public void doRoleStuff() throws Exception {
    UserStoreManager admin = realm.getUserStoreManager();

    admin.addRole("role2", null, null);
    admin.addRole("role3", null, null);
    admin.addRole("role4", null, null);

    admin.updateRoleListOfUser("saman", null, new String[] {"role2"});
    admin.updateRoleListOfUser("saman", new String[] {"role2"}, new String[] {"role4", "role3"});

    String[] rolesOfSaman = admin.getRoleListOfUser("saman");
    assertEquals(3, rolesOfSaman.length);

    // negative
    admin.updateUserListOfRole("role2", new String[] {"saman"}, null);
    admin.updateUserListOfRole("role3", null, new String[] {"amara", "sunil"});

    // negative
    try {
      // wrong roles
      admin.updateRoleListOfUser("saman", new String[] {"x"}, new String[] {"y"});
      TestCase.assertTrue(false);
    } catch (Exception e) {
      // exptected error in negative testing

    }
    // wrong users - must pass because we don't know the external users.
    admin.updateUserListOfRole("role2", null, new String[] {"d"});
  }
 private void doAddUser(
     int i,
     UserStoreManager admin,
     String[] identityRoleNames,
     String userName,
     Permission permission)
     throws IdentityException, UserStoreException {
   try {
     if (!admin.isExistingRole(identityRoleNames[i], false)) {
       permission = new Permission("/permission/admin/login", UserMgtConstants.EXECUTE_ACTION);
       admin.addRole(
           identityRoleNames[i], new String[] {userName}, new Permission[] {permission}, false);
     } else {
       // if role already exists, just add user to role
       admin.updateUserListOfRole(identityRoleNames[i], new String[] {}, new String[] {userName});
     }
   } catch (org.wso2.carbon.user.api.UserStoreException e) {
     // If something goes wrong here - then remove the already added user.
     admin.deleteUser(userName);
     throw new IdentityException(
         "Error occurred while adding user : "******". " + e.getMessage(), e);
   }
 }
  /**
   * This method is used to register an user in the system. The account will be locked if the
   * Authentication.Policy.Account.Lock.On.Creation is set to true. Else user will be able to login
   * after registration.
   *
   * @param userName
   * @param password
   * @param claims
   * @param profileName
   * @param tenantDomain
   * @return
   * @throws IdentityMgtServiceException
   */
  public VerificationBean registerUser(
      String userName,
      String password,
      UserIdentityClaimDTO[] claims,
      String profileName,
      String tenantDomain)
      throws IdentityMgtServiceException {

    VerificationBean vBean = new VerificationBean();

    org.wso2.carbon.user.core.UserStoreManager userStoreManager = null;
    Permission permission = null;

    if (!IdentityMgtConfig.getInstance().isSaasEnabled()) {
      String loggedInTenant =
          PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
      if (tenantDomain != null && !tenantDomain.isEmpty() && !loggedInTenant.equals(tenantDomain)) {
        String msg = "Trying to create users in unauthorized tenant space";
        log.error(msg);
        throw new IdentityMgtServiceException(msg);
      }
      if (tenantDomain == null || tenantDomain.isEmpty()) {
        tenantDomain = loggedInTenant;
      }
    }

    RealmService realmService = IdentityMgtServiceComponent.getRealmService();
    int tenantId;

    try {

      tenantId = Utils.getTenantId(tenantDomain);
      if (realmService.getTenantUserRealm(tenantId) != null) {
        userStoreManager =
            (org.wso2.carbon.user.core.UserStoreManager)
                realmService.getTenantUserRealm(tenantId).getUserStoreManager();
      }

    } catch (Exception e) {
      vBean =
          handleError(
              VerificationBean.ERROR_CODE_UNEXPECTED
                  + " Error retrieving the user store manager for the tenant",
              e);
      return vBean;
    }

    try {

      if (userStoreManager == null) {
        vBean = new VerificationBean();
        vBean.setVerified(false);
        vBean.setError(
            VerificationBean.ERROR_CODE_UNEXPECTED
                + " Error retrieving the user store manager for the tenant");
        return vBean;
      }

      Map<String, String> claimsMap = new HashMap<String, String>();
      for (UserIdentityClaimDTO userIdentityClaimDTO : claims) {
        claimsMap.put(userIdentityClaimDTO.getClaimUri(), userIdentityClaimDTO.getClaimValue());
      }

      userStoreManager.addUser(userName, password, null, claimsMap, profileName);

      String identityRoleName =
          UserCoreConstants.INTERNAL_DOMAIN
              + CarbonConstants.DOMAIN_SEPARATOR
              + IdentityConstants.IDENTITY_DEFAULT_ROLE;

      if (!userStoreManager.isExistingRole(identityRoleName, false)) {
        permission = new Permission("/permission/admin/login", UserMgtConstants.EXECUTE_ACTION);
        userStoreManager.addRole(
            identityRoleName, new String[] {userName}, new Permission[] {permission}, false);
      } else {
        userStoreManager.updateUserListOfRole(
            identityRoleName, new String[] {}, new String[] {userName});
      }

      IdentityEventListener identityEventListener =
          IdentityUtil.readEventListenerProperty(
              UserOperationEventListener.class.getName(), IdentityMgtEventListener.class.getName());

      boolean isListenerEnable = true;

      if (identityEventListener != null) {
        if (StringUtils.isNotBlank(identityEventListener.getEnable())) {
          isListenerEnable = Boolean.parseBoolean(identityEventListener.getEnable());
        }
      }

      IdentityMgtConfig config = IdentityMgtConfig.getInstance();

      if (isListenerEnable && config.isAuthPolicyAccountLockOnCreation()) {
        UserDTO userDTO = new UserDTO(userName);
        userDTO.setTenantId(tenantId);

        UserRecoveryDTO dto = new UserRecoveryDTO(userDTO);
        dto.setNotification(IdentityMgtConstants.Notification.ACCOUNT_CONFORM);
        dto.setNotificationType("EMAIL");

        RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
        vBean = processor.updateConfirmationCode(1, userName, tenantId);

        dto.setConfirmationCode(vBean.getKey());
        NotificationDataDTO notificationDto = processor.notifyWithEmail(dto);
        vBean.setVerified(notificationDto.isNotificationSent());

        //				Send email data only if not internally managed.
        if (!(IdentityMgtConfig.getInstance().isNotificationInternallyManaged())) {
          vBean.setNotificationData(notificationDto);
        }

      } else {
        vBean.setVerified(true);
      }
    } catch (UserStoreException | IdentityException e) {
      UserIdentityManagementUtil.getCustomErrorMessages(e, userName);
      // Rollback if user exists
      try {
        if (userStoreManager.isExistingUser(userName)) {
          userStoreManager.deleteUser(userName);
        }
      } catch (org.wso2.carbon.user.core.UserStoreException e1) {
        UserIdentityManagementUtil.getCustomErrorMessages(e1, userName);
      }

      return vBean;
    }

    return vBean;
  }
예제 #4
0
  public void doUserRoleStuff() throws Exception {
    UserStoreManager admin = realm.getUserStoreManager();

    InputStream inStream =
        this.getClass()
            .getClassLoader()
            .getResource(JDBCRealmTest.JDBC_TEST_USERMGT_XML)
            .openStream();
    RealmConfigXMLProcessor realmConfigProcessor = new RealmConfigXMLProcessor();
    RealmConfiguration realmConfig = realmConfigProcessor.buildRealmConfiguration(inStream);

    admin.addRole("role2", null, null);
    admin.addRole("role3", null, null);
    admin.addRole("role4", null, null);
    assertEquals(6, admin.getRoleNames().length); // admin,everyone,role1,role2,role3,role4

    // Test delete role method
    assertTrue(admin.isExistingRole("role3"));
    admin.deleteRole("role3");
    admin.deleteRole("role4");
    assertFalse(admin.isExistingRole("role3"));
    admin.addRole("role3", null, null);
    admin.addRole("role4", null, null);

    // add users
    admin.addUser("saman", "pass1", null, null, null, false);
    admin.addUser("amara", "pass2", null, null, null, false);
    admin.addUser("sunil", "pass3", null, null, null, false);

    // update the ROLE list of USERS
    admin.updateRoleListOfUser("saman", null, new String[] {"role2"});
    admin.updateRoleListOfUser("saman", new String[] {"role2"}, new String[] {"role4", "role3"});
    try {
      admin.updateRoleListOfUser(null, null, new String[] {"role2"});
      fail("Exceptions at missing user name");
    } catch (Exception ex) {
      // expected user
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", ex);
      }
    }

    // Renaming Role
    admin.updateRoleName("role4", "role5");

    String[] rolesOfSaman = admin.getRoleListOfUser("saman");
    assertEquals(3, rolesOfSaman.length);

    String[] rolesOfisuru = admin.getRoleListOfUser("isuru");
    assertEquals(0, rolesOfisuru.length);

    admin.updateUserListOfRole("role2", new String[] {"saman"}, null);
    admin.updateUserListOfRole("role3", null, new String[] {"amara", "sunil"});

    String[] userOfRole5 = admin.getUserListOfRole("role5");
    assertEquals(1, userOfRole5.length);

    String[] userOfRole4 = admin.getUserListOfRole("role4");
    assertEquals(0, userOfRole4.length);

    try {
      admin.updateUserListOfRole("rolexx", null, new String[] {"amara", "sunil"});
      TestCase.assertTrue(false);
    } catch (Exception e) {
      // exptected error in negative testing
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", e);
      }
    }
    try {
      admin.updateUserListOfRole("role2", null, new String[] {"d"});
      TestCase.assertTrue(false);
    } catch (Exception e) {
      // exptected error in negative testing
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", e);
      }
    }

    try {
      admin.updateRoleListOfUser("saman", new String[] {"x"}, new String[] {"y"});
      TestCase.assertTrue(false);
    } catch (Exception e) {
      // exptected error in negative testing
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", e);
      }
    }

    try {
      admin.updateUserListOfRole(
          realmConfig.getAdminRoleName(), null, new String[] {realmConfig.getAdminUserName()});
      TestCase.assertTrue(false);
    } catch (Exception e) {
      // exptected error in negative testing
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", e);
      }
    }

    try {
      admin.updateRoleListOfUser(
          realmConfig.getAdminUserName(), new String[] {realmConfig.getAdminRoleName()}, null);
      TestCase.assertTrue(false);
    } catch (Exception e) {
      // exptected error in negative testing
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", e);
      }
    }

    try {
      admin.updateUserListOfRole(realmConfig.getEveryOneRoleName(), new String[] {"saman"}, null);
      TestCase.assertTrue(false);
    } catch (Exception e) {
      // exptected error in negative testing
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", e);
      }
    }

    try {
      admin.updateRoleListOfUser("sunil", new String[] {realmConfig.getEveryOneRoleName()}, null);
      TestCase.assertTrue(false);
    } catch (Exception e) {
      // exptected error in negative testing
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", e);
      }
    }

    try {
      admin.updateRoleName("role2", "role5");
      TestCase.assertTrue(false);
    } catch (Exception e) {
      // exptected error in negative testing
      if (log.isDebugEnabled()) {
        log.debug("Expected error, hence ignored", e);
      }
    }
  }