From 57b937acee4082649741813c5c7dfca92c1c40c1 Mon Sep 17 00:00:00 2001 From: Thilina Shashimal Senarath Date: Thu, 26 Oct 2023 19:21:54 +0530 Subject: [PATCH 1/3] Fix admin role mandatory attribute update --- .../scim2/common/group/SCIMGroupHandler.java | 60 +++++++++++++++++++ .../common/internal/SCIMCommonComponent.java | 16 +++++ .../internal/SCIMCommonComponentHolder.java | 23 +++++++ .../common/utils/AdminAttributeUtil.java | 2 +- .../common/utils/AdminAttributeUtilTest.java | 2 +- 5 files changed, 101 insertions(+), 2 deletions(-) diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/group/SCIMGroupHandler.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/group/SCIMGroupHandler.java index c6c5dd6f4..6af68b756 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/group/SCIMGroupHandler.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/group/SCIMGroupHandler.java @@ -18,11 +18,18 @@ package org.wso2.carbon.identity.scim2.common.group; +import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.identity.core.util.IdentityTenantUtil; +import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException; +import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants; +import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException; import org.wso2.carbon.identity.scim2.common.DAO.GroupDAO; import org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException; +import org.wso2.carbon.identity.scim2.common.internal.SCIMCommonComponentHolder; import org.wso2.carbon.identity.scim2.common.utils.SCIMCommonUtils; +import org.wso2.carbon.user.core.util.UserCoreUtil; import org.wso2.charon3.core.exceptions.BadRequestException; import org.wso2.charon3.core.exceptions.CharonException; import org.wso2.charon3.core.objects.Group; @@ -76,6 +83,59 @@ public void addMandatoryAttributes(String groupName) groupDAO.addSCIMGroupAttributes(tenantId, groupName, attributes); } + /** + * Add admin role attributes. + * + * @param roleName Role name. + * @throws IdentitySCIMException if any error occurs while adding admin role attributes. + */ + public void addAdminRoleMandatoryAttributes(String roleName) + throws IdentitySCIMException { + Map attributes = new HashMap<>(); + String tenantDomain = IdentityTenantUtil.getTenantDomain(1); + String id; + try { + id = SCIMCommonComponentHolder.getRoleManagementServiceV2().getRoleIdByName( + UserCoreUtil.removeDomainFromName(roleName), RoleConstants.ORGANIZATION, + getOrganizationId(tenantDomain), tenantDomain); + } catch (IdentityRoleManagementException e) { + throw new IdentitySCIMException("Error while resolving admin role id", e); + } + if (StringUtils.isBlank(id)) { + id = UUID.randomUUID().toString(); + } + attributes.put(SCIMConstants.CommonSchemaConstants.ID_URI, id); + + String createdDate = AttributeUtil.formatDateTime(Instant.now()); + attributes.put(SCIMConstants.CommonSchemaConstants.CREATED_URI, createdDate); + + attributes.put(SCIMConstants.CommonSchemaConstants.LAST_MODIFIED_URI, createdDate); + attributes.put(SCIMConstants.CommonSchemaConstants.LOCATION_URI, SCIMCommonUtils.getSCIMGroupURL(id)); + GroupDAO groupDAO = new GroupDAO(); + groupDAO.addSCIMGroupAttributes(tenantId, roleName, attributes); + } + + /** + * Get the organization id of the tenant. + * + * @param tenantDomain Tenant domain. + * @return Organization id. + * @throws IdentitySCIMException if any error occurs while resolving organization id. + */ + private String getOrganizationId(String tenantDomain) throws IdentitySCIMException { + + String orgId; + try { + orgId = SCIMCommonComponentHolder.getOrganizationManager().resolveOrganizationId(tenantDomain); + } catch (OrganizationManagementException e) { + throw new IdentitySCIMException("Error while resolving org id of tenant : " + tenantDomain, e); + } + if (StringUtils.isBlank(orgId)) { + throw new IdentitySCIMException("Organization id not found for tenant : " + tenantDomain); + } + return orgId; + } + /** * Retrieve the group attributes by group name * diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponent.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponent.java index f2761dfb6..6a630e99f 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponent.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponent.java @@ -32,6 +32,7 @@ import org.wso2.carbon.identity.core.util.IdentityCoreInitializedEvent; import org.wso2.carbon.identity.core.util.IdentityUtil; import org.wso2.carbon.identity.event.handler.AbstractEventHandler; +import org.wso2.carbon.identity.organization.management.service.OrganizationManager; import org.wso2.carbon.identity.role.mgt.core.RoleManagementService; import org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreErrorResolver; import org.wso2.carbon.identity.scim2.common.handlers.SCIMClaimOperationEventHandler; @@ -315,6 +316,21 @@ protected void unsetScimUserStoreErrorResolver(SCIMUserStoreErrorResolver scimUs SCIMCommonComponentHolder.removeScimUserStoreErrorResolver(scimUserStoreErrorResolver); } + @Reference(name = "identity.organization.management.component", + service = OrganizationManager.class, + cardinality = ReferenceCardinality.MANDATORY, + policy = ReferencePolicy.DYNAMIC, + unbind = "unsetOrganizationManager") + protected void setOrganizationManager(OrganizationManager organizationManager) { + + SCIMCommonComponentHolder.setOrganizationManager(organizationManager); + } + + protected void unsetOrganizationManager(OrganizationManager organizationManager) { + + SCIMCommonComponentHolder.setOrganizationManager(null); + } + @Deactivate protected void deactivate(ComponentContext context) { diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponentHolder.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponentHolder.java index 71d344590..b78fe93a4 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponentHolder.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponentHolder.java @@ -19,6 +19,7 @@ package org.wso2.carbon.identity.scim2.common.internal; import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementService; +import org.wso2.carbon.identity.organization.management.service.OrganizationManager; import org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreErrorResolver; import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.mgt.RolePermissionManagementService; @@ -39,6 +40,7 @@ public class SCIMCommonComponentHolder { private static RolePermissionManagementService rolePermissionManagementService; private static RoleManagementService roleManagementService; private static org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService roleManagementServiceV2; + private static OrganizationManager organizationManager; private static final List scimUserStoreErrorResolvers = new ArrayList<>(); /** @@ -142,6 +144,27 @@ public static org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService ge return roleManagementServiceV2; } + + /** + * Get {@link OrganizationManager}. + * + * @return organization manager instance {@link OrganizationManager}. + */ + public static OrganizationManager getOrganizationManager() { + + return organizationManager; + } + + /** + * Set {@link OrganizationManager}. + * + * @param organizationManager Instance of {@link OrganizationManager}. + */ + public static void setOrganizationManager(OrganizationManager organizationManager) { + + SCIMCommonComponentHolder.organizationManager = organizationManager; + } + public static List getScimUserStoreErrorResolverList() { return scimUserStoreErrorResolvers; diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/AdminAttributeUtil.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/AdminAttributeUtil.java index 277e6bc90..a74fa3216 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/AdminAttributeUtil.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/AdminAttributeUtil.java @@ -134,7 +134,7 @@ public static void updateAdminGroup(int tenantId) { log.debug( "Group does not exist, setting scim attribute group value: " + roleNameWithDomain); } - scimGroupHandler.addMandatoryAttributes(roleNameWithDomain); + scimGroupHandler.addAdminRoleMandatoryAttributes(roleNameWithDomain); } // Adding the SCIM attributes for admin group diff --git a/components/org.wso2.carbon.identity.scim2.common/src/test/java/org/wso2/carbon/identity/scim2/common/utils/AdminAttributeUtilTest.java b/components/org.wso2.carbon.identity.scim2.common/src/test/java/org/wso2/carbon/identity/scim2/common/utils/AdminAttributeUtilTest.java index 695e12779..d2d60c889 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/test/java/org/wso2/carbon/identity/scim2/common/utils/AdminAttributeUtilTest.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/test/java/org/wso2/carbon/identity/scim2/common/utils/AdminAttributeUtilTest.java @@ -152,7 +152,7 @@ public void testUpdateAdminGroup(String domainName) throws Exception { ArgumentCaptor argument = ArgumentCaptor.forClass(String.class); adminAttributeUtil.updateAdminGroup(1); - verify(scimGroupHandler).addMandatoryAttributes(argument.capture()); + verify(scimGroupHandler).addAdminRoleMandatoryAttributes(argument.capture()); assertEquals(argument.getValue(), roleNameWithDomain); } From 34fb0c3d0407a3797ed99721624ca18927c9b033 Mon Sep 17 00:00:00 2001 From: Thilina Shashimal Senarath Date: Thu, 26 Oct 2023 19:39:12 +0530 Subject: [PATCH 2/3] fix formatting --- .../carbon/identity/scim2/common/group/SCIMGroupHandler.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/group/SCIMGroupHandler.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/group/SCIMGroupHandler.java index 6af68b756..73b4e2639 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/group/SCIMGroupHandler.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/group/SCIMGroupHandler.java @@ -91,8 +91,9 @@ public void addMandatoryAttributes(String groupName) */ public void addAdminRoleMandatoryAttributes(String roleName) throws IdentitySCIMException { + Map attributes = new HashMap<>(); - String tenantDomain = IdentityTenantUtil.getTenantDomain(1); + String tenantDomain = IdentityTenantUtil.getTenantDomain(tenantId); String id; try { id = SCIMCommonComponentHolder.getRoleManagementServiceV2().getRoleIdByName( From e5dad25c7ae39d01f730e2e08ee0fd118ff68ad5 Mon Sep 17 00:00:00 2001 From: Thilina Shashimal Senarath Date: Thu, 26 Oct 2023 19:51:34 +0530 Subject: [PATCH 3/3] fix formatting --- .../carbon/identity/scim2/common/group/SCIMGroupHandler.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/group/SCIMGroupHandler.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/group/SCIMGroupHandler.java index 73b4e2639..9a0167631 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/group/SCIMGroupHandler.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/group/SCIMGroupHandler.java @@ -89,8 +89,7 @@ public void addMandatoryAttributes(String groupName) * @param roleName Role name. * @throws IdentitySCIMException if any error occurs while adding admin role attributes. */ - public void addAdminRoleMandatoryAttributes(String roleName) - throws IdentitySCIMException { + public void addAdminRoleMandatoryAttributes(String roleName) throws IdentitySCIMException { Map attributes = new HashMap<>(); String tenantDomain = IdentityTenantUtil.getTenantDomain(tenantId);