public RealmConfiguration buildRealmConfiguration(OMElement realmElem, boolean supperTenant) throws UserStoreException { RealmConfiguration realmConfig = null; String userStoreClass = null; String authorizationManagerClass = null; String addAdmin = null; String adminRoleName = null; String adminUserName = null; String adminPassword = null; String everyOneRoleName = null; String realmClass = null; String description = null; Map<String, String> userStoreProperties = null; Map<String, String> authzProperties = null; Map<String, String> realmProperties = null; boolean passwordsExternallyManaged = false; realmClass = (String) realmElem.getAttributeValue(new QName(UserCoreConstants.RealmConfig.ATTR_NAME_CLASS)); OMElement mainConfig = realmElem.getFirstChildWithName( new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_CONFIGURATION)); realmProperties = getChildPropertyElements(mainConfig, secretResolver); String dbUrl = constructDatabaseURL(realmProperties.get(JDBCRealmConstants.URL)); realmProperties.put(JDBCRealmConstants.URL, dbUrl); if (mainConfig.getFirstChildWithName( new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADD_ADMIN)) != null && !mainConfig .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADD_ADMIN)) .getText() .trim() .equals("")) { addAdmin = mainConfig .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADD_ADMIN)) .getText() .trim(); } else { if (supperTenant) { log.error( "AddAdmin configuration not found or invalid in user-mgt.xml. Cannot start server!"); throw new UserStoreException( "AddAdmin configuration not found or invalid user-mgt.xml. Cannot start server!"); } else { log.debug("AddAdmin configuration not found"); addAdmin = "true"; } } OMElement reservedRolesElm = mainConfig.getFirstChildWithName( new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_RESERVED_ROLE_NAMES)); String[] reservedRoles = new String[0]; if (reservedRolesElm != null && !reservedRolesElm.getText().trim().equals("")) { String rolesStr = reservedRolesElm.getText().trim(); if (rolesStr.contains(",")) { reservedRoles = rolesStr.split(","); } else { reservedRoles = rolesStr.split(";"); } } OMElement restrictedDomainsElm = mainConfig.getFirstChildWithName( new QName( UserCoreConstants.RealmConfig.LOCAL_NAME_RESTRICTED_DOMAINS_FOR_SELF_SIGN_UP)); String[] restrictedDomains = new String[0]; if (restrictedDomainsElm != null && !restrictedDomainsElm.getText().trim().equals("")) { String domain = restrictedDomainsElm.getText().trim(); if (domain.contains(",")) { restrictedDomains = domain.split(","); } else { restrictedDomains = domain.split(";"); } } OMElement adminUser = mainConfig.getFirstChildWithName( new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADMIN_USER)); adminUserName = adminUser .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_USER_NAME)) .getText() .trim(); adminPassword = adminUser .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_PASSWORD)) .getText() .trim(); if (secretResolver != null && secretResolver.isInitialized() && secretResolver.isTokenProtected("UserManager.AdminUser.Password")) { adminPassword = secretResolver.resolve("UserManager.AdminUser.Password"); } adminRoleName = mainConfig .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADMIN_ROLE)) .getText() .trim(); everyOneRoleName = mainConfig .getFirstChildWithName( new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_EVERYONE_ROLE)) .getText() .trim(); OMElement authzConfig = realmElem.getFirstChildWithName( new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ATHZ_MANAGER)); authorizationManagerClass = authzConfig .getAttributeValue(new QName(UserCoreConstants.RealmConfig.ATTR_NAME_CLASS)) .trim(); authzProperties = getChildPropertyElements(authzConfig, null); Iterator<OMElement> iterator = realmElem.getChildrenWithName( new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_USER_STORE_MANAGER)); RealmConfiguration primaryConfig = null; RealmConfiguration tmpConfig = null; for (; iterator.hasNext(); ) { OMElement usaConfig = iterator.next(); userStoreClass = usaConfig.getAttributeValue(new QName(UserCoreConstants.RealmConfig.ATTR_NAME_CLASS)); if (usaConfig.getFirstChildWithName( new QName(UserCoreConstants.RealmConfig.CLASS_DESCRIPTION)) != null) { description = usaConfig .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.CLASS_DESCRIPTION)) .getText() .trim(); } userStoreProperties = getChildPropertyElements(usaConfig, secretResolver); String sIsPasswordExternallyManaged = userStoreProperties.get(UserCoreConstants.RealmConfig.LOCAL_PASSWORDS_EXTERNALLY_MANAGED); Map<String, String> multipleCredentialsProperties = getMultipleCredentialsProperties(usaConfig); if (null != sIsPasswordExternallyManaged && !sIsPasswordExternallyManaged.trim().equals("")) { passwordsExternallyManaged = Boolean.parseBoolean(sIsPasswordExternallyManaged); } else { if (log.isDebugEnabled()) { log.debug("External password management is disabled."); } } realmConfig = new RealmConfiguration(); realmConfig.setRealmClassName(realmClass); realmConfig.setUserStoreClass(userStoreClass); realmConfig.setDescription(description); realmConfig.setAuthorizationManagerClass(authorizationManagerClass); if (primaryConfig == null) { realmConfig.setPrimary(true); realmConfig.setAddAdmin(addAdmin); realmConfig.setAdminPassword(adminPassword); // if domain name not provided, add default primary domain name String domain = userStoreProperties.get(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME); if (domain == null) { userStoreProperties.put( UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME, UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME); } for (int i = 0; i < reservedRoles.length; i++) { realmConfig.addReservedRoleName(reservedRoles[i].trim().toUpperCase()); } for (int i = 0; i < restrictedDomains.length; i++) { realmConfig.addRestrictedDomainForSelfSignUp(restrictedDomains[i].trim().toUpperCase()); } if (supperTenant && userStoreProperties.get(UserCoreConstants.TenantMgtConfig.LOCAL_NAME_TENANT_MANAGER) == null) { log.error( "Required property '" + UserCoreConstants.TenantMgtConfig.LOCAL_NAME_TENANT_MANAGER + "' not found for the primary UserStoreManager in user_mgt.xml. Cannot start server!"); throw new UserStoreException( "Required property '" + UserCoreConstants.TenantMgtConfig.LOCAL_NAME_TENANT_MANAGER + "' not found for the primary UserStoreManager in user_mgt.xml. Cannot start server!"); } } // If the domain name still empty String domain = userStoreProperties.get(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME); if (domain == null) { log.warn( "Required property " + UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME + " missing in secondary user store. Skip adding the user store."); continue; } // Making user stores added using user-mgt.xml non-editable(static) at runtime userStoreProperties.put(UserCoreConstants.RealmConfig.STATIC_USER_STORE, "true"); realmConfig.setEveryOneRoleName( UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR + everyOneRoleName); realmConfig.setAdminRoleName(adminRoleName); realmConfig.setAdminUserName(adminUserName); realmConfig.setUserStoreProperties(userStoreProperties); realmConfig.setAuthzProperties(authzProperties); realmConfig.setRealmProperties(realmProperties); realmConfig.setPasswordsExternallyManaged(passwordsExternallyManaged); realmConfig.addMultipleCredentialProperties(userStoreClass, multipleCredentialsProperties); if (realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_MAX_USER_LIST) == null) { realmConfig .getUserStoreProperties() .put( UserCoreConstants.RealmConfig.PROPERTY_MAX_USER_LIST, UserCoreConstants.RealmConfig.PROPERTY_VALUE_DEFAULT_MAX_COUNT); } if (realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_READ_ONLY) == null) { realmConfig .getUserStoreProperties() .put( UserCoreConstants.RealmConfig.PROPERTY_READ_ONLY, UserCoreConstants.RealmConfig.PROPERTY_VALUE_DEFAULT_READ_ONLY); } if (primaryConfig == null) { primaryConfig = realmConfig; } else { tmpConfig.setSecondaryRealmConfig(realmConfig); } tmpConfig = realmConfig; } if (primaryConfig != null && primaryConfig.isPrimary()) { // Check if Admin user name has been provided with domain String primaryDomainName = primaryConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME); String readOnly = primaryConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_READ_ONLY); Boolean isReadOnly = false; if (readOnly != null) { isReadOnly = Boolean.parseBoolean(readOnly); } if (primaryDomainName != null && primaryDomainName.trim().length() > 0) { if (adminUserName.indexOf(CarbonConstants.DOMAIN_SEPARATOR) > 0) { // Using the short-circuit. User name comes with the domain name. String adminUserDomain = adminUserName.substring(0, adminUserName.indexOf(CarbonConstants.DOMAIN_SEPARATOR)); if (!primaryDomainName.equalsIgnoreCase(adminUserDomain)) { throw new UserStoreException( "Admin User domain does not match primary user store domain."); } } else { primaryConfig.setAdminUserName( UserCoreUtil.addDomainToName(adminUserName, primaryDomainName)); } if (adminRoleName.indexOf(CarbonConstants.DOMAIN_SEPARATOR) > 0) { // Using the short-circuit. User name comes with the domain name. String adminRoleDomain = adminRoleName.substring(0, adminRoleName.indexOf(CarbonConstants.DOMAIN_SEPARATOR)); if ((!primaryDomainName.equalsIgnoreCase(adminRoleDomain)) || (isReadOnly) && (!primaryDomainName.equalsIgnoreCase(UserCoreConstants.INTERNAL_DOMAIN))) { throw new UserStoreException( "Admin Role domain does not match primary user store domain."); } } } // This will be overridden inside the UserStoreManager constructor. primaryConfig.setAdminRoleName( UserCoreUtil.addDomainToName(adminRoleName, primaryDomainName)); } return primaryConfig; }
public RealmConfiguration buildRealmConfiguration(OMElement realmElem) { RealmConfiguration realmConfig = null; String userStoreClass = null; String authorizationManagerClass = null; String adminRoleName = null; String adminUserName = null; String adminPassword = null; String everyOneRoleName = null; String realmClass = null; Map<String, String> userStoreProperties = null; Map<String, String> authzProperties = null; Map<String, String> realmProperties = null; boolean passwordsExternallyManaged = false; realmClass = (String) realmElem.getAttributeValue(new QName(UserCoreConstants.RealmConfig.ATTR_NAME_CLASS)); OMElement mainConfig = realmElem.getFirstChildWithName( new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_CONFIGURATION)); realmProperties = getChildPropertyElements(mainConfig, secretResolver); String dbUrl = constructDatabaseURL(realmProperties.get(JDBCRealmConstants.URL)); realmProperties.put(JDBCRealmConstants.URL, dbUrl); OMElement adminUser = mainConfig.getFirstChildWithName( new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADMIN_USER)); adminUserName = adminUser .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_USER_NAME)) .getText(); adminPassword = adminUser .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_PASSWORD)) .getText(); if (secretResolver != null && secretResolver.isInitialized() && secretResolver.isTokenProtected("UserManager.AdminUser.Password")) { adminPassword = secretResolver.resolve("UserManager.AdminUser.Password"); } adminRoleName = mainConfig .getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ADMIN_ROLE)) .getText(); everyOneRoleName = mainConfig .getFirstChildWithName( new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_EVERYONE_ROLE)) .getText(); OMElement authzConfig = realmElem.getFirstChildWithName( new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_ATHZ_MANAGER)); authorizationManagerClass = authzConfig.getAttributeValue(new QName(UserCoreConstants.RealmConfig.ATTR_NAME_CLASS)); authzProperties = getChildPropertyElements(authzConfig, null); Iterator<OMElement> iterator = realmElem.getChildrenWithName( new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_USER_STORE_MANAGER)); RealmConfiguration primaryConfig = null; RealmConfiguration tmpConfig = null; for (; iterator.hasNext(); ) { OMElement usaConfig = iterator.next(); userStoreClass = usaConfig.getAttributeValue(new QName(UserCoreConstants.RealmConfig.ATTR_NAME_CLASS)); userStoreProperties = getChildPropertyElements(usaConfig, secretResolver); String sIsPasswordExternallyManaged = userStoreProperties.get(UserCoreConstants.RealmConfig.LOCAL_PASSWORDS_EXTERNALLY_MANAGED); Map<String, String> multipleCredentialsProperties = getMultipleCredentialsProperties(usaConfig); if (null != sIsPasswordExternallyManaged && !sIsPasswordExternallyManaged.trim().equals("")) { passwordsExternallyManaged = Boolean.parseBoolean(sIsPasswordExternallyManaged); } else { if (log.isDebugEnabled()) { log.debug("External password management is disabled."); } } realmConfig = new RealmConfiguration(); realmConfig.setRealmClassName(realmClass); realmConfig.setUserStoreClass(userStoreClass); realmConfig.setAuthorizationManagerClass(authorizationManagerClass); realmConfig.setAdminRoleName(adminRoleName); realmConfig.setAdminUserName(adminUserName); realmConfig.setAdminPassword(adminPassword); realmConfig.setEveryOneRoleName(everyOneRoleName); realmConfig.setUserStoreProperties(userStoreProperties); realmConfig.setAuthzProperties(authzProperties); realmConfig.setRealmProperties(realmProperties); realmConfig.setPasswordsExternallyManaged(passwordsExternallyManaged); realmConfig.addMultipleCredentialProperties(userStoreClass, multipleCredentialsProperties); if (realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_MAX_USER_LIST) == null) { realmConfig .getUserStoreProperties() .put( UserCoreConstants.RealmConfig.PROPERTY_MAX_USER_LIST, UserCoreConstants.RealmConfig.PROPERTY_VALUE_DEFAULT_MAX_COUNT); } if (realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_READ_ONLY) == null) { realmConfig .getUserStoreProperties() .put( UserCoreConstants.RealmConfig.PROPERTY_READ_ONLY, UserCoreConstants.RealmConfig.PROPERTY_VALUE_DEFAULT_READ_ONLY); } if (primaryConfig == null) { primaryConfig = realmConfig; } else { tmpConfig.setSecondaryRealmConfig(realmConfig); } tmpConfig = realmConfig; } return primaryConfig; }