public RealmConfiguration buildRealmConfiguration(OMElement realmElem, boolean supperTenant)
throws UserStoreException {
RealmConfiguration realmConfig = null;
String userStoreClass = null;
String authorizationManagerClass = null;
String addAdmin = null;
String adminRoleName = null;
String adminUserName = null;
String adminPassword = null;
String everyOneRoleName = null;
String realmClass = null;
String description = null;
Map<String, String> userStoreProperties = null;
Map<String, String> authzProperties = null;
Map<String, String> realmProperties = null;
boolean passwordsExternallyManaged = false;
realmClass =
(String)
realmElem.getAttributeValue(new QName(UserCoreConstants.RealmConfig.ATTR_NAME_CLASS));
OMElement mainConfig =
realmElem.getFirstChildWithName(
new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_CONFIGURATION));
realmProperties = getChildPropertyElements(mainConfig, secretResolver);
String dbUrl = constructDatabaseURL(realmProperties.get(JDBCRealmConstants.URL));
realmProperties.put(JDBCRealmConstants.URL, dbUrl);
if (mainConfig.getFirstChildWithName(
new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADD_ADMIN))
!= null
&& !mainConfig
.getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADD_ADMIN))
.getText()
.trim()
.equals("")) {
addAdmin =
mainConfig
.getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADD_ADMIN))
.getText()
.trim();
} else {
if (supperTenant) {
log.error(
"AddAdmin configuration not found or invalid in user-mgt.xml. Cannot start server!");
throw new UserStoreException(
"AddAdmin configuration not found or invalid user-mgt.xml. Cannot start server!");
} else {
log.debug("AddAdmin configuration not found");
addAdmin = "true";
}
}
OMElement reservedRolesElm =
mainConfig.getFirstChildWithName(
new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_RESERVED_ROLE_NAMES));
String[] reservedRoles = new String[0];
if (reservedRolesElm != null && !reservedRolesElm.getText().trim().equals("")) {
String rolesStr = reservedRolesElm.getText().trim();
if (rolesStr.contains(",")) {
reservedRoles = rolesStr.split(",");
} else {
reservedRoles = rolesStr.split(";");
}
}
OMElement restrictedDomainsElm =
mainConfig.getFirstChildWithName(
new QName(
UserCoreConstants.RealmConfig.LOCAL_NAME_RESTRICTED_DOMAINS_FOR_SELF_SIGN_UP));
String[] restrictedDomains = new String[0];
if (restrictedDomainsElm != null && !restrictedDomainsElm.getText().trim().equals("")) {
String domain = restrictedDomainsElm.getText().trim();
if (domain.contains(",")) {
restrictedDomains = domain.split(",");
} else {
restrictedDomains = domain.split(";");
}
}
OMElement adminUser =
mainConfig.getFirstChildWithName(
new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADMIN_USER));
adminUserName =
adminUser
.getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_USER_NAME))
.getText()
.trim();
adminPassword =
adminUser
.getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_PASSWORD))
.getText()
.trim();
if (secretResolver != null
&& secretResolver.isInitialized()
&& secretResolver.isTokenProtected("UserManager.AdminUser.Password")) {
adminPassword = secretResolver.resolve("UserManager.AdminUser.Password");
}
adminRoleName =
mainConfig
.getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADMIN_ROLE))
.getText()
.trim();
everyOneRoleName =
mainConfig
.getFirstChildWithName(
new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_EVERYONE_ROLE))
.getText()
.trim();
OMElement authzConfig =
realmElem.getFirstChildWithName(
new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ATHZ_MANAGER));
authorizationManagerClass =
authzConfig
.getAttributeValue(new QName(UserCoreConstants.RealmConfig.ATTR_NAME_CLASS))
.trim();
authzProperties = getChildPropertyElements(authzConfig, null);
Iterator<OMElement> iterator =
realmElem.getChildrenWithName(
new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_USER_STORE_MANAGER));
RealmConfiguration primaryConfig = null;
RealmConfiguration tmpConfig = null;
for (; iterator.hasNext(); ) {
OMElement usaConfig = iterator.next();
userStoreClass =
usaConfig.getAttributeValue(new QName(UserCoreConstants.RealmConfig.ATTR_NAME_CLASS));
if (usaConfig.getFirstChildWithName(
new QName(UserCoreConstants.RealmConfig.CLASS_DESCRIPTION))
!= null) {
description =
usaConfig
.getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.CLASS_DESCRIPTION))
.getText()
.trim();
}
userStoreProperties = getChildPropertyElements(usaConfig, secretResolver);
String sIsPasswordExternallyManaged =
userStoreProperties.get(UserCoreConstants.RealmConfig.LOCAL_PASSWORDS_EXTERNALLY_MANAGED);
Map<String, String> multipleCredentialsProperties =
getMultipleCredentialsProperties(usaConfig);
if (null != sIsPasswordExternallyManaged && !sIsPasswordExternallyManaged.trim().equals("")) {
passwordsExternallyManaged = Boolean.parseBoolean(sIsPasswordExternallyManaged);
} else {
if (log.isDebugEnabled()) {
log.debug("External password management is disabled.");
}
}
realmConfig = new RealmConfiguration();
realmConfig.setRealmClassName(realmClass);
realmConfig.setUserStoreClass(userStoreClass);
realmConfig.setDescription(description);
realmConfig.setAuthorizationManagerClass(authorizationManagerClass);
if (primaryConfig == null) {
realmConfig.setPrimary(true);
realmConfig.setAddAdmin(addAdmin);
realmConfig.setAdminPassword(adminPassword);
// if domain name not provided, add default primary domain name
String domain = userStoreProperties.get(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
if (domain == null) {
userStoreProperties.put(
UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME,
UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME);
}
for (int i = 0; i < reservedRoles.length; i++) {
realmConfig.addReservedRoleName(reservedRoles[i].trim().toUpperCase());
}
for (int i = 0; i < restrictedDomains.length; i++) {
realmConfig.addRestrictedDomainForSelfSignUp(restrictedDomains[i].trim().toUpperCase());
}
if (supperTenant
&& userStoreProperties.get(UserCoreConstants.TenantMgtConfig.LOCAL_NAME_TENANT_MANAGER)
== null) {
log.error(
"Required property '"
+ UserCoreConstants.TenantMgtConfig.LOCAL_NAME_TENANT_MANAGER
+ "' not found for the primary UserStoreManager in user_mgt.xml. Cannot start server!");
throw new UserStoreException(
"Required property '"
+ UserCoreConstants.TenantMgtConfig.LOCAL_NAME_TENANT_MANAGER
+ "' not found for the primary UserStoreManager in user_mgt.xml. Cannot start server!");
}
}
// If the domain name still empty
String domain = userStoreProperties.get(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
if (domain == null) {
log.warn(
"Required property "
+ UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME
+ " missing in secondary user store. Skip adding the user store.");
continue;
}
// Making user stores added using user-mgt.xml non-editable(static) at runtime
userStoreProperties.put(UserCoreConstants.RealmConfig.STATIC_USER_STORE, "true");
realmConfig.setEveryOneRoleName(
UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR + everyOneRoleName);
realmConfig.setAdminRoleName(adminRoleName);
realmConfig.setAdminUserName(adminUserName);
realmConfig.setUserStoreProperties(userStoreProperties);
realmConfig.setAuthzProperties(authzProperties);
realmConfig.setRealmProperties(realmProperties);
realmConfig.setPasswordsExternallyManaged(passwordsExternallyManaged);
realmConfig.addMultipleCredentialProperties(userStoreClass, multipleCredentialsProperties);
if (realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_MAX_USER_LIST)
== null) {
realmConfig
.getUserStoreProperties()
.put(
UserCoreConstants.RealmConfig.PROPERTY_MAX_USER_LIST,
UserCoreConstants.RealmConfig.PROPERTY_VALUE_DEFAULT_MAX_COUNT);
}
if (realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_READ_ONLY)
== null) {
realmConfig
.getUserStoreProperties()
.put(
UserCoreConstants.RealmConfig.PROPERTY_READ_ONLY,
UserCoreConstants.RealmConfig.PROPERTY_VALUE_DEFAULT_READ_ONLY);
}
if (primaryConfig == null) {
primaryConfig = realmConfig;
} else {
tmpConfig.setSecondaryRealmConfig(realmConfig);
}
tmpConfig = realmConfig;
}
if (primaryConfig != null && primaryConfig.isPrimary()) {
// Check if Admin user name has been provided with domain
String primaryDomainName =
primaryConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
String readOnly =
primaryConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_READ_ONLY);
Boolean isReadOnly = false;
if (readOnly != null) {
isReadOnly = Boolean.parseBoolean(readOnly);
}
if (primaryDomainName != null && primaryDomainName.trim().length() > 0) {
if (adminUserName.indexOf(CarbonConstants.DOMAIN_SEPARATOR) > 0) {
// Using the short-circuit. User name comes with the domain name.
String adminUserDomain =
adminUserName.substring(0, adminUserName.indexOf(CarbonConstants.DOMAIN_SEPARATOR));
if (!primaryDomainName.equalsIgnoreCase(adminUserDomain)) {
throw new UserStoreException(
"Admin User domain does not match primary user store domain.");
}
} else {
primaryConfig.setAdminUserName(
UserCoreUtil.addDomainToName(adminUserName, primaryDomainName));
}
if (adminRoleName.indexOf(CarbonConstants.DOMAIN_SEPARATOR) > 0) {
// Using the short-circuit. User name comes with the domain name.
String adminRoleDomain =
adminRoleName.substring(0, adminRoleName.indexOf(CarbonConstants.DOMAIN_SEPARATOR));
if ((!primaryDomainName.equalsIgnoreCase(adminRoleDomain))
|| (isReadOnly)
&& (!primaryDomainName.equalsIgnoreCase(UserCoreConstants.INTERNAL_DOMAIN))) {
throw new UserStoreException(
"Admin Role domain does not match primary user store domain.");
}
}
}
// This will be overridden inside the UserStoreManager constructor.
primaryConfig.setAdminRoleName(
UserCoreUtil.addDomainToName(adminRoleName, primaryDomainName));
}
return primaryConfig;
}
