コード例 #1
0
  public RealmConfiguration buildRealmConfiguration(OMElement realmElem, boolean supperTenant)
      throws UserStoreException {
    RealmConfiguration realmConfig = null;
    String userStoreClass = null;
    String authorizationManagerClass = null;
    String addAdmin = null;
    String adminRoleName = null;
    String adminUserName = null;
    String adminPassword = null;
    String everyOneRoleName = null;
    String realmClass = null;
    String description = null;
    Map<String, String> userStoreProperties = null;
    Map<String, String> authzProperties = null;
    Map<String, String> realmProperties = null;
    boolean passwordsExternallyManaged = false;

    realmClass =
        (String)
            realmElem.getAttributeValue(new QName(UserCoreConstants.RealmConfig.ATTR_NAME_CLASS));

    OMElement mainConfig =
        realmElem.getFirstChildWithName(
            new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_CONFIGURATION));
    realmProperties = getChildPropertyElements(mainConfig, secretResolver);
    String dbUrl = constructDatabaseURL(realmProperties.get(JDBCRealmConstants.URL));
    realmProperties.put(JDBCRealmConstants.URL, dbUrl);

    if (mainConfig.getFirstChildWithName(
                new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADD_ADMIN))
            != null
        && !mainConfig
            .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADD_ADMIN))
            .getText()
            .trim()
            .equals("")) {
      addAdmin =
          mainConfig
              .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADD_ADMIN))
              .getText()
              .trim();
    } else {
      if (supperTenant) {
        log.error(
            "AddAdmin configuration not found or invalid in user-mgt.xml. Cannot start server!");
        throw new UserStoreException(
            "AddAdmin configuration not found or invalid user-mgt.xml. Cannot start server!");
      } else {
        log.debug("AddAdmin configuration not found");
        addAdmin = "true";
      }
    }

    OMElement reservedRolesElm =
        mainConfig.getFirstChildWithName(
            new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_RESERVED_ROLE_NAMES));

    String[] reservedRoles = new String[0];

    if (reservedRolesElm != null && !reservedRolesElm.getText().trim().equals("")) {
      String rolesStr = reservedRolesElm.getText().trim();

      if (rolesStr.contains(",")) {
        reservedRoles = rolesStr.split(",");
      } else {
        reservedRoles = rolesStr.split(";");
      }
    }

    OMElement restrictedDomainsElm =
        mainConfig.getFirstChildWithName(
            new QName(
                UserCoreConstants.RealmConfig.LOCAL_NAME_RESTRICTED_DOMAINS_FOR_SELF_SIGN_UP));

    String[] restrictedDomains = new String[0];

    if (restrictedDomainsElm != null && !restrictedDomainsElm.getText().trim().equals("")) {
      String domain = restrictedDomainsElm.getText().trim();

      if (domain.contains(",")) {
        restrictedDomains = domain.split(",");
      } else {
        restrictedDomains = domain.split(";");
      }
    }

    OMElement adminUser =
        mainConfig.getFirstChildWithName(
            new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADMIN_USER));
    adminUserName =
        adminUser
            .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_USER_NAME))
            .getText()
            .trim();
    adminPassword =
        adminUser
            .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_PASSWORD))
            .getText()
            .trim();
    if (secretResolver != null
        && secretResolver.isInitialized()
        && secretResolver.isTokenProtected("UserManager.AdminUser.Password")) {
      adminPassword = secretResolver.resolve("UserManager.AdminUser.Password");
    }
    adminRoleName =
        mainConfig
            .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADMIN_ROLE))
            .getText()
            .trim();
    everyOneRoleName =
        mainConfig
            .getFirstChildWithName(
                new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_EVERYONE_ROLE))
            .getText()
            .trim();

    OMElement authzConfig =
        realmElem.getFirstChildWithName(
            new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ATHZ_MANAGER));
    authorizationManagerClass =
        authzConfig
            .getAttributeValue(new QName(UserCoreConstants.RealmConfig.ATTR_NAME_CLASS))
            .trim();
    authzProperties = getChildPropertyElements(authzConfig, null);

    Iterator<OMElement> iterator =
        realmElem.getChildrenWithName(
            new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_USER_STORE_MANAGER));

    RealmConfiguration primaryConfig = null;
    RealmConfiguration tmpConfig = null;

    for (; iterator.hasNext(); ) {
      OMElement usaConfig = iterator.next();
      userStoreClass =
          usaConfig.getAttributeValue(new QName(UserCoreConstants.RealmConfig.ATTR_NAME_CLASS));
      if (usaConfig.getFirstChildWithName(
              new QName(UserCoreConstants.RealmConfig.CLASS_DESCRIPTION))
          != null) {
        description =
            usaConfig
                .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.CLASS_DESCRIPTION))
                .getText()
                .trim();
      }
      userStoreProperties = getChildPropertyElements(usaConfig, secretResolver);

      String sIsPasswordExternallyManaged =
          userStoreProperties.get(UserCoreConstants.RealmConfig.LOCAL_PASSWORDS_EXTERNALLY_MANAGED);

      Map<String, String> multipleCredentialsProperties =
          getMultipleCredentialsProperties(usaConfig);

      if (null != sIsPasswordExternallyManaged && !sIsPasswordExternallyManaged.trim().equals("")) {
        passwordsExternallyManaged = Boolean.parseBoolean(sIsPasswordExternallyManaged);
      } else {
        if (log.isDebugEnabled()) {
          log.debug("External password management is disabled.");
        }
      }

      realmConfig = new RealmConfiguration();
      realmConfig.setRealmClassName(realmClass);
      realmConfig.setUserStoreClass(userStoreClass);
      realmConfig.setDescription(description);
      realmConfig.setAuthorizationManagerClass(authorizationManagerClass);
      if (primaryConfig == null) {
        realmConfig.setPrimary(true);
        realmConfig.setAddAdmin(addAdmin);
        realmConfig.setAdminPassword(adminPassword);

        // if domain name not provided, add default primary domain name
        String domain = userStoreProperties.get(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
        if (domain == null) {
          userStoreProperties.put(
              UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME,
              UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME);
        }

        for (int i = 0; i < reservedRoles.length; i++) {
          realmConfig.addReservedRoleName(reservedRoles[i].trim().toUpperCase());
        }

        for (int i = 0; i < restrictedDomains.length; i++) {
          realmConfig.addRestrictedDomainForSelfSignUp(restrictedDomains[i].trim().toUpperCase());
        }

        if (supperTenant
            && userStoreProperties.get(UserCoreConstants.TenantMgtConfig.LOCAL_NAME_TENANT_MANAGER)
                == null) {
          log.error(
              "Required property '"
                  + UserCoreConstants.TenantMgtConfig.LOCAL_NAME_TENANT_MANAGER
                  + "' not found for the primary UserStoreManager in user_mgt.xml. Cannot start server!");
          throw new UserStoreException(
              "Required property '"
                  + UserCoreConstants.TenantMgtConfig.LOCAL_NAME_TENANT_MANAGER
                  + "' not found for the primary UserStoreManager in user_mgt.xml. Cannot start server!");
        }
      }

      // If the domain name still empty
      String domain = userStoreProperties.get(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
      if (domain == null) {
        log.warn(
            "Required property "
                + UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME
                + " missing in secondary user store. Skip adding the user store.");
        continue;
      }
      // Making user stores added using user-mgt.xml non-editable(static) at runtime
      userStoreProperties.put(UserCoreConstants.RealmConfig.STATIC_USER_STORE, "true");

      realmConfig.setEveryOneRoleName(
          UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR + everyOneRoleName);
      realmConfig.setAdminRoleName(adminRoleName);
      realmConfig.setAdminUserName(adminUserName);
      realmConfig.setUserStoreProperties(userStoreProperties);
      realmConfig.setAuthzProperties(authzProperties);
      realmConfig.setRealmProperties(realmProperties);
      realmConfig.setPasswordsExternallyManaged(passwordsExternallyManaged);
      realmConfig.addMultipleCredentialProperties(userStoreClass, multipleCredentialsProperties);

      if (realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_MAX_USER_LIST)
          == null) {
        realmConfig
            .getUserStoreProperties()
            .put(
                UserCoreConstants.RealmConfig.PROPERTY_MAX_USER_LIST,
                UserCoreConstants.RealmConfig.PROPERTY_VALUE_DEFAULT_MAX_COUNT);
      }

      if (realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_READ_ONLY)
          == null) {
        realmConfig
            .getUserStoreProperties()
            .put(
                UserCoreConstants.RealmConfig.PROPERTY_READ_ONLY,
                UserCoreConstants.RealmConfig.PROPERTY_VALUE_DEFAULT_READ_ONLY);
      }

      if (primaryConfig == null) {
        primaryConfig = realmConfig;
      } else {
        tmpConfig.setSecondaryRealmConfig(realmConfig);
      }

      tmpConfig = realmConfig;
    }
    if (primaryConfig != null && primaryConfig.isPrimary()) {
      // Check if Admin user name has been provided with domain
      String primaryDomainName =
          primaryConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
      String readOnly =
          primaryConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_READ_ONLY);
      Boolean isReadOnly = false;
      if (readOnly != null) {
        isReadOnly = Boolean.parseBoolean(readOnly);
      }
      if (primaryDomainName != null && primaryDomainName.trim().length() > 0) {
        if (adminUserName.indexOf(CarbonConstants.DOMAIN_SEPARATOR) > 0) {
          // Using the short-circuit. User name comes with the domain name.
          String adminUserDomain =
              adminUserName.substring(0, adminUserName.indexOf(CarbonConstants.DOMAIN_SEPARATOR));
          if (!primaryDomainName.equalsIgnoreCase(adminUserDomain)) {
            throw new UserStoreException(
                "Admin User domain does not match primary user store domain.");
          }
        } else {
          primaryConfig.setAdminUserName(
              UserCoreUtil.addDomainToName(adminUserName, primaryDomainName));
        }
        if (adminRoleName.indexOf(CarbonConstants.DOMAIN_SEPARATOR) > 0) {
          // Using the short-circuit. User name comes with the domain name.
          String adminRoleDomain =
              adminRoleName.substring(0, adminRoleName.indexOf(CarbonConstants.DOMAIN_SEPARATOR));

          if ((!primaryDomainName.equalsIgnoreCase(adminRoleDomain))
              || (isReadOnly)
                  && (!primaryDomainName.equalsIgnoreCase(UserCoreConstants.INTERNAL_DOMAIN))) {
            throw new UserStoreException(
                "Admin Role domain does not match primary user store domain.");
          }
        }
      }

      // This will be overridden inside the UserStoreManager constructor.
      primaryConfig.setAdminRoleName(
          UserCoreUtil.addDomainToName(adminRoleName, primaryDomainName));
    }
    return primaryConfig;
  }
コード例 #2
0
  public RealmConfiguration buildRealmConfiguration(OMElement realmElem) {
    RealmConfiguration realmConfig = null;
    String userStoreClass = null;
    String authorizationManagerClass = null;
    String adminRoleName = null;
    String adminUserName = null;
    String adminPassword = null;
    String everyOneRoleName = null;
    String realmClass = null;
    Map<String, String> userStoreProperties = null;
    Map<String, String> authzProperties = null;
    Map<String, String> realmProperties = null;
    boolean passwordsExternallyManaged = false;

    realmClass =
        (String)
            realmElem.getAttributeValue(new QName(UserCoreConstants.RealmConfig.ATTR_NAME_CLASS));

    OMElement mainConfig =
        realmElem.getFirstChildWithName(
            new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_CONFIGURATION));
    realmProperties = getChildPropertyElements(mainConfig, secretResolver);
    String dbUrl = constructDatabaseURL(realmProperties.get(JDBCRealmConstants.URL));
    realmProperties.put(JDBCRealmConstants.URL, dbUrl);

    OMElement adminUser =
        mainConfig.getFirstChildWithName(
            new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADMIN_USER));
    adminUserName =
        adminUser
            .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_USER_NAME))
            .getText();
    adminPassword =
        adminUser
            .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_PASSWORD))
            .getText();
    if (secretResolver != null
        && secretResolver.isInitialized()
        && secretResolver.isTokenProtected("UserManager.AdminUser.Password")) {
      adminPassword = secretResolver.resolve("UserManager.AdminUser.Password");
    }
    adminRoleName =
        mainConfig
            .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADMIN_ROLE))
            .getText();
    everyOneRoleName =
        mainConfig
            .getFirstChildWithName(
                new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_EVERYONE_ROLE))
            .getText();

    OMElement authzConfig =
        realmElem.getFirstChildWithName(
            new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ATHZ_MANAGER));
    authorizationManagerClass =
        authzConfig.getAttributeValue(new QName(UserCoreConstants.RealmConfig.ATTR_NAME_CLASS));
    authzProperties = getChildPropertyElements(authzConfig, null);

    Iterator<OMElement> iterator =
        realmElem.getChildrenWithName(
            new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_USER_STORE_MANAGER));

    RealmConfiguration primaryConfig = null;
    RealmConfiguration tmpConfig = null;

    for (; iterator.hasNext(); ) {
      OMElement usaConfig = iterator.next();
      userStoreClass =
          usaConfig.getAttributeValue(new QName(UserCoreConstants.RealmConfig.ATTR_NAME_CLASS));
      userStoreProperties = getChildPropertyElements(usaConfig, secretResolver);

      String sIsPasswordExternallyManaged =
          userStoreProperties.get(UserCoreConstants.RealmConfig.LOCAL_PASSWORDS_EXTERNALLY_MANAGED);

      Map<String, String> multipleCredentialsProperties =
          getMultipleCredentialsProperties(usaConfig);

      if (null != sIsPasswordExternallyManaged && !sIsPasswordExternallyManaged.trim().equals("")) {
        passwordsExternallyManaged = Boolean.parseBoolean(sIsPasswordExternallyManaged);
      } else {
        if (log.isDebugEnabled()) {
          log.debug("External password management is disabled.");
        }
      }

      realmConfig = new RealmConfiguration();
      realmConfig.setRealmClassName(realmClass);
      realmConfig.setUserStoreClass(userStoreClass);
      realmConfig.setAuthorizationManagerClass(authorizationManagerClass);
      realmConfig.setAdminRoleName(adminRoleName);
      realmConfig.setAdminUserName(adminUserName);
      realmConfig.setAdminPassword(adminPassword);
      realmConfig.setEveryOneRoleName(everyOneRoleName);
      realmConfig.setUserStoreProperties(userStoreProperties);
      realmConfig.setAuthzProperties(authzProperties);
      realmConfig.setRealmProperties(realmProperties);
      realmConfig.setPasswordsExternallyManaged(passwordsExternallyManaged);
      realmConfig.addMultipleCredentialProperties(userStoreClass, multipleCredentialsProperties);

      if (realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_MAX_USER_LIST)
          == null) {
        realmConfig
            .getUserStoreProperties()
            .put(
                UserCoreConstants.RealmConfig.PROPERTY_MAX_USER_LIST,
                UserCoreConstants.RealmConfig.PROPERTY_VALUE_DEFAULT_MAX_COUNT);
      }

      if (realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_READ_ONLY)
          == null) {
        realmConfig
            .getUserStoreProperties()
            .put(
                UserCoreConstants.RealmConfig.PROPERTY_READ_ONLY,
                UserCoreConstants.RealmConfig.PROPERTY_VALUE_DEFAULT_READ_ONLY);
      }

      if (primaryConfig == null) {
        primaryConfig = realmConfig;
      } else {
        tmpConfig.setSecondaryRealmConfig(realmConfig);
      }

      tmpConfig = realmConfig;
    }

    return primaryConfig;
  }