public void doRoleStuff() throws Exception {
UserStoreManager admin = realm.getUserStoreManager();
admin.addRole("role2", null, null);
admin.addRole("role3", null, null);
admin.addRole("role4", null, null);
admin.updateRoleListOfUser("saman", null, new String[] {"role2"});
admin.updateRoleListOfUser("saman", new String[] {"role2"}, new String[] {"role4", "role3"});
String[] rolesOfSaman = admin.getRoleListOfUser("saman");
assertEquals(3, rolesOfSaman.length);
// negative
admin.updateUserListOfRole("role2", new String[] {"saman"}, null);
admin.updateUserListOfRole("role3", null, new String[] {"amara", "sunil"});
// negative
try {
// wrong roles
admin.updateRoleListOfUser("saman", new String[] {"x"}, new String[] {"y"});
TestCase.assertTrue(false);
} catch (Exception e) {
// exptected error in negative testing
}
// wrong users - must pass because we don't know the external users.
admin.updateUserListOfRole("role2", null, new String[] {"d"});
}
private void doAddUser(
int i,
UserStoreManager admin,
String[] identityRoleNames,
String userName,
Permission permission)
throws IdentityException, UserStoreException {
try {
if (!admin.isExistingRole(identityRoleNames[i], false)) {
permission = new Permission("/permission/admin/login", UserMgtConstants.EXECUTE_ACTION);
admin.addRole(
identityRoleNames[i], new String[] {userName}, new Permission[] {permission}, false);
} else {
// if role already exists, just add user to role
admin.updateUserListOfRole(identityRoleNames[i], new String[] {}, new String[] {userName});
}
} catch (org.wso2.carbon.user.api.UserStoreException e) {
// If something goes wrong here - then remove the already added user.
admin.deleteUser(userName);
throw new IdentityException(
"Error occurred while adding user : "******". " + e.getMessage(), e);
}
}
/**
* This method is used to register an user in the system. The account will be locked if the
* Authentication.Policy.Account.Lock.On.Creation is set to true. Else user will be able to login
* after registration.
*
* @param userName
* @param password
* @param claims
* @param profileName
* @param tenantDomain
* @return
* @throws IdentityMgtServiceException
*/
public VerificationBean registerUser(
String userName,
String password,
UserIdentityClaimDTO[] claims,
String profileName,
String tenantDomain)
throws IdentityMgtServiceException {
VerificationBean vBean = new VerificationBean();
org.wso2.carbon.user.core.UserStoreManager userStoreManager = null;
Permission permission = null;
if (!IdentityMgtConfig.getInstance().isSaasEnabled()) {
String loggedInTenant =
PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
if (tenantDomain != null && !tenantDomain.isEmpty() && !loggedInTenant.equals(tenantDomain)) {
String msg = "Trying to create users in unauthorized tenant space";
log.error(msg);
throw new IdentityMgtServiceException(msg);
}
if (tenantDomain == null || tenantDomain.isEmpty()) {
tenantDomain = loggedInTenant;
}
}
RealmService realmService = IdentityMgtServiceComponent.getRealmService();
int tenantId;
try {
tenantId = Utils.getTenantId(tenantDomain);
if (realmService.getTenantUserRealm(tenantId) != null) {
userStoreManager =
(org.wso2.carbon.user.core.UserStoreManager)
realmService.getTenantUserRealm(tenantId).getUserStoreManager();
}
} catch (Exception e) {
vBean =
handleError(
VerificationBean.ERROR_CODE_UNEXPECTED
+ " Error retrieving the user store manager for the tenant",
e);
return vBean;
}
try {
if (userStoreManager == null) {
vBean = new VerificationBean();
vBean.setVerified(false);
vBean.setError(
VerificationBean.ERROR_CODE_UNEXPECTED
+ " Error retrieving the user store manager for the tenant");
return vBean;
}
Map<String, String> claimsMap = new HashMap<String, String>();
for (UserIdentityClaimDTO userIdentityClaimDTO : claims) {
claimsMap.put(userIdentityClaimDTO.getClaimUri(), userIdentityClaimDTO.getClaimValue());
}
userStoreManager.addUser(userName, password, null, claimsMap, profileName);
String identityRoleName =
UserCoreConstants.INTERNAL_DOMAIN
+ CarbonConstants.DOMAIN_SEPARATOR
+ IdentityConstants.IDENTITY_DEFAULT_ROLE;
if (!userStoreManager.isExistingRole(identityRoleName, false)) {
permission = new Permission("/permission/admin/login", UserMgtConstants.EXECUTE_ACTION);
userStoreManager.addRole(
identityRoleName, new String[] {userName}, new Permission[] {permission}, false);
} else {
userStoreManager.updateUserListOfRole(
identityRoleName, new String[] {}, new String[] {userName});
}
IdentityEventListener identityEventListener =
IdentityUtil.readEventListenerProperty(
UserOperationEventListener.class.getName(), IdentityMgtEventListener.class.getName());
boolean isListenerEnable = true;
if (identityEventListener != null) {
if (StringUtils.isNotBlank(identityEventListener.getEnable())) {
isListenerEnable = Boolean.parseBoolean(identityEventListener.getEnable());
}
}
IdentityMgtConfig config = IdentityMgtConfig.getInstance();
if (isListenerEnable && config.isAuthPolicyAccountLockOnCreation()) {
UserDTO userDTO = new UserDTO(userName);
userDTO.setTenantId(tenantId);
UserRecoveryDTO dto = new UserRecoveryDTO(userDTO);
dto.setNotification(IdentityMgtConstants.Notification.ACCOUNT_CONFORM);
dto.setNotificationType("EMAIL");
RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
vBean = processor.updateConfirmationCode(1, userName, tenantId);
dto.setConfirmationCode(vBean.getKey());
NotificationDataDTO notificationDto = processor.notifyWithEmail(dto);
vBean.setVerified(notificationDto.isNotificationSent());
// Send email data only if not internally managed.
if (!(IdentityMgtConfig.getInstance().isNotificationInternallyManaged())) {
vBean.setNotificationData(notificationDto);
}
} else {
vBean.setVerified(true);
}
} catch (UserStoreException | IdentityException e) {
UserIdentityManagementUtil.getCustomErrorMessages(e, userName);
// Rollback if user exists
try {
if (userStoreManager.isExistingUser(userName)) {
userStoreManager.deleteUser(userName);
}
} catch (org.wso2.carbon.user.core.UserStoreException e1) {
UserIdentityManagementUtil.getCustomErrorMessages(e1, userName);
}
return vBean;
}
return vBean;
}
public void doUserRoleStuff() throws Exception {
UserStoreManager admin = realm.getUserStoreManager();
InputStream inStream =
this.getClass()
.getClassLoader()
.getResource(JDBCRealmTest.JDBC_TEST_USERMGT_XML)
.openStream();
RealmConfigXMLProcessor realmConfigProcessor = new RealmConfigXMLProcessor();
RealmConfiguration realmConfig = realmConfigProcessor.buildRealmConfiguration(inStream);
admin.addRole("role2", null, null);
admin.addRole("role3", null, null);
admin.addRole("role4", null, null);
assertEquals(6, admin.getRoleNames().length); // admin,everyone,role1,role2,role3,role4
// Test delete role method
assertTrue(admin.isExistingRole("role3"));
admin.deleteRole("role3");
admin.deleteRole("role4");
assertFalse(admin.isExistingRole("role3"));
admin.addRole("role3", null, null);
admin.addRole("role4", null, null);
// add users
admin.addUser("saman", "pass1", null, null, null, false);
admin.addUser("amara", "pass2", null, null, null, false);
admin.addUser("sunil", "pass3", null, null, null, false);
// update the ROLE list of USERS
admin.updateRoleListOfUser("saman", null, new String[] {"role2"});
admin.updateRoleListOfUser("saman", new String[] {"role2"}, new String[] {"role4", "role3"});
try {
admin.updateRoleListOfUser(null, null, new String[] {"role2"});
fail("Exceptions at missing user name");
} catch (Exception ex) {
// expected user
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", ex);
}
}
// Renaming Role
admin.updateRoleName("role4", "role5");
String[] rolesOfSaman = admin.getRoleListOfUser("saman");
assertEquals(3, rolesOfSaman.length);
String[] rolesOfisuru = admin.getRoleListOfUser("isuru");
assertEquals(0, rolesOfisuru.length);
admin.updateUserListOfRole("role2", new String[] {"saman"}, null);
admin.updateUserListOfRole("role3", null, new String[] {"amara", "sunil"});
String[] userOfRole5 = admin.getUserListOfRole("role5");
assertEquals(1, userOfRole5.length);
String[] userOfRole4 = admin.getUserListOfRole("role4");
assertEquals(0, userOfRole4.length);
try {
admin.updateUserListOfRole("rolexx", null, new String[] {"amara", "sunil"});
TestCase.assertTrue(false);
} catch (Exception e) {
// exptected error in negative testing
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
try {
admin.updateUserListOfRole("role2", null, new String[] {"d"});
TestCase.assertTrue(false);
} catch (Exception e) {
// exptected error in negative testing
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
try {
admin.updateRoleListOfUser("saman", new String[] {"x"}, new String[] {"y"});
TestCase.assertTrue(false);
} catch (Exception e) {
// exptected error in negative testing
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
try {
admin.updateUserListOfRole(
realmConfig.getAdminRoleName(), null, new String[] {realmConfig.getAdminUserName()});
TestCase.assertTrue(false);
} catch (Exception e) {
// exptected error in negative testing
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
try {
admin.updateRoleListOfUser(
realmConfig.getAdminUserName(), new String[] {realmConfig.getAdminRoleName()}, null);
TestCase.assertTrue(false);
} catch (Exception e) {
// exptected error in negative testing
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
try {
admin.updateUserListOfRole(realmConfig.getEveryOneRoleName(), new String[] {"saman"}, null);
TestCase.assertTrue(false);
} catch (Exception e) {
// exptected error in negative testing
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
try {
admin.updateRoleListOfUser("sunil", new String[] {realmConfig.getEveryOneRoleName()}, null);
TestCase.assertTrue(false);
} catch (Exception e) {
// exptected error in negative testing
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
try {
admin.updateRoleName("role2", "role5");
TestCase.assertTrue(false);
} catch (Exception e) {
// exptected error in negative testing
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
}