@Override
public int createApplication(
ServiceProvider serviceProvider, String tenantDomain, String userName)
throws IdentityApplicationManagementException {
try {
startTenantFlow(tenantDomain, userName);
// invoking the listeners
List<ApplicationMgtListener> listeners = ApplicationMgtListenerServiceComponent.getListners();
for (ApplicationMgtListener listener : listeners) {
listener.createApplication(serviceProvider);
}
// first we need to create a role with the application name.
// only the users in this role will be able to edit/update the
// application.
ApplicationMgtUtil.createAppRole(serviceProvider.getApplicationName());
ApplicationDAO appDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO();
ApplicationMgtUtil.storePermission(
serviceProvider.getApplicationName(), serviceProvider.getPermissionAndRoleConfig());
return appDAO.createApplication(serviceProvider, tenantDomain);
} catch (Exception e) {
try {
ApplicationMgtUtil.deleteAppRole(serviceProvider.getApplicationName());
ApplicationMgtUtil.deletePermissions(serviceProvider.getApplicationName());
} catch (Exception ignored) {
if (log.isDebugEnabled()) {
log.debug("Ignored the exception occurred while trying to delete the role : ", e);
}
}
String error =
"Error occurred while creating the application : " + serviceProvider.getApplicationName();
log.error(error, e);
throw new IdentityApplicationManagementException(error, e);
} finally {
endTenantFlow();
}
}
@Override
public void deleteApplication(String applicationName, String tenantDomain, String userName)
throws IdentityApplicationManagementException {
try {
startTenantFlow(tenantDomain, userName);
// invoking the listeners
List<ApplicationMgtListener> listeners = ApplicationMgtListenerServiceComponent.getListners();
for (ApplicationMgtListener listener : listeners) {
listener.deleteApplication(applicationName);
}
if (!ApplicationMgtUtil.isUserAuthorized(applicationName)) {
log.warn(
"Illegal Access! User "
+ CarbonContext.getThreadLocalCarbonContext().getUsername()
+ " does not have access to the application "
+ applicationName);
throw new IdentityApplicationManagementException("User not authorized");
}
ApplicationDAO appDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO();
ServiceProvider serviceProvider = appDAO.getApplication(applicationName, tenantDomain);
appDAO.deleteApplication(applicationName);
ApplicationMgtUtil.deleteAppRole(applicationName);
ApplicationMgtUtil.deletePermissions(applicationName);
if (serviceProvider != null
&& serviceProvider.getInboundAuthenticationConfig() != null
&& serviceProvider
.getInboundAuthenticationConfig()
.getInboundAuthenticationRequestConfigs()
!= null) {
InboundAuthenticationRequestConfig[] configs =
serviceProvider
.getInboundAuthenticationConfig()
.getInboundAuthenticationRequestConfigs();
for (InboundAuthenticationRequestConfig config : configs) {
if (IdentityApplicationConstants.Authenticator.SAML2SSO.NAME.equalsIgnoreCase(
config.getInboundAuthType())
&& config.getInboundAuthKey() != null) {
SAMLApplicationDAO samlDAO =
ApplicationMgtSystemConfig.getInstance().getSAMLClientDAO();
samlDAO.removeServiceProviderConfiguration(config.getInboundAuthKey());
} else if (IdentityApplicationConstants.OAuth2.NAME.equalsIgnoreCase(
config.getInboundAuthType())
&& config.getInboundAuthKey() != null) {
OAuthApplicationDAO oathDAO =
ApplicationMgtSystemConfig.getInstance().getOAuthOIDCClientDAO();
oathDAO.removeOAuthApplication(config.getInboundAuthKey());
} else if ("kerberos".equalsIgnoreCase(config.getInboundAuthType())
&& config.getInboundAuthKey() != null) {
DirectoryServerManager directoryServerManager = new DirectoryServerManager();
directoryServerManager.removeServer(config.getInboundAuthKey());
} else if (IdentityApplicationConstants.Authenticator.WSTrust.NAME.equalsIgnoreCase(
config.getInboundAuthType())
&& config.getInboundAuthKey() != null) {
try {
AxisService stsService = getAxisConfig().getService(ServerConstants.STS_NAME);
Parameter origParam =
stsService.getParameter(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG.getLocalPart());
if (origParam != null) {
OMElement samlConfigElem =
origParam
.getParameterElement()
.getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG);
SAMLTokenIssuerConfig samlConfig = new SAMLTokenIssuerConfig(samlConfigElem);
samlConfig.getTrustedServices().remove(config.getInboundAuthKey());
setSTSParameter(samlConfig);
removeTrustedService(
ServerConstants.STS_NAME, ServerConstants.STS_NAME, config.getInboundAuthKey());
} else {
throw new IdentityApplicationManagementException(
"missing parameter : "
+ SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG.getLocalPart());
}
} catch (Exception e) {
String error = "Error while removing a trusted service";
log.error(error, e);
throw new IdentityApplicationManagementException(error, e);
}
}
}
}
} catch (Exception e) {
String error = "Error occurred while deleting the application";
log.error(error, e);
throw new IdentityApplicationManagementException(error, e);
} finally {
endTenantFlow();
}
}
@Override
public void updateApplication(
ServiceProvider serviceProvider, String tenantDomain, String userName)
throws IdentityApplicationManagementException {
try {
try {
startTenantFlow(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
IdentityServiceProviderCacheKey cacheKey =
new IdentityServiceProviderCacheKey(tenantDomain, serviceProvider.getApplicationName());
IdentityServiceProviderCache.getInstance().clearCacheEntry(cacheKey);
} finally {
endTenantFlow();
startTenantFlow(tenantDomain, userName);
}
// invoking the listeners
List<ApplicationMgtListener> listeners = ApplicationMgtListenerServiceComponent.getListners();
for (ApplicationMgtListener listener : listeners) {
listener.updateApplication(serviceProvider);
}
// check whether use is authorized to update the application.
if (!ApplicationConstants.LOCAL_SP.equals(serviceProvider.getApplicationName())
&& !ApplicationMgtUtil.isUserAuthorized(
serviceProvider.getApplicationName(), serviceProvider.getApplicationID())) {
log.warn(
"Illegal Access! User "
+ CarbonContext.getThreadLocalCarbonContext().getUsername()
+ " does not have access to the application "
+ serviceProvider.getApplicationName());
throw new IdentityApplicationManagementException("User not authorized");
}
ApplicationDAO appDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO();
String storedAppName = appDAO.getApplicationName(serviceProvider.getApplicationID());
appDAO.updateApplication(serviceProvider);
ApplicationPermission[] permissions =
serviceProvider.getPermissionAndRoleConfig().getPermissions();
String applicationNode =
ApplicationMgtUtil.getApplicationPermissionPath()
+ RegistryConstants.PATH_SEPARATOR
+ storedAppName;
org.wso2.carbon.registry.api.Registry tenantGovReg =
CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
boolean exist = tenantGovReg.resourceExists(applicationNode);
if (exist && !storedAppName.equals(serviceProvider.getApplicationName())) {
ApplicationMgtUtil.renameAppPermissionPathNode(
storedAppName, serviceProvider.getApplicationName());
}
if (ArrayUtils.isNotEmpty(permissions)) {
ApplicationMgtUtil.updatePermissions(serviceProvider.getApplicationName(), permissions);
}
} catch (Exception e) {
String error = "Error occurred while updating the application";
log.error(error, e);
throw new IdentityApplicationManagementException(error, e);
} finally {
endTenantFlow();
}
}
