private void doAddUser(
     int i,
     UserStoreManager admin,
     String[] identityRoleNames,
     String userName,
     Permission permission)
     throws IdentityException, UserStoreException {
   try {
     if (!admin.isExistingRole(identityRoleNames[i], false)) {
       permission = new Permission("/permission/admin/login", UserMgtConstants.EXECUTE_ACTION);
       admin.addRole(
           identityRoleNames[i], new String[] {userName}, new Permission[] {permission}, false);
     } else {
       // if role already exists, just add user to role
       admin.updateUserListOfRole(identityRoleNames[i], new String[] {}, new String[] {userName});
     }
   } catch (org.wso2.carbon.user.api.UserStoreException e) {
     // If something goes wrong here - then remove the already added user.
     admin.deleteUser(userName);
     throw new IdentityException(
         "Error occurred while adding user : "******". " + e.getMessage(), e);
   }
 }
  /**
   * This method is used to register an user in the system. The account will be locked if the
   * Authentication.Policy.Account.Lock.On.Creation is set to true. Else user will be able to login
   * after registration.
   *
   * @param userName
   * @param password
   * @param claims
   * @param profileName
   * @param tenantDomain
   * @return
   * @throws IdentityMgtServiceException
   */
  public VerificationBean registerUser(
      String userName,
      String password,
      UserIdentityClaimDTO[] claims,
      String profileName,
      String tenantDomain)
      throws IdentityMgtServiceException {

    VerificationBean vBean = new VerificationBean();

    org.wso2.carbon.user.core.UserStoreManager userStoreManager = null;
    Permission permission = null;

    if (!IdentityMgtConfig.getInstance().isSaasEnabled()) {
      String loggedInTenant =
          PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
      if (tenantDomain != null && !tenantDomain.isEmpty() && !loggedInTenant.equals(tenantDomain)) {
        String msg = "Trying to create users in unauthorized tenant space";
        log.error(msg);
        throw new IdentityMgtServiceException(msg);
      }
      if (tenantDomain == null || tenantDomain.isEmpty()) {
        tenantDomain = loggedInTenant;
      }
    }

    RealmService realmService = IdentityMgtServiceComponent.getRealmService();
    int tenantId;

    try {

      tenantId = Utils.getTenantId(tenantDomain);
      if (realmService.getTenantUserRealm(tenantId) != null) {
        userStoreManager =
            (org.wso2.carbon.user.core.UserStoreManager)
                realmService.getTenantUserRealm(tenantId).getUserStoreManager();
      }

    } catch (Exception e) {
      vBean =
          handleError(
              VerificationBean.ERROR_CODE_UNEXPECTED
                  + " Error retrieving the user store manager for the tenant",
              e);
      return vBean;
    }

    try {

      if (userStoreManager == null) {
        vBean = new VerificationBean();
        vBean.setVerified(false);
        vBean.setError(
            VerificationBean.ERROR_CODE_UNEXPECTED
                + " Error retrieving the user store manager for the tenant");
        return vBean;
      }

      Map<String, String> claimsMap = new HashMap<String, String>();
      for (UserIdentityClaimDTO userIdentityClaimDTO : claims) {
        claimsMap.put(userIdentityClaimDTO.getClaimUri(), userIdentityClaimDTO.getClaimValue());
      }

      userStoreManager.addUser(userName, password, null, claimsMap, profileName);

      String identityRoleName =
          UserCoreConstants.INTERNAL_DOMAIN
              + CarbonConstants.DOMAIN_SEPARATOR
              + IdentityConstants.IDENTITY_DEFAULT_ROLE;

      if (!userStoreManager.isExistingRole(identityRoleName, false)) {
        permission = new Permission("/permission/admin/login", UserMgtConstants.EXECUTE_ACTION);
        userStoreManager.addRole(
            identityRoleName, new String[] {userName}, new Permission[] {permission}, false);
      } else {
        userStoreManager.updateUserListOfRole(
            identityRoleName, new String[] {}, new String[] {userName});
      }

      IdentityEventListener identityEventListener =
          IdentityUtil.readEventListenerProperty(
              UserOperationEventListener.class.getName(), IdentityMgtEventListener.class.getName());

      boolean isListenerEnable = true;

      if (identityEventListener != null) {
        if (StringUtils.isNotBlank(identityEventListener.getEnable())) {
          isListenerEnable = Boolean.parseBoolean(identityEventListener.getEnable());
        }
      }

      IdentityMgtConfig config = IdentityMgtConfig.getInstance();

      if (isListenerEnable && config.isAuthPolicyAccountLockOnCreation()) {
        UserDTO userDTO = new UserDTO(userName);
        userDTO.setTenantId(tenantId);

        UserRecoveryDTO dto = new UserRecoveryDTO(userDTO);
        dto.setNotification(IdentityMgtConstants.Notification.ACCOUNT_CONFORM);
        dto.setNotificationType("EMAIL");

        RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
        vBean = processor.updateConfirmationCode(1, userName, tenantId);

        dto.setConfirmationCode(vBean.getKey());
        NotificationDataDTO notificationDto = processor.notifyWithEmail(dto);
        vBean.setVerified(notificationDto.isNotificationSent());

        //				Send email data only if not internally managed.
        if (!(IdentityMgtConfig.getInstance().isNotificationInternallyManaged())) {
          vBean.setNotificationData(notificationDto);
        }

      } else {
        vBean.setVerified(true);
      }
    } catch (UserStoreException | IdentityException e) {
      UserIdentityManagementUtil.getCustomErrorMessages(e, userName);
      // Rollback if user exists
      try {
        if (userStoreManager.isExistingUser(userName)) {
          userStoreManager.deleteUser(userName);
        }
      } catch (org.wso2.carbon.user.core.UserStoreException e1) {
        UserIdentityManagementUtil.getCustomErrorMessages(e1, userName);
      }

      return vBean;
    }

    return vBean;
  }
Ejemplo n.º 3
0
  public void doUserStuff() throws Exception {

    UserStoreManager admin = realm.getUserStoreManager();

    Map<String, String> userProps = new HashMap<String, String>();
    userProps.put(ClaimTestUtil.CLAIM_URI1, "1claim1Value");
    userProps.put(ClaimTestUtil.CLAIM_URI2, "2claim2Value");

    Permission[] permisions = new Permission[2];
    permisions[0] = new Permission("high security", "read");
    permisions[1] = new Permission("low security", "write");

    // add USER
    admin.addUser("dimuthu", "credential", null, null, null, false);
    try {
      admin.addUser(null, null, null, null, null, false);
      TestCase.assertTrue(false);
    } catch (Exception ex) {
      // expected error
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", ex);
      }
    }
    try {
      admin.addUser("dimuthu", null, null, null, null, false);
      TestCase.assertTrue(false);
    } catch (Exception ex) {
      // expected error
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", ex);
      }
    }
    try {
      admin.addUser(null, "credential", null, null, null, false);
      TestCase.assertTrue(false);
    } catch (Exception ex) {
      // expected error
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", ex);
      }
    }
    try {
      admin.addUser(" ", "credential", null, null, null, false);
      TestCase.assertTrue(false);
    } catch (Exception ex) {
      // expected error
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", ex);
      }
    }
    try {
      admin.addUser("dimuthu", "credential", null, null, null, false);
      fail("Exception at adding the same user again");
    } catch (Exception ex) {
      // expected error
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", ex);
      }
    }

    // add ROLE
    admin.addRole("role1", new String[] {"dimuthu"}, permisions); // dimuthu added to the role
    try {
      admin.addRole(null, null, null);
      fail("Exception at defining a roll with No information");
    } catch (Exception ex) {
      // expected error
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", ex);
      }
    }
    try {
      admin.addRole(null, new String[] {"dimuthu"}, permisions);
      fail("Exception at adding user to a non specified role");
    } catch (Exception ex) {
      // expected error
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", ex);
      }
    }
    try {
      admin.addRole("role1", new String[] {"isuru"}, permisions);
      fail("Exception at adding a non existing user to the role");
    } catch (Exception ex) {
      // expected error
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", ex);
      }
    }

    // add USER to a ROLE
    admin.addUser("vajira", "credential", new String[] {"role1"}, userProps, null, false);
    try {
      admin.addUser("Bence", "credential", new String[] {"rolexxx"}, userProps, null, false);
      fail("Exception at adding user to a Non-existing role");
    } catch (Exception ex) {
      // expected user
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", ex);
      }
    }
    try {
      admin.addUser(null, "credential", new String[] {"role1"}, userProps, null, false);
      fail("Exception at adding user to a role with no user name");
    } catch (Exception ex) {
      // expected user
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", ex);
      }
    }
    try {
      admin.addUser("vajira", "credential", new String[] {"role1"}, userProps, null, false);
      fail("Exception at adding same user to the same roll");
    } catch (Exception ex) {
      // expected user
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", ex);
      }
    }

    // Authenticate USER
    assertTrue(admin.authenticate("dimuthu", "credential"));
    assertFalse(admin.authenticate(null, "credential"));
    assertFalse(admin.authenticate("dimuthu", null));

    // update by ADMIN
    admin.updateCredentialByAdmin("dimuthu", "topsecret");
    assertTrue(admin.authenticate("dimuthu", "topsecret"));

    // isExistingUser
    assertTrue(admin.isExistingUser("dimuthu"));
    assertFalse(admin.isExistingUser("muhaha"));

    // update by USER
    admin.updateCredential("dimuthu", "password", "topsecret");
    // assertTrue(admin.authenticate("dimuthu", "password")); //TO DO
    assertFalse(admin.authenticate("dimuthu", "credential"));
    try {
      admin.updateCredential("dimuthu", "password", "xxx");
      TestCase.assertTrue(false);
    } catch (Exception ex) {
      // expected exception
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", ex);
      }
    }

    String[] names = admin.listUsers("*", 100);
    assertEquals(3, names.length);

    String[] names1 = admin.listUsers("*", 0);
    assertEquals(0, names1.length);

    String[] names2 = admin.listUsers("*", 2);
    assertEquals(2, names2.length);

    String[] names3 = admin.listUsers("di?uthu", 100);
    assertEquals(1, names3.length);

    String[] names4 = admin.listUsers("is?ru", 100);
    assertEquals(0, names4.length);

    String[] roleNames = admin.getRoleNames();
    assertEquals(3, roleNames.length);

    // delete
    admin.deleteUser("vajira");
    assertFalse(admin.isExistingUser("vajira"));
    assertFalse(admin.authenticate("vajira", "credential"));

    // delete ROLE
    admin.addUser("vajira", "credential", new String[] {"role1"}, userProps, null, false);
    assertTrue(admin.isExistingUser("vajira"));
    admin.deleteRole("role1");

    // add role
    admin.addRole("role1", new String[] {"dimuthu"}, permisions);
  }