java @@ -0,0 +1,122 @@ +/* + * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. + * + * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper; + +import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.bean.RoleMapping; +import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.bean.UserStoreRoleMappingConfig; +import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal.UserStoreRoleMappingDataHolder; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.core.ServerStartupObserver; +import org.wso2.carbon.user.api.UserStoreManager; +import org.wso2.carbon.utils.multitenancy.MultitenantConstants; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.concurrent.Executors; +import java.util.concurrent.ScheduledExecutorService; +import java.util.concurrent.TimeUnit; + +public class UserStoreRoleMapper implements ServerStartupObserver { + private static final Log log = LogFactory.getLog(UserStoreRoleMapper.class); + @Override + public void completingServerStartup() { + + } + + @Override + public void completedServerStartup() { + Runnable periodicTask = new Runnable() { + public void run() { + updateRoleMapping(); + log.info("UserStoreRoleMapper executed...."); + } + }; + + ScheduledExecutorService executor = + Executors.newSingleThreadScheduledExecutor(); + + executor.scheduleAtFixedRate(periodicTask,30, 60, TimeUnit.SECONDS); + } + + private void updateRoleMapping() { + try { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId( + MultitenantConstants.SUPER_TENANT_ID); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain( + MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); + + UserStoreRoleMappingConfig config = UserStoreRoleMappingDataHolder.getInstance() + .getUserStoreRoleMappingConfigManager().getUserStoreRoleMappingConfig(); + + List roleMappings = config.getMappings(); + + if (!roleMappings.isEmpty()) { + UserStoreManager userStoreManager = + UserStoreRoleMappingDataHolder.getInstance().getRealmService() + .getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager(); + + for (RoleMapping mapping : roleMappings) { + String[] users = userStoreManager.getUserListOfRole(mapping.getSecondaryRole()); + if (users != null && users.length > 0) { + List primaryRoles = mapping.getInternalRoles(); + for (String role : primaryRoles) { + if (userStoreManager.isExistingRole(role)) { + String[] existingUsers = userStoreManager.getUserListOfRole(role); + List existingUserList = new ArrayList<>(Arrays.asList(existingUsers)); + List newUserList = new ArrayList<>(); + for (String user: users) { + if (existingUserList.contains(user)) { + // if contains, remove from existing list + existingUserList.remove(user); + } else { + // new user + newUserList.add(user); + } + } + + List deleteUserList = new ArrayList<>(); + if (!existingUserList.isEmpty()) { + String domain = mapping.getSecondaryRole().substring(0,mapping.getSecondaryRole().indexOf("/")); + for (String user : existingUserList) { + if (user.startsWith(domain.toUpperCase())) { + deleteUserList.add(user); + } + } + } + + // update user list of given role + if (!newUserList.isEmpty() || !deleteUserList.isEmpty()) { + userStoreManager.updateUserListOfRole(role, deleteUserList.toArray(new String[0]), newUserList.toArray(new String[0])); + log.info("update user role mapping executed....."); + } + } + } + } + } + } + } catch (Exception e) { + log.error("Error while getting user store...", e); + } finally { + PrivilegedCarbonContext.endTenantFlow(); + } + } +} diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMappingConfigManager.java b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMappingConfigManager.java new file mode 100644 index 00000000000..1c4b5eac16d --- /dev/null +++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMappingConfigManager.java @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. + * + * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper; + +import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.bean.UserStoreRoleMappingConfig; +import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.exception.UserStoreRoleMapperException; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.w3c.dom.Document; +import org.wso2.carbon.utils.CarbonUtils; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import java.io.File; + +public class UserStoreRoleMappingConfigManager { + + private static final Log log = LogFactory.getLog(UserStoreRoleMappingConfigManager.class); + private static final String USERSTORE_ROLE_MAPPING_CONFIG_PATH = CarbonUtils.getCarbonConfigDirPath() + + File.separator + "user-store-role-mapping-config.xml"; + + private final UserStoreRoleMappingConfig userStoreRoleMappingConfig; + + public UserStoreRoleMappingConfigManager() throws UserStoreRoleMapperException { + try { + File UserStoreRoleMappingConfig = new File(USERSTORE_ROLE_MAPPING_CONFIG_PATH); + Document doc = convertToDocument(UserStoreRoleMappingConfig); + JAXBContext smsContext = JAXBContext.newInstance(UserStoreRoleMappingConfig.class); + Unmarshaller unmarshaller = smsContext.createUnmarshaller(); + this.userStoreRoleMappingConfig = (UserStoreRoleMappingConfig) unmarshaller.unmarshal(doc); + } catch (JAXBException e) { + String msg = "Error occurred while initializing config '" + USERSTORE_ROLE_MAPPING_CONFIG_PATH + "'"; + log.error(msg, e); + throw new UserStoreRoleMapperException(msg, e); + } + } + + private static Document convertToDocument(File file) throws UserStoreRoleMapperException { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + + try { + factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + factory.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true); + DocumentBuilder docBuilder = factory.newDocumentBuilder(); + return docBuilder.parse(file); + } catch (Exception e) { + throw new UserStoreRoleMapperException("Error occurred while parsing " + USERSTORE_ROLE_MAPPING_CONFIG_PATH + + " file, while converting to a org.w3c.dom.Document", e); + } + } + + public UserStoreRoleMappingConfig getUserStoreRoleMappingConfig() { + return this.userStoreRoleMappingConfig; + } + +} diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/bean/RoleMapping.java b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/bean/RoleMapping.java new file mode 100644 index 00000000000..604c58b4a26 --- /dev/null +++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/bean/RoleMapping.java @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. + * + * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.bean; + +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlElementWrapper; +import javax.xml.bind.annotation.XmlRootElement; +import java.util.List; + +@XmlRootElement( + name = "mapping" +) +public class RoleMapping { + private String secondaryRole; + + private List internalRoles; + + @XmlAttribute( + name = "secondaryRole" + ) + public String getSecondaryRole() { + return secondaryRole; + } + + public void setSecondaryRole(String secondaryRole) { + this.secondaryRole = secondaryRole; + } + + @XmlElementWrapper( + name = "internalRoles" + ) + @XmlElement( + name = "role" + ) + public List getInternalRoles() { + return internalRoles; + } + + public void setInternalRoles(List internalRoles) { + this.internalRoles = internalRoles; + } +} diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/bean/UserStoreRoleMappingConfig.java b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/bean/UserStoreRoleMappingConfig.java new file mode 100644 index 00000000000..47c9164c7f8 --- /dev/null +++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/bean/UserStoreRoleMappingConfig.java @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. + * + * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.bean; + +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlElementWrapper; +import javax.xml.bind.annotation.XmlRootElement; +import java.util.List; + +@XmlRootElement( + name = "UserStoreRoleMappingConfig" +) +public class UserStoreRoleMappingConfig { + + private List mappings; + + @XmlElementWrapper( + name = "mappings" + ) + @XmlElement( + name = "mapping" + ) + public List getMappings() { + return mappings; + } + + public void setMappings(List mappings) { + this.mappings = mappings; + } +} diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/exception/UserStoreRoleMapperException.java b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/exception/UserStoreRoleMapperException.java new file mode 100644 index 00000000000..72d56d202ae --- /dev/null +++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/exception/UserStoreRoleMapperException.java @@ -0,0 +1,26 @@ +/* + * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. + * + * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.exception; + +public class UserStoreRoleMapperException extends Exception { + + public UserStoreRoleMapperException(String msg, Exception e) { + super(msg, e); + } +} diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/internal/UserStoreRoleMappingDataHolder.java b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/internal/UserStoreRoleMappingDataHolder.java new file mode 100644 index 00000000000..46fd7aea2e6 --- /dev/null +++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/internal/UserStoreRoleMappingDataHolder.java @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. + * + * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal; + +import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.UserStoreRoleMappingConfigManager; +import org.wso2.carbon.context.CarbonContext; +import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.user.api.UserRealm; +import org.wso2.carbon.user.api.UserStoreException; +import org.wso2.carbon.user.api.UserStoreManager; +import org.wso2.carbon.user.core.service.RealmService; +import org.wso2.carbon.utils.ConfigurationContextService; + +public class UserStoreRoleMappingDataHolder { + + private ConfigurationContextService configurationContextService; + private RealmService realmService; + private UserStoreRoleMappingConfigManager userStoreRoleMappingConfigManager; + + private static final UserStoreRoleMappingDataHolder thisInstance = new UserStoreRoleMappingDataHolder(); + + private UserStoreRoleMappingDataHolder() {} + + public static UserStoreRoleMappingDataHolder getInstance() { + return thisInstance; + } + + public ConfigurationContextService getConfigurationContextService() { + return configurationContextService; + } + + public void setConfigurationContextService(ConfigurationContextService configurationContextService) { + this.configurationContextService = configurationContextService; + } + + public UserStoreManager getUserStoreManager() throws UserStoreException { + if (realmService == null) { + String msg = "Realm service has not initialized."; + throw new IllegalStateException(msg); + } + int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); + return realmService.getTenantUserRealm(tenantId).getUserStoreManager(); + } + + public UserRealm getUserRealm() throws UserStoreException { + UserRealm realm; + if (realmService == null) { + throw new IllegalStateException("Realm service not initialized"); + } + int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); + realm = realmService.getTenantUserRealm(tenantId); + return realm; + } + + public RealmService getRealmService() { + return realmService; + } + + public void setRealmService(RealmService realmService) { + this.realmService = realmService; + } + + public UserStoreRoleMappingConfigManager getUserStoreRoleMappingConfigManager() { + return userStoreRoleMappingConfigManager; + } + + public void setUserStoreRoleMappingConfigManager(UserStoreRoleMappingConfigManager userStoreRoleMappingConfigManager) { + this.userStoreRoleMappingConfigManager = userStoreRoleMappingConfigManager; + } +} diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/internal/UserStoreRoleMappingServiceComponent.java b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/internal/UserStoreRoleMappingServiceComponent.java new file mode 100644 index 00000000000..7e9fb49535f --- /dev/null +++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/internal/UserStoreRoleMappingServiceComponent.java @@ -0,0 +1,112 @@ +/* + * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. + * + * Entgra (Pvt) Ltd. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal; + +import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.UserStoreRoleMapper; +import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.UserStoreRoleMappingConfigManager; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.osgi.framework.BundleContext; +import org.osgi.service.component.ComponentContext; +import org.wso2.carbon.core.ServerStartupObserver; +import org.wso2.carbon.user.core.service.RealmService; +import org.wso2.carbon.utils.ConfigurationContextService; + +/** + * @scr.component name="io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal.UserStoreRoleMappingServiceComponent" + * immediate="true" + * @scr.reference name="user.realmservice.default" + * interface="org.wso2.carbon.user.core.service.RealmService" + * cardinality="1..1" + * policy="dynamic" + * bind="setRealmService" + * unbind="unsetRealmService" + * @scr.reference name="config.context.service" + * interface="org.wso2.carbon.utils.ConfigurationContextService" + * cardinality="0..1" + * policy="dynamic" + * bind="setConfigurationContextService" + * unbind="unsetConfigurationContextService" + */ +public class UserStoreRoleMappingServiceComponent { + + private static final Log log = LogFactory.getLog(UserStoreRoleMappingServiceComponent.class); + + protected void activate(ComponentContext ctx) { + if (log.isDebugEnabled()) { + log.debug("Activating Role Management Service Component"); + } + try { + BundleContext bundleContext = ctx.getBundleContext(); + UserStoreRoleMapper mapper = new UserStoreRoleMapper(); + bundleContext.registerService(ServerStartupObserver.class.getName(), mapper, null); + UserStoreRoleMappingDataHolder.getInstance().setUserStoreRoleMappingConfigManager(new UserStoreRoleMappingConfigManager()); + if (log.isDebugEnabled()) { + log.debug("Role Management Service Component has been successfully activated"); + } + } catch (Throwable e) { + log.error("Error occurred while activating Role Management Service Component", e); + } + } + + protected void deactivate(ComponentContext ctx) { + if (log.isDebugEnabled()) { + log.debug("De-activating Role Manager Service Component"); + } + } + + protected void setConfigurationContextService(ConfigurationContextService configurationContextService) { + if (log.isDebugEnabled()) { + log.debug("Setting ConfigurationContextService"); + } + + UserStoreRoleMappingDataHolder.getInstance().setConfigurationContextService(configurationContextService); + } + + protected void unsetConfigurationContextService(ConfigurationContextService configurationContextService) { + if (log.isDebugEnabled()) { + log.debug("Un-setting ConfigurationContextService"); + } + UserStoreRoleMappingDataHolder.getInstance().setConfigurationContextService(null); + } + + /** + * Sets Realm Service. + * + * @param realmService An instance of RealmService + */ + protected void setRealmService(RealmService realmService) { + if (log.isDebugEnabled()) { + log.debug("Setting Realm Service"); + } + UserStoreRoleMappingDataHolder.getInstance().setRealmService(realmService); + } + + /** + * Unsets Realm Service. + * + * @param realmService An instance of RealmService + */ + protected void unsetRealmService(RealmService realmService) { + if (log.isDebugEnabled()) { + log.debug("Unsetting Realm Service"); + } + UserStoreRoleMappingDataHolder.getInstance().setRealmService(null); + } +} diff --git a/components/device-mgt-extensions/pom.xml b/components/device-mgt-extensions/pom.xml index 5dbed0b8268..814cfe01816 100644 --- a/components/device-mgt-extensions/pom.xml +++ b/components/device-mgt-extensions/pom.xml @@ -43,6 +43,7 @@ io.entgra.device.mgt.core.device.mgt.extensions.logger io.entgra.device.mgt.core.device.mgt.extensions.defaultrole.manager io.entgra.device.mgt.core.device.mgt.extensions.stateengine + io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper diff --git a/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/pom.xml b/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/pom.xml new file mode 100644 index 00000000000..d06c47c7a81 --- /dev/null +++ b/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/pom.xml @@ -0,0 +1,105 @@ + + + + + + + io.entgra.device.mgt.core + device-mgt-extensions-feature + 5.0.31-SNAPSHOT + ../pom.xml + + + 4.0.0 + io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.feature + pom + Entgra IoT - User store role mapper feature + http://entgra.io + + This feature contains the core bundles required for user store role mapping functionality + + + + + io.entgra.device.mgt.core + io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper + + + + + + + maven-resources-plugin + 2.6 + + + copy-resources + generate-resources + + copy-resources + + + src/main/resources + + + resources + + build.properties + p2.inf + + + + + + + + + org.wso2.maven + carbon-p2-plugin + ${carbon.p2.plugin.version} + + + p2-feature-generation + package + + p2-feature-gen + + + io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper + ../../etc/feature.properties + + + org.wso2.carbon.p2.category.type:server + + org.eclipse.equinox.p2.type.group:true + + + + + + io.entgra.device.mgt.core:io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper:${io.entgra.device.mgt.core.version} + + + + + + + + + diff --git a/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/build.properties b/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/build.properties new file mode 100644 index 00000000000..89aee3ff762 --- /dev/null +++ b/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/build.properties @@ -0,0 +1,19 @@ +# +# Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved. +# +# Entgra (Pvt) Ltd. licenses this file to you under the Apache License, +# Version 2.0 (the "License"); you may not use this file except +# in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +custom = true diff --git a/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/conf/user-store-role-mapping-config.xml b/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/conf/user-store-role-mapping-config.xml new file mode 100644 index 00000000000..00e63a3fca7 --- /dev/null +++ b/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/conf/user-store-role-mapping-config.xml @@ -0,0 +1,38 @@ + + + + + + + branch_css + lb_03 + ld_03_01 + ld_03_02 + + + + + branch_css + lb_05 + ld_05_01 + ld_05_02 + + + + \ No newline at end of file diff --git a/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/p2.inf b/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/p2.inf new file mode 100644 index 00000000000..31d07a5e201 --- /dev/null +++ b/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/p2.inf @@ -0,0 +1,2 @@ +instructions.configure = \ +org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper_${feature.version}/conf/user-store-role-mapping-config.xml,target:${installFolder}/../../../repository/conf/user-store-role-mapping-config.xml,overwrite:true);\ diff --git a/features/device-mgt-extensions/pom.xml b/features/device-mgt-extensions/pom.xml index 36516f0fe85..e941289b7d5 100644 --- a/features/device-mgt-extensions/pom.xml +++ b/features/device-mgt-extensions/pom.xml @@ -41,6 +41,7 @@ io.entgra.device.mgt.core.device.mgt.extensions.defaultrole.manager.feature io.entgra.device.mgt.core.device.mgt.extensions.logger.feature io.entgra.device.mgt.core.device.mgt.extensions.stateengine.feature + io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper diff --git a/pom.xml b/pom.xml index eeee195f4aa..627b0479fec 100644 --- a/pom.xml +++ b/pom.xml @@ -1631,6 +1631,11 @@ io.entgra.device.mgt.core.device.mgt.extensions.defaultrole.manager ${io.entgra.device.mgt.core.version} + + io.entgra.device.mgt.core + io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper + ${io.entgra.device.mgt.core.version} + io.entgra.device.mgt.core io.entgra.device.mgt.core.device.mgt.extensions.logger From 53c48d87ca926957b5e166f2caf185d8bbc2dacc Mon Sep 17 00:00:00 2001 From: "amalka.subasinghe" Date: Tue, 24 Oct 2023 16:14:14 +0530 Subject: [PATCH 5/9] user store role mapping feature --- .../main/resources/conf/user-store-role-mapping-config.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/conf/user-store-role-mapping-config.xml b/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/conf/user-store-role-mapping-config.xml index 00e63a3fca7..dabe881afbe 100644 --- a/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/conf/user-store-role-mapping-config.xml +++ b/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/conf/user-store-role-mapping-config.xml @@ -18,7 +18,7 @@ --> - + branch_css lb_03 @@ -26,7 +26,7 @@ ld_03_02 - + branch_css lb_05 From 3d159c0111d1502a4c81ffecab7e1956bc4f6b8a Mon Sep 17 00:00:00 2001 From: "amalka.subasinghe" Date: Tue, 24 Oct 2023 16:24:04 +0530 Subject: [PATCH 6/9] user store role mapping feature --- .../role/mapper/UserStoreRoleMapper.java | 56 ++++++++++--------- 1 file changed, 29 insertions(+), 27 deletions(-) diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMapper.java b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMapper.java index 9419631b5b1..9636fa442eb 100644 --- a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMapper.java +++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMapper.java @@ -75,38 +75,40 @@ public class UserStoreRoleMapper implements ServerStartupObserver { .getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager(); for (RoleMapping mapping : roleMappings) { - String[] users = userStoreManager.getUserListOfRole(mapping.getSecondaryRole()); - if (users != null && users.length > 0) { - List primaryRoles = mapping.getInternalRoles(); - for (String role : primaryRoles) { - if (userStoreManager.isExistingRole(role)) { - String[] existingUsers = userStoreManager.getUserListOfRole(role); - List existingUserList = new ArrayList<>(Arrays.asList(existingUsers)); - List newUserList = new ArrayList<>(); - for (String user: users) { - if (existingUserList.contains(user)) { - // if contains, remove from existing list - existingUserList.remove(user); - } else { - // new user - newUserList.add(user); + if (userStoreManager.isExistingRole(mapping.getSecondaryRole())) { + String[] users = userStoreManager.getUserListOfRole(mapping.getSecondaryRole()); + if (users != null && users.length > 0) { + List primaryRoles = mapping.getInternalRoles(); + for (String role : primaryRoles) { + if (userStoreManager.isExistingRole(role)) { + String[] existingUsers = userStoreManager.getUserListOfRole(role); + List existingUserList = new ArrayList<>(Arrays.asList(existingUsers)); + List newUserList = new ArrayList<>(); + for (String user : users) { + if (existingUserList.contains(user)) { + // if contains, remove from existing list + existingUserList.remove(user); + } else { + // new user + newUserList.add(user); + } } - } - List deleteUserList = new ArrayList<>(); - if (!existingUserList.isEmpty()) { - String domain = mapping.getSecondaryRole().substring(0,mapping.getSecondaryRole().indexOf("/")); - for (String user : existingUserList) { - if (user.startsWith(domain.toUpperCase())) { - deleteUserList.add(user); + List deleteUserList = new ArrayList<>(); + if (!existingUserList.isEmpty()) { + String domain = mapping.getSecondaryRole().substring(0, mapping.getSecondaryRole().indexOf("/")); + for (String user : existingUserList) { + if (user.startsWith(domain.toUpperCase())) { + deleteUserList.add(user); + } } } - } - // update user list of given role - if (!newUserList.isEmpty() || !deleteUserList.isEmpty()) { - userStoreManager.updateUserListOfRole(role, deleteUserList.toArray(new String[0]), newUserList.toArray(new String[0])); - log.info("update user role mapping executed....."); + // update user list of given role + if (!newUserList.isEmpty() || !deleteUserList.isEmpty()) { + userStoreManager.updateUserListOfRole(role, deleteUserList.toArray(new String[0]), newUserList.toArray(new String[0])); + log.info("update user role mapping executed....."); + } } } } From cb5d672583c4138faa6296e3b865c318db6c4f28 Mon Sep 17 00:00:00 2001 From: "amalka.subasinghe" Date: Tue, 24 Oct 2023 16:32:53 +0530 Subject: [PATCH 7/9] user store role mapping feature --- .../extensions/userstore/role/mapper/UserStoreRoleMapper.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMapper.java b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMapper.java index 9636fa442eb..40b3beb4cc5 100644 --- a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMapper.java +++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMapper.java @@ -116,7 +116,7 @@ public class UserStoreRoleMapper implements ServerStartupObserver { } } } catch (Exception e) { - log.error("Error while getting user store...", e); + log.error("Error while getting user store..." + e.getMessage()); } finally { PrivilegedCarbonContext.endTenantFlow(); } From d67acc3d506197931931ce4e3a18965dd091c063 Mon Sep 17 00:00:00 2001 From: "amalka.subasinghe" Date: Tue, 24 Oct 2023 17:21:51 +0530 Subject: [PATCH 8/9] introduce configs and added heart beat logic --- .../pom.xml | 9 +++- .../role/mapper/UserStoreRoleMapper.java | 41 +++++++++++++------ .../bean/UserStoreRoleMappingConfig.java | 38 +++++++++++++++++ .../UserStoreRoleMappingDataHolder.java | 11 ++++- .../UserStoreRoleMappingServiceComponent.java | 23 +++++++++++ .../conf/user-store-role-mapping-config.xml | 13 +++--- 6 files changed, 112 insertions(+), 23 deletions(-) diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/pom.xml b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/pom.xml index 902f1767638..40ac6610bd6 100644 --- a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/pom.xml +++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/pom.xml @@ -75,7 +75,9 @@ org.wso2.carbon.user.api, org.wso2.carbon.user.core.common, org.wso2.carbon.user.core.service, - org.wso2.carbon.user.mgt.common + org.wso2.carbon.user.mgt.common, + io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.service, + io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.exception !io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal, @@ -219,5 +221,10 @@ jaxb-api test + + io.entgra.device.mgt.core + io.entgra.device.mgt.core.server.bootup.heartbeat.beacon + provided + diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMapper.java b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMapper.java index 40b3beb4cc5..59e3d352c77 100644 --- a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMapper.java +++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/UserStoreRoleMapper.java @@ -20,10 +20,12 @@ package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper; import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.bean.RoleMapping; import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.bean.UserStoreRoleMappingConfig; import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal.UserStoreRoleMappingDataHolder; +import io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.exception.HeartBeatManagementException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.core.ServerStartupObserver; +import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.utils.multitenancy.MultitenantConstants; @@ -36,6 +38,8 @@ import java.util.concurrent.TimeUnit; public class UserStoreRoleMapper implements ServerStartupObserver { private static final Log log = LogFactory.getLog(UserStoreRoleMapper.class); + + private UserStoreRoleMappingConfig config = null; @Override public void completingServerStartup() { @@ -43,17 +47,31 @@ public class UserStoreRoleMapper implements ServerStartupObserver { @Override public void completedServerStartup() { - Runnable periodicTask = new Runnable() { - public void run() { - updateRoleMapping(); - log.info("UserStoreRoleMapper executed...."); - } - }; - ScheduledExecutorService executor = - Executors.newSingleThreadScheduledExecutor(); + config = UserStoreRoleMappingDataHolder.getInstance() + .getUserStoreRoleMappingConfigManager().getUserStoreRoleMappingConfig(); + + try { + if ((config.isEnabled() && + UserStoreRoleMappingDataHolder.getInstance().getHeartBeatService().isTaskPartitioningEnabled() && + UserStoreRoleMappingDataHolder.getInstance().getHeartBeatService().isQualifiedToExecuteTask()) + || (config.isEnabled() && + !UserStoreRoleMappingDataHolder.getInstance().getHeartBeatService().isTaskPartitioningEnabled())) { + Runnable periodicTask = new Runnable() { + public void run() { + updateRoleMapping(); + log.info("UserStoreRoleMapper executed...."); + } + }; - executor.scheduleAtFixedRate(periodicTask,30, 60, TimeUnit.SECONDS); + ScheduledExecutorService executor = + Executors.newSingleThreadScheduledExecutor(); + + executor.scheduleAtFixedRate(periodicTask, config.getInitialDelayInSeconds(), config.getPeriodInSeconds(), TimeUnit.SECONDS); + } + } catch (HeartBeatManagementException e) { + log.error("Error while accessing heart beat service " + e.getMessage()); + } } private void updateRoleMapping() { @@ -64,9 +82,6 @@ public class UserStoreRoleMapper implements ServerStartupObserver { PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain( MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); - UserStoreRoleMappingConfig config = UserStoreRoleMappingDataHolder.getInstance() - .getUserStoreRoleMappingConfigManager().getUserStoreRoleMappingConfig(); - List roleMappings = config.getMappings(); if (!roleMappings.isEmpty()) { @@ -115,7 +130,7 @@ public class UserStoreRoleMapper implements ServerStartupObserver { } } } - } catch (Exception e) { + } catch (UserStoreException e) { log.error("Error while getting user store..." + e.getMessage()); } finally { PrivilegedCarbonContext.endTenantFlow(); diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/bean/UserStoreRoleMappingConfig.java b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/bean/UserStoreRoleMappingConfig.java index 47c9164c7f8..58e287a9ee9 100644 --- a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/bean/UserStoreRoleMappingConfig.java +++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/bean/UserStoreRoleMappingConfig.java @@ -27,8 +27,24 @@ import java.util.List; ) public class UserStoreRoleMappingConfig { + private boolean enabled; private List mappings; + private long initialDelayInSeconds; + + private long periodInSeconds; + + @XmlElement( + name = "enabled" + ) + public boolean isEnabled() { + return enabled; + } + + public void setEnabled(boolean enabled) { + this.enabled = enabled; + } + @XmlElementWrapper( name = "mappings" ) @@ -42,4 +58,26 @@ public class UserStoreRoleMappingConfig { public void setMappings(List mappings) { this.mappings = mappings; } + + @XmlElement( + name = "initialDelayInSeconds" + ) + public long getInitialDelayInSeconds() { + return initialDelayInSeconds; + } + + public void setInitialDelayInSeconds(long initialDelayInSeconds) { + this.initialDelayInSeconds = initialDelayInSeconds; + } + + @XmlElement( + name = "periodInSeconds" + ) + public long getPeriodInSeconds() { + return periodInSeconds; + } + + public void setPeriodInSeconds(long periodInSeconds) { + this.periodInSeconds = periodInSeconds; + } } diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/internal/UserStoreRoleMappingDataHolder.java b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/internal/UserStoreRoleMappingDataHolder.java index 46fd7aea2e6..71d3c32edd3 100644 --- a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/internal/UserStoreRoleMappingDataHolder.java +++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/internal/UserStoreRoleMappingDataHolder.java @@ -18,6 +18,7 @@ package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.internal; import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.UserStoreRoleMappingConfigManager; +import io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.service.HeartBeatManagementService; import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.user.api.UserRealm; @@ -31,7 +32,7 @@ public class UserStoreRoleMappingDataHolder { private ConfigurationContextService configurationContextService; private RealmService realmService; private UserStoreRoleMappingConfigManager userStoreRoleMappingConfigManager; - + private HeartBeatManagementService heartBeatService; private static final UserStoreRoleMappingDataHolder thisInstance = new UserStoreRoleMappingDataHolder(); private UserStoreRoleMappingDataHolder() {} @@ -82,4 +83,12 @@ public class UserStoreRoleMappingDataHolder { public void setUserStoreRoleMappingConfigManager(UserStoreRoleMappingConfigManager userStoreRoleMappingConfigManager) { this.userStoreRoleMappingConfigManager = userStoreRoleMappingConfigManager; } + + public HeartBeatManagementService getHeartBeatService() { + return heartBeatService; + } + + public void setHeartBeatService(HeartBeatManagementService heartBeatService) { + this.heartBeatService = heartBeatService; + } } diff --git a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/internal/UserStoreRoleMappingServiceComponent.java b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/internal/UserStoreRoleMappingServiceComponent.java index 7e9fb49535f..2471c18403b 100644 --- a/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/internal/UserStoreRoleMappingServiceComponent.java +++ b/components/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/java/io/entgra/device/mgt/core/device/mgt/extensions/userstore/role/mapper/internal/UserStoreRoleMappingServiceComponent.java @@ -20,6 +20,7 @@ package io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.in import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.UserStoreRoleMapper; import io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper.UserStoreRoleMappingConfigManager; +import io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.service.HeartBeatManagementService; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.osgi.framework.BundleContext; @@ -43,6 +44,12 @@ import org.wso2.carbon.utils.ConfigurationContextService; * policy="dynamic" * bind="setConfigurationContextService" * unbind="unsetConfigurationContextService" + * @scr.reference name="entgra.heart.beat.service" + * interface="io.entgra.device.mgt.core.server.bootup.heartbeat.beacon.service.HeartBeatManagementService" + * cardinality="0..1" + * policy="dynamic" + * bind="setHeartBeatService" + * unbind="unsetHeartBeatService" */ public class UserStoreRoleMappingServiceComponent { @@ -109,4 +116,20 @@ public class UserStoreRoleMappingServiceComponent { } UserStoreRoleMappingDataHolder.getInstance().setRealmService(null); } + + @SuppressWarnings("unused") + protected void setHeartBeatService(HeartBeatManagementService heartBeatService) { + if (log.isDebugEnabled()) { + log.debug("Setting heart beat service"); + } + UserStoreRoleMappingDataHolder.getInstance().setHeartBeatService(heartBeatService); + } + + @SuppressWarnings("unused") + protected void unsetHeartBeatService(HeartBeatManagementService heartBeatManagementService) { + if (log.isDebugEnabled()) { + log.debug("Removing heart beat service"); + } + UserStoreRoleMappingDataHolder.getInstance().setHeartBeatService(null); + } } diff --git a/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/conf/user-store-role-mapping-config.xml b/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/conf/user-store-role-mapping-config.xml index dabe881afbe..16316f47ad6 100644 --- a/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/conf/user-store-role-mapping-config.xml +++ b/features/device-mgt-extensions/io.entgra.device.mgt.core.device.mgt.extensions.userstore.role.mapper/src/main/resources/conf/user-store-role-mapping-config.xml @@ -17,21 +17,18 @@ ~ under the License. --> + false + 30 + 3600 - branch_css - lb_03 - ld_03_01 - ld_03_02 + Internal/branch_css - branch_css - lb_05 - ld_05_01 - ld_05_02 + Internal/branch_css From 29132ba84d1ec8e6198b074ef4894e1c86481158 Mon Sep 17 00:00:00 2001 From: Rajitha Kumara Date: Tue, 24 Oct 2023 18:43:01 +0530 Subject: [PATCH 9/9] Fix permission updating issue --- .../apimgt/webapp/publisher/APIPublisherServiceImpl.java | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java index f163859572c..e419bb3751b 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java @@ -732,16 +732,15 @@ public class APIPublisherServiceImpl implements APIPublisherService { } private void updatePermissions(String role, List permissions) throws UserStoreException { + if (role == null || permissions == null) return; AuthorizationManager authorizationManager = APIPublisherDataHolder.getInstance().getUserRealm() .getAuthorizationManager(); if (log.isDebugEnabled()) { log.debug("Updating the role '" + role + "'"); } - if (permissions != null && !permissions.isEmpty()) { - authorizationManager.clearRoleAuthorization(role); - for (String permission : permissions) { - authorizationManager.authorizeRole(role, permission, CarbonConstants.UI_PERMISSION_ACTION); - } + authorizationManager.clearRoleAuthorization(role); + for (String permission : permissions) { + authorizationManager.authorizeRole(role, permission, CarbonConstants.UI_PERMISSION_ACTION); } }