add impersonation property

Thumimku · May 2, 2024 · 043133f · 043133f
1 parent 6201849
commit 043133f
Show file tree

Hide file tree

Showing 7 changed files with 286 additions and 17 deletions.
diff --git a/.../src/main/java/org/wso2/carbon/identity/application/common/model/ClientImpersonation.java b/.../src/main/java/org/wso2/carbon/identity/application/common/model/ClientImpersonation.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.wso2.carbon.identity.application.common.model;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.databinding.annotation.IgnoreNullElement;
+
+import java.io.Serializable;
+import java.util.Iterator;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+
+/**
+ * This class represents the metadata related to client impersonation. It is used for
+ * serializing and deserializing data to/from XML format.
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlRootElement(name = "ClientImpersonationMetaData")
+public class ClientImpersonation implements Serializable {
+
+ private static final long serialVersionUID = 1995041000019950518L;
+ private static final String IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED = "IsImpersonationEmailNotificationEnabled";
+ private static final String IS_IMPERSONATION_ENABLED = "IsImpersonationEnabled";
+
+ @IgnoreNullElement
+ @XmlElement(name = IS_IMPERSONATION_ENABLED)
+ private boolean isImpersonationEnabled;
+
+ // Field to store whether email notification for impersonation is enabled.
+ @IgnoreNullElement
+ @XmlElement(name = IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED)
+ private boolean isImpersonationEmailNotificationEnabled;
+
+ /**
+ * Creates an instance of the ClientImpersonationMetaData class by parsing an OMElement.
+ *
+ * @param metaDataOM The OMElement to parse and build the ClientImpersonationMetaData object from.
+ * @return A new ClientImpersonationMetaData object populated with data from the OMElement.
+ */
+ public static ClientImpersonation build(OMElement metaDataOM) {
+ ClientImpersonation metaData = new ClientImpersonation();
+
+ Iterator<?> iter = metaDataOM.getChildElements();
+
+ while (iter.hasNext()) {
+ OMElement element = (OMElement) (iter.next());
+ String elementName = element.getLocalName();
+
+ if (IS_IMPERSONATION_ENABLED.equals(elementName)) {
+ boolean isImpersonationEnabled = element.getText() != null && Boolean.parseBoolean(element.getText());
+ metaData.setImpersonationEnabled(isImpersonationEnabled);
+ } else if (IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED.equals(elementName)) {
+ boolean isImpersonationEmailNotificationEnabled = element.getText() != null
+ && Boolean.parseBoolean(element.getText());
+ metaData.setImpersonationEmailNotificationEnabled(isImpersonationEmailNotificationEnabled);
+ }
+ }
+ return metaData;
+ }
+
+
+ /**
+ * Get the value indicating whether email notification for impersonation is enabled.
+ *
+ * @return True if attestation is enabled, otherwise false.
+ */
+ public boolean isImpersonationEmailNotificationEnabled() {
+
+ return isImpersonationEmailNotificationEnabled;
+ }
+
+ /**
+ * Set the value indicating whether email notification for impersonation is enabled.
+ *
+ * @param impersonationEmailNotificationEnabled True to enable attestation, false to disable it.
+ */
+ public void setImpersonationEmailNotificationEnabled(boolean impersonationEmailNotificationEnabled) {
+
+ isImpersonationEmailNotificationEnabled = impersonationEmailNotificationEnabled;
+ }
+
+
+ public boolean isImpersonationEnabled() {
+
+ return isImpersonationEnabled;
+ }
+
+ public void setImpersonationEnabled(boolean impersonationEnabled) {
+
+ isImpersonationEnabled = impersonationEnabled;
+ }
+}
diff --git a/...mmon/src/main/java/org/wso2/carbon/identity/application/common/model/ServiceProvider.java b/...mmon/src/main/java/org/wso2/carbon/identity/application/common/model/ServiceProvider.java
@@ -149,6 +149,10 @@ public class ServiceProvider implements Serializable {
  @XmlElement(name = "ClientAttestationMetaData")
  private ClientAttestationMetaData clientAttestationMetaData;
 
+ @IgnoreNullElement
+ @XmlElement(name = "ClientImpersonation")
+ private ClientImpersonation clientImpersonation;
+
  /*
  * <ServiceProvider> <ApplicationID></ApplicationID> <Description></Description>
  * <Owner>....</Owner>
@@ -201,6 +205,9 @@ public static ServiceProvider build(OMElement serviceProviderOM) {
  } else if (IS_API_BASED_AUTHENTICATION_ENABLED.equals(elementName)) {
  boolean isAPIBasedAuthEnabled = element.getText() != null && "true".equals(element.getText());
  serviceProvider.setAPIBasedAuthenticationEnabled(isAPIBasedAuthEnabled);
+ } else if ("ClientImpersonation".equals(elementName)) {
+ // build client impersonation meta data configuration.
+ serviceProvider.setClientImpersonation(ClientImpersonation.build(element));
  } else if ("ClientAttestationMetaData".equals(elementName)) {
  // build client attestation meta data configuration.
  serviceProvider
@@ -602,5 +609,15 @@ public void setClientAttestationMetaData(ClientAttestationMetaData clientAttesta
 
  this.clientAttestationMetaData = clientAttestationMetaData;
  }
+
+ public ClientImpersonation getClientImpersonation() {
+
+ return clientImpersonation;
+ }
+
+ public void setClientImpersonation(ClientImpersonation clientImpersonation) {
+
+ this.clientImpersonation = clientImpersonation;
+ }
 }
 
diff --git a/...n/java/org/wso2/carbon/identity/application/common/util/IdentityApplicationConstants.java b/...n/java/org/wso2/carbon/identity/application/common/util/IdentityApplicationConstants.java
@@ -122,6 +122,12 @@ private IdentityApplicationConstants() {
  public static final String IS_API_BASED_AUTHENTICATION_ENABLED_DISPLAY_NAME = "Is API Based Authentication Enabled";
  public static final String IS_ATTESTATION_ENABLED_PROPERTY_NAME = "IsAttestationEnabled";
  public static final String IS_ATTESTATION_ENABLED_DISPLAY_NAME = "Is Client Attestation Enabled";
+ public static final String IS_IMPERSONATION_ENABLED_PROPERTY_NAME = "IsImpersonationEnabled";
+ public static final String IS_IMPERSONATION_ENABLED_DISPLAY_NAME = "Is Client Impersonation Enabled";
+ public static final String IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED_PROPERTY_NAME =
+ "IsImpersonationEmailNotificationEnabled";
+ public static final String IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED_DISPLAY_NAME =
+ "Is Impersonation Email Notification Enabled";
  public static final String ANDROID_PACKAGE_NAME_PROPERTY_NAME = "androidPackageName";
  public static final String ANDROID_PACKAGE_NAME_DISPLAY_NAME = "Android mobile application package name";
  public static final String APPLE_APP_ID_PROPERTY_NAME = "appleAppId";

diff --git a/...t/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java b/...t/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java
@@ -41,6 +41,7 @@
 import org.wso2.carbon.identity.application.common.model.ClaimConfig;
 import org.wso2.carbon.identity.application.common.model.ClaimMapping;
 import org.wso2.carbon.identity.application.common.model.ClientAttestationMetaData;
+import org.wso2.carbon.identity.application.common.model.ClientImpersonation;
 import org.wso2.carbon.identity.application.common.model.ConsentConfig;
 import org.wso2.carbon.identity.application.common.model.ConsentPurpose;
 import org.wso2.carbon.identity.application.common.model.ConsentPurposeConfigs;
@@ -152,6 +153,10 @@
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_ATTESTATION_ENABLED_PROPERTY_NAME;
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_B2B_SS_APP_SP_PROPERTY_DISPLAY_NAME;
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_B2B_SS_APP_SP_PROPERTY_NAME;
+import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED_DISPLAY_NAME;
+import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED_PROPERTY_NAME;
+import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_IMPERSONATION_ENABLED_DISPLAY_NAME;
+import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_IMPERSONATION_ENABLED_PROPERTY_NAME;
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_MANAGEMENT_APP_SP_PROPERTY_DISPLAY_NAME;
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_MANAGEMENT_APP_SP_PROPERTY_NAME;
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_SYSTEM_RESERVED_APP_DISPLAY_NAME;
@@ -469,6 +474,18 @@ private ApplicationCreateResult persistBasicApplicationInformation(Connection co
  storeAndroidAttestationServiceCredentialAsSecret(application);
  }
 
+ if (application.getClientImpersonation() != null) {
+ ServiceProviderProperty isImpersonationEnabled =
+ buildIsImpersonationEnabledProperty(application.getClientImpersonation());
+ serviceProviderProperties.add(isImpersonationEnabled);
+
+ if (application.getClientImpersonation().isImpersonationEnabled()) {
+ ServiceProviderProperty isImpersonationEmailNotificationEnabled =
+ buildIsImpersonationEmailNotificationEnabledProperty(application.getClientImpersonation());
+ serviceProviderProperties.add(isImpersonationEmailNotificationEnabled);
+ }
+ }
+
  ServiceProviderProperty allowedRoleAudienceProperty = buildAllowedRoleAudienceProperty(application);
  serviceProviderProperties.add(allowedRoleAudienceProperty);
  application.setSpProperties(serviceProviderProperties.toArray(new ServiceProviderProperty[0]));
@@ -2185,6 +2202,13 @@ public ServiceProvider getApplication(int applicationId) throws IdentityApplicat
  (getAndroidAttestationServiceCredentials(serviceProvider));
  }
  serviceProvider.setClientAttestationMetaData(clientAttestationMetaData);
+ ClientImpersonation clientImpersonation = new ClientImpersonation();
+ clientImpersonation.setImpersonationEnabled(getIsImpersonationEnabled(propertyList));
+ if (clientImpersonation.isImpersonationEnabled()) {
+ clientImpersonation.setImpersonationEmailNotificationEnabled
+ (getIsImpersonationEmailNotificationEnabled(propertyList));
+ }
+ serviceProvider.setClientImpersonation(clientImpersonation);
  serviceProvider.setInboundAuthenticationConfig(getInboundAuthenticationConfig(
  applicationId, connection, tenantID));
  serviceProvider
@@ -2390,6 +2414,27 @@ private boolean getIsB2BSSApp(List<ServiceProviderProperty> propertyList) {
  return Boolean.parseBoolean(value);
  }
 
+ private boolean getIsImpersonationEnabled(List<ServiceProviderProperty> propertyList) {
+
+ String value = propertyList.stream()
+ .filter(property -> IS_IMPERSONATION_ENABLED_PROPERTY_NAME.equals(property.getName()))
+ .findFirst()
+ .map(ServiceProviderProperty::getValue)
+ .orElse(StringUtils.EMPTY);
+ return Boolean.parseBoolean(value);
+ }
+
+ private boolean getIsImpersonationEmailNotificationEnabled(List<ServiceProviderProperty> propertyList) {
+
+ String value = propertyList.stream()
+ .filter(property -> IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED_PROPERTY_NAME
+ .equals(property.getName()))
+ .findFirst()
+ .map(ServiceProviderProperty::getValue)
+ .orElse(StringUtils.EMPTY);
+ return Boolean.parseBoolean(value);
+ }
+
  private boolean getIsAPIBasedAuthenticationEnabled(List<ServiceProviderProperty> propertyList) {
 
  String value = propertyList.stream()
@@ -5072,9 +5117,41 @@ private void updateConfigurationsAsServiceProperties(ServiceProvider sp)
  storeAndroidAttestationServiceCredentialAsSecret(sp);
  }
 
+ if (sp.getClientImpersonation() != null) {
+ ServiceProviderProperty isImpersonationEnabled =
+ buildIsImpersonationEnabledProperty(sp.getClientImpersonation());
+ spPropertyMap.put(isImpersonationEnabled.getName(), isImpersonationEnabled);
+
+ if (sp.getClientImpersonation().isImpersonationEnabled()) {
+ ServiceProviderProperty isImpersonationEmailNotificationEnabled =
+ buildIsImpersonationEmailNotificationEnabledProperty(sp.getClientImpersonation());
+ spPropertyMap.put(isImpersonationEmailNotificationEnabled.getName(),
+ isImpersonationEmailNotificationEnabled);
+ }
+ }
+
  sp.setSpProperties(spPropertyMap.values().toArray(new ServiceProviderProperty[0]));
  }
 
+ private ServiceProviderProperty buildIsImpersonationEnabledProperty(ClientImpersonation clientImpersonation) {
+
+ ServiceProviderProperty isImpersonationEnabled = new ServiceProviderProperty();
+ isImpersonationEnabled.setName(IS_IMPERSONATION_ENABLED_PROPERTY_NAME);
+ isImpersonationEnabled.setDisplayName(IS_IMPERSONATION_ENABLED_DISPLAY_NAME);
+ isImpersonationEnabled.setValue(String.valueOf(clientImpersonation.isImpersonationEnabled()));
+ return isImpersonationEnabled;
+ }
+
+ private ServiceProviderProperty buildIsImpersonationEmailNotificationEnabledProperty
+ (ClientImpersonation clientImpersonation) {
+
+ ServiceProviderProperty property = new ServiceProviderProperty();
+ property.setName(IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED_PROPERTY_NAME);
+ property.setDisplayName(IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED_DISPLAY_NAME);
+ property.setValue(String.valueOf(clientImpersonation.isImpersonationEmailNotificationEnabled()));
+ return property;
+ }
+
  private ServiceProviderProperty buildIsAPIBasedAuthenticationEnabledProperty(ServiceProvider sp) {
 
  ServiceProviderProperty isAPIBasedAuthenticationEnabled = new ServiceProviderProperty();

diff --git a/...t/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java b/...t/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java
@@ -39,6 +39,7 @@
 import org.wso2.carbon.identity.application.common.model.ClaimConfig;
 import org.wso2.carbon.identity.application.common.model.ClaimMapping;
 import org.wso2.carbon.identity.application.common.model.ClientAttestationMetaData;
+import org.wso2.carbon.identity.application.common.model.ClientImpersonation;
 import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
 import org.wso2.carbon.identity.application.common.model.IdentityProvider;
 import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
@@ -999,6 +1000,62 @@ public void testAddApplicationWithAttestationData(boolean isAttestationEnabled,
  REGISTRY_SYSTEM_USERNAME);
  }
 
+ @DataProvider(name = "testAddApplicationWithClientImpersonationData")
+ public Object[][] testAddApplicationWithClientImpersonationData() {
+
+
+ return new Object[][]{
+ {true, true},
+ {false, true},
+ {true, false},
+ };
+ }
+
+ @Test(dataProvider = "testAddApplicationWithClientImpersonationData")
+ public void testAddApplicationWithClientImpersonationData(boolean isImpersonationEnabled,
+ boolean isEmailNotificationEnabled) throws Exception {
+
+ ServiceProvider inputSP = new ServiceProvider();
+ inputSP.setApplicationName(APPLICATION_NAME_1);
+
+ addApplicationConfigurations(inputSP);
+ ClientImpersonation clientImpersonation = new ClientImpersonation();
+ clientImpersonation.setImpersonationEnabled(isImpersonationEnabled);
+ clientImpersonation.setImpersonationEmailNotificationEnabled(isEmailNotificationEnabled);
+ inputSP.setClientImpersonation(clientImpersonation);
+
+ // Adding new application.
+ ServiceProvider addedSP = applicationManagementService.addApplication(inputSP, SUPER_TENANT_DOMAIN_NAME,
+ REGISTRY_SYSTEM_USERNAME);
+ Assert.assertEquals(addedSP.getClientImpersonation().isImpersonationEnabled(), isImpersonationEnabled);
+ Assert.assertEquals(addedSP.getClientImpersonation().isImpersonationEmailNotificationEnabled(),
+ isEmailNotificationEnabled);
+
+ // Retrieving added application.
+ ServiceProvider retrievedSP = applicationManagementService.getApplicationExcludingFileBasedSPs
+ (inputSP.getApplicationName(), SUPER_TENANT_DOMAIN_NAME);
+ Assert.assertEquals(retrievedSP.getClientImpersonation().isImpersonationEnabled(), isImpersonationEnabled);
+ Assert.assertEquals(retrievedSP.getClientImpersonation().isImpersonationEmailNotificationEnabled(),
+ isImpersonationEnabled && isEmailNotificationEnabled);
+
+ // Updating the application by changing the isManagementApplication flag. It should be changed.
+ ClientImpersonation clientImpersonationUpdate = new ClientImpersonation();
+ clientImpersonationUpdate.setImpersonationEnabled(!isImpersonationEnabled);
+ clientImpersonationUpdate.setImpersonationEmailNotificationEnabled(!isEmailNotificationEnabled);
+ inputSP.setClientImpersonation(clientImpersonationUpdate);
+ applicationManagementService.updateApplication(inputSP, SUPER_TENANT_DOMAIN_NAME, REGISTRY_SYSTEM_USERNAME);
+
+ retrievedSP = applicationManagementService.getApplicationExcludingFileBasedSPs
+ (inputSP.getApplicationName(), SUPER_TENANT_DOMAIN_NAME);
+
+ Assert.assertEquals(retrievedSP.getClientImpersonation().isImpersonationEnabled(), !isImpersonationEnabled);
+ Assert.assertEquals(retrievedSP.getClientImpersonation().isImpersonationEmailNotificationEnabled(),
+ !(isImpersonationEnabled || isEmailNotificationEnabled));
+ // Deleting added application.
+ applicationManagementService.deleteApplication(inputSP.getApplicationName(), SUPER_TENANT_DOMAIN_NAME,
+ REGISTRY_SYSTEM_USERNAME);
+ }
+
  private void addApplicationConfigurations(ServiceProvider serviceProvider) {
 
  serviceProvider.setDescription("Created for testing");