From b2f28d3a41a60e9915644423d548b78b902f5ad2 Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Fri, 4 Aug 2023 12:05:09 +0530 Subject: [PATCH 01/14] Initial commit for group ID supported create group operation --- components/org.wso2.carbon.identity.scim2.common/pom.xml | 1 + .../carbon/identity/scim2/common/impl/SCIMUserManager.java | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/components/org.wso2.carbon.identity.scim2.common/pom.xml b/components/org.wso2.carbon.identity.scim2.common/pom.xml index 56d97f1a6..9d10328ce 100644 --- a/components/org.wso2.carbon.identity.scim2.common/pom.xml +++ b/components/org.wso2.carbon.identity.scim2.common/pom.xml @@ -24,6 +24,7 @@ 3.4.27-SNAPSHOT + 3.4.22 4.0.0 org.wso2.carbon.identity.scim2.common WSO2 Carbon - SCIM 2.0 - Common Component diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java index 8148eec97..d567b1d78 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java @@ -2628,7 +2628,11 @@ public Group createGroup(Group group, Map requiredAttributes) // Add other scim attributes in the identity DB since user store doesn't support some attributes. SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); scimGroupHandler.createSCIMAttributes(group); - carbonUM.addRoleWithID(group.getDisplayName(), members.toArray(new String[0]), null, false); +// carbonUM.addRoleWithID(group.getDisplayName(), members.toArray(new String[0]), null, false); + org.wso2.carbon.user.core.common.Group coreGroup = + carbonUM.addRoleWithRoleID(group.getDisplayName(), members.toArray(new String[0]), null, false); + group.getAttributeList().remove(SCIMConstants.CommonSchemaConstants.ID); + group.setId(coreGroup.getGroupID()); if (log.isDebugEnabled()) { log.debug("Group: " + group.getDisplayName() + " is created through SCIM."); } From f883d4454135225624d20d647bd8ee24abf69719 Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Fri, 4 Aug 2023 12:06:38 +0530 Subject: [PATCH 02/14] Initial commit for group ID supported create group operation --- components/org.wso2.carbon.identity.scim2.common/pom.xml | 1 - 1 file changed, 1 deletion(-) diff --git a/components/org.wso2.carbon.identity.scim2.common/pom.xml b/components/org.wso2.carbon.identity.scim2.common/pom.xml index 9d10328ce..56d97f1a6 100644 --- a/components/org.wso2.carbon.identity.scim2.common/pom.xml +++ b/components/org.wso2.carbon.identity.scim2.common/pom.xml @@ -24,7 +24,6 @@ 3.4.27-SNAPSHOT - 3.4.22 4.0.0 org.wso2.carbon.identity.scim2.common WSO2 Carbon - SCIM 2.0 - Common Component From 6186cb8dc98778a6d26ac1ab3ae34d4cdf2dc474 Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Tue, 8 Aug 2023 10:23:33 +0530 Subject: [PATCH 03/14] Call addGroupWithID from createGroup function --- .../scim2/common/impl/SCIMUserManager.java | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java index d567b1d78..0442e9cf1 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java @@ -2588,6 +2588,7 @@ public Group createGroup(Group group, Map requiredAttributes) // If members are sent when creating the group, check whether users already exist in the user store. List userIds = group.getMembers(); List userDisplayNames = group.getMembersWithDisplayName(); + org.wso2.carbon.user.core.common.Group coreGroup = null; if (isNotEmpty(userIds)) { List members = new ArrayList<>(); for (Object userId : userIds) { @@ -2629,10 +2630,7 @@ public Group createGroup(Group group, Map requiredAttributes) SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); scimGroupHandler.createSCIMAttributes(group); // carbonUM.addRoleWithID(group.getDisplayName(), members.toArray(new String[0]), null, false); - org.wso2.carbon.user.core.common.Group coreGroup = - carbonUM.addRoleWithRoleID(group.getDisplayName(), members.toArray(new String[0]), null, false); - group.getAttributeList().remove(SCIMConstants.CommonSchemaConstants.ID); - group.setId(coreGroup.getGroupID()); + coreGroup = carbonUM.addGroupWithID(group.getDisplayName(), members.toArray(new String[0]), null, false); if (log.isDebugEnabled()) { log.debug("Group: " + group.getDisplayName() + " is created through SCIM."); } @@ -2640,11 +2638,17 @@ public Group createGroup(Group group, Map requiredAttributes) // Add other scim attributes in the identity DB since user store doesn't support some attributes. SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); scimGroupHandler.createSCIMAttributes(group); - carbonUM.addRoleWithID(group.getDisplayName(), null, null, false); +// carbonUM.addRoleWithID(group.getDisplayName(), null, null, false); + coreGroup = carbonUM.addGroupWithID(group.getDisplayName(), null, null, false); + if (log.isDebugEnabled()) { log.debug("Group: " + group.getDisplayName() + " is created through SCIM."); } } + group.getAttributeList().remove(SCIMConstants.CommonSchemaConstants.ID); + if (coreGroup != null) { + group.setId(coreGroup.getGroupID()); + } } catch (UserStoreException e) { try { SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); From 49333f180732e7c2059b5872f2295e43128e5c6c Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Wed, 9 Aug 2023 10:27:09 +0530 Subject: [PATCH 04/14] Call deleteGroupWithID from deleteGroup function --- .../scim2/common/impl/SCIMUserManager.java | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java index 0442e9cf1..26c77059d 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java @@ -2781,8 +2781,10 @@ public void deleteGroup(String groupId) throws NotFoundException, CharonExceptio SCIMCommonUtils.setThreadLocalIsManagedThroughSCIMEP(true); // Get group name by id. - SCIMGroupHandler groupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); - String groupName = groupHandler.getGroupName(groupId); +// SCIMGroupHandler groupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); +// String groupName = groupHandler.getGroupName(groupId); + + String groupName = carbonUM.getGroupNameByGroupId(groupId); if (groupName != null) { String userStoreDomainFromSP = null; @@ -2806,7 +2808,8 @@ public void deleteGroup(String groupId) throws NotFoundException, CharonExceptio } //delete group in carbon UM - carbonUM.deleteRole(groupName); +// carbonUM.deleteRole(groupName); + carbonUM.deleteGroupWithID(groupId); carbonUM.removeGroupRoleMappingByGroupName(groupName); //we do not update Identity_SCIM DB here since it is updated in SCIMUserOperationListener's methods. @@ -2822,9 +2825,10 @@ public void deleteGroup(String groupId) throws NotFoundException, CharonExceptio } } catch (UserStoreException e) { throw resolveError(e, "Error occurred while deleting group " + groupId); - } catch (IdentitySCIMException e) { - throw new CharonException("Error occurred while deleting group " + groupId, e); } +// catch (IdentitySCIMException e) { +// throw new CharonException("Error occurred while deleting group " + groupId, e); +// } } From 67cf8890e5df08c66276da278c7fd307fd652910 Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Mon, 14 Aug 2023 19:19:41 +0530 Subject: [PATCH 05/14] Remove IDN_SCIM_GROUP table involvemnet --- .../scim2/common/impl/SCIMUserManager.java | 32 +++++++++++-------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java index 26c77059d..07cade462 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java @@ -2627,19 +2627,23 @@ public Group createGroup(Group group, Map requiredAttributes) } } // Add other scim attributes in the identity DB since user store doesn't support some attributes. - SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); - scimGroupHandler.createSCIMAttributes(group); + // Commented by Lakshi as we don't need to save this in the identity DB if there is ID support + // enabled in user store level. +// SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); +// scimGroupHandler.createSCIMAttributes(group); // carbonUM.addRoleWithID(group.getDisplayName(), members.toArray(new String[0]), null, false); - coreGroup = carbonUM.addGroupWithID(group.getDisplayName(), members.toArray(new String[0]), null, false); + coreGroup = carbonUM.addGroupWithID(group.getDisplayName(), members.toArray(new String[0])); if (log.isDebugEnabled()) { log.debug("Group: " + group.getDisplayName() + " is created through SCIM."); } } else { // Add other scim attributes in the identity DB since user store doesn't support some attributes. - SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); - scimGroupHandler.createSCIMAttributes(group); + // Commented by Lakshi as we don't need to save this in the identity DB if there is ID support + // enabled in user store level. +// SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); +// scimGroupHandler.createSCIMAttributes(group); // carbonUM.addRoleWithID(group.getDisplayName(), null, null, false); - coreGroup = carbonUM.addGroupWithID(group.getDisplayName(), null, null, false); + coreGroup = carbonUM.addGroupWithID(group.getDisplayName(), null); if (log.isDebugEnabled()) { log.debug("Group: " + group.getDisplayName() + " is created through SCIM."); @@ -2650,13 +2654,15 @@ public Group createGroup(Group group, Map requiredAttributes) group.setId(coreGroup.getGroupID()); } } catch (UserStoreException e) { - try { - SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); - scimGroupHandler.deleteGroupAttributes(group.getDisplayName()); - } catch (UserStoreException | IdentitySCIMException ex) { - throw resolveError(e, "Error occurred while doing rollback operation of the SCIM " + - "table entry for role: " + group.getDisplayName()); - } + // Commented by Lakshi as we don't need to save this in the identity DB if there is ID support + // enabled in user store level. +// try { +// SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); +// scimGroupHandler.deleteGroupAttributes(group.getDisplayName()); +// } catch (UserStoreException | IdentitySCIMException ex) { +// throw resolveError(e, "Error occurred while doing rollback operation of the SCIM " + +// "table entry for role: " + group.getDisplayName()); +// } handleErrorsOnRoleNamePolicy(e); throw resolveError(e, "Error occurred while adding role : " + group.getDisplayName()); } catch (IdentitySCIMException | BadRequestException e) { From b6b1bc3a5d55d5dc651e2d5702258d15128db4e8 Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Tue, 15 Aug 2023 14:04:26 +0530 Subject: [PATCH 06/14] Implement group creation flow when group ID is not enabled in userstore --- .../scim2/common/impl/SCIMUserManager.java | 9 +++++-- .../common/listener/SCIMGroupResolver.java | 26 +++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java index 07cade462..981442a9c 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java @@ -2632,7 +2632,11 @@ public Group createGroup(Group group, Map requiredAttributes) // SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); // scimGroupHandler.createSCIMAttributes(group); // carbonUM.addRoleWithID(group.getDisplayName(), members.toArray(new String[0]), null, false); - coreGroup = carbonUM.addGroupWithID(group.getDisplayName(), members.toArray(new String[0])); +// public org.wso2.carbon.user.core.common.Group addGroupWithID(String groupName, String[] userIDList, String displayName, String groupID, Date createdDate, +// Date lastModifiedDate, String location, int tenantId) throws +// org.wso2.carbon.user.core.UserStoreException { + coreGroup = carbonUM.addGroupWithID(group.getDisplayName(), members.toArray(new String[0]), group.getDisplayName(), + group.getId(), group.getCreatedDate(), group.getLastModified(), group.getLocation()); if (log.isDebugEnabled()) { log.debug("Group: " + group.getDisplayName() + " is created through SCIM."); } @@ -2643,7 +2647,8 @@ public Group createGroup(Group group, Map requiredAttributes) // SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); // scimGroupHandler.createSCIMAttributes(group); // carbonUM.addRoleWithID(group.getDisplayName(), null, null, false); - coreGroup = carbonUM.addGroupWithID(group.getDisplayName(), null); + coreGroup = carbonUM.addGroupWithID(group.getDisplayName(), null, group.getDisplayName(), + group.getId(), group.getCreatedDate(), group.getLastModified(), group.getLocation()); if (log.isDebugEnabled()) { log.debug("Group: " + group.getDisplayName() + " is created through SCIM."); diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java index 98992ab49..3c549feae 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java @@ -42,8 +42,14 @@ import org.wso2.carbon.user.core.model.ExpressionCondition; import org.wso2.carbon.user.core.model.OperationalCondition; import org.wso2.carbon.user.core.util.UserCoreUtil; +import org.wso2.charon3.core.exceptions.CharonException; import org.wso2.charon3.core.schema.SCIMConstants; +import org.wso2.charon3.core.utils.AttributeUtil; +import java.time.LocalDate; +import java.time.LocalDateTime; +import java.util.Date; +import java.util.HashMap; import java.util.List; import java.util.Map; @@ -620,4 +626,24 @@ private String createSearchValueForEwOperation(String attributeName, String filt return delimiter + attributeValue; } } + + @Override + public void addGroup(String groupID, Date createdDate, Date lastModifiedDate, String location, + String displayName, int tenantId) throws UserStoreException { + + try { + Map attributes = new HashMap<>(); + attributes.put(SCIMConstants.CommonSchemaConstants.ID_URI, groupID); + attributes.put(SCIMConstants.CommonSchemaConstants.CREATED_URI, AttributeUtil.formatDateTime( + createdDate.toInstant())); + attributes.put(SCIMConstants.CommonSchemaConstants.LAST_MODIFIED_URI, AttributeUtil.formatDateTime( + lastModifiedDate.toInstant())); + attributes.put(SCIMConstants.CommonSchemaConstants.LOCATION_URI, location); + GroupDAO groupDAO = new GroupDAO(); + groupDAO.addSCIMGroupAttributes(tenantId, displayName, attributes); + } catch (IdentitySCIMException e) { + throw new UserStoreException(String.format("Error occurred while saving the " + + "group: %s in tenant: %s", displayName, tenantId), e); + } + } } From c78b3a0510fb94e3d0cecdec5137f6ef8610b8dc Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Tue, 15 Aug 2023 14:06:41 +0530 Subject: [PATCH 07/14] Implement group creation flow when group ID is not enabled in userstore - fix a minor issue --- .../carbon/identity/scim2/common/impl/SCIMUserManager.java | 3 --- 1 file changed, 3 deletions(-) diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java index 981442a9c..e90a87be7 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java @@ -2632,9 +2632,6 @@ public Group createGroup(Group group, Map requiredAttributes) // SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); // scimGroupHandler.createSCIMAttributes(group); // carbonUM.addRoleWithID(group.getDisplayName(), members.toArray(new String[0]), null, false); -// public org.wso2.carbon.user.core.common.Group addGroupWithID(String groupName, String[] userIDList, String displayName, String groupID, Date createdDate, -// Date lastModifiedDate, String location, int tenantId) throws -// org.wso2.carbon.user.core.UserStoreException { coreGroup = carbonUM.addGroupWithID(group.getDisplayName(), members.toArray(new String[0]), group.getDisplayName(), group.getId(), group.getCreatedDate(), group.getLastModified(), group.getLocation()); if (log.isDebugEnabled()) { From 7b07591a4a1ebf1ba37ed69d7a78bcb42c568c62 Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Tue, 15 Aug 2023 17:07:17 +0530 Subject: [PATCH 08/14] Implement logic related to group deletion when group ID is not enabled --- .../common/listener/SCIMGroupResolver.java | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java index 3c549feae..1311b3c15 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java @@ -646,4 +646,23 @@ public void addGroup(String groupID, Date createdDate, Date lastModifiedDate, St "group: %s in tenant: %s", displayName, tenantId), e); } } + + @Override + public void deleteGroup(String groupName, int tenantId) throws UserStoreException { + + try { + GroupDAO groupDAO = new GroupDAO(); + if (groupDAO.isExistingGroup(groupName, tenantId)) { + groupDAO.removeSCIMGroup(tenantId, groupName); + } else { + if (log.isDebugEnabled()) { + log.debug("Information for the group: " + groupName + + " doesn't contain in the identity scim table."); + } + } + } catch (IdentitySCIMException e) { + throw new UserStoreException(String.format("Error occurred while deleting the " + + "group: %s in tenant: %s", groupName, tenantId), e); + } + } } From e3c968a0055c6c30fcef9dbdf89bd9638a0e2845 Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Wed, 16 Aug 2023 13:02:18 +0530 Subject: [PATCH 09/14] Refactoring --- .../scim2/common/impl/SCIMUserManager.java | 41 +++---------------- .../common/listener/SCIMGroupResolver.java | 25 ++++++----- 2 files changed, 20 insertions(+), 46 deletions(-) diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java index e90a87be7..fd6a9ea24 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java @@ -2626,26 +2626,15 @@ public Group createGroup(Group group, Map requiredAttributes) } } } - // Add other scim attributes in the identity DB since user store doesn't support some attributes. - // Commented by Lakshi as we don't need to save this in the identity DB if there is ID support - // enabled in user store level. -// SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); -// scimGroupHandler.createSCIMAttributes(group); -// carbonUM.addRoleWithID(group.getDisplayName(), members.toArray(new String[0]), null, false); - coreGroup = carbonUM.addGroupWithID(group.getDisplayName(), members.toArray(new String[0]), group.getDisplayName(), - group.getId(), group.getCreatedDate(), group.getLastModified(), group.getLocation()); + coreGroup = carbonUM.addGroupWithID(group.getDisplayName(), group.getId(), + members.toArray(new String[0]), group.getCreatedDateTime(), group.getLastModifiedDateTime(), + group.getLocation()); if (log.isDebugEnabled()) { log.debug("Group: " + group.getDisplayName() + " is created through SCIM."); } } else { - // Add other scim attributes in the identity DB since user store doesn't support some attributes. - // Commented by Lakshi as we don't need to save this in the identity DB if there is ID support - // enabled in user store level. -// SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); -// scimGroupHandler.createSCIMAttributes(group); -// carbonUM.addRoleWithID(group.getDisplayName(), null, null, false); - coreGroup = carbonUM.addGroupWithID(group.getDisplayName(), null, group.getDisplayName(), - group.getId(), group.getCreatedDate(), group.getLastModified(), group.getLocation()); + coreGroup = carbonUM.addGroupWithID(group.getDisplayName(), group.getId(), null, + group.getCreatedDateTime(), group.getLastModifiedDateTime(), group.getLocation()); if (log.isDebugEnabled()) { log.debug("Group: " + group.getDisplayName() + " is created through SCIM."); @@ -2656,15 +2645,6 @@ public Group createGroup(Group group, Map requiredAttributes) group.setId(coreGroup.getGroupID()); } } catch (UserStoreException e) { - // Commented by Lakshi as we don't need to save this in the identity DB if there is ID support - // enabled in user store level. -// try { -// SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); -// scimGroupHandler.deleteGroupAttributes(group.getDisplayName()); -// } catch (UserStoreException | IdentitySCIMException ex) { -// throw resolveError(e, "Error occurred while doing rollback operation of the SCIM " + -// "table entry for role: " + group.getDisplayName()); -// } handleErrorsOnRoleNamePolicy(e); throw resolveError(e, "Error occurred while adding role : " + group.getDisplayName()); } catch (IdentitySCIMException | BadRequestException e) { @@ -2787,11 +2767,6 @@ public void deleteGroup(String groupId) throws NotFoundException, CharonExceptio // Set thread local property to signal the downstream SCIMUserOperationListener // about the provisioning route. SCIMCommonUtils.setThreadLocalIsManagedThroughSCIMEP(true); - - // Get group name by id. -// SCIMGroupHandler groupHandler = new SCIMGroupHandler(carbonUM.getTenantId()); -// String groupName = groupHandler.getGroupName(groupId); - String groupName = carbonUM.getGroupNameByGroupId(groupId); if (groupName != null) { @@ -2816,11 +2791,9 @@ public void deleteGroup(String groupId) throws NotFoundException, CharonExceptio } //delete group in carbon UM -// carbonUM.deleteRole(groupName); carbonUM.deleteGroupWithID(groupId); carbonUM.removeGroupRoleMappingByGroupName(groupName); - //we do not update Identity_SCIM DB here since it is updated in SCIMUserOperationListener's methods. if (log.isDebugEnabled()) { log.debug("Group: " + groupName + " is deleted through SCIM."); } @@ -2834,10 +2807,6 @@ public void deleteGroup(String groupId) throws NotFoundException, CharonExceptio } catch (UserStoreException e) { throw resolveError(e, "Error occurred while deleting group " + groupId); } -// catch (IdentitySCIMException e) { -// throw new CharonException("Error occurred while deleting group " + groupId, e); -// } - } @Override diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java index 1311b3c15..e6af23a0c 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java @@ -48,6 +48,7 @@ import java.time.LocalDate; import java.time.LocalDateTime; +import java.time.ZoneOffset; import java.util.Date; import java.util.HashMap; import java.util.List; @@ -628,27 +629,30 @@ private String createSearchValueForEwOperation(String attributeName, String filt } @Override - public void addGroup(String groupID, Date createdDate, Date lastModifiedDate, String location, - String displayName, int tenantId) throws UserStoreException { + public boolean addGroup(String displayName, String groupID, LocalDateTime createdDate, + LocalDateTime lastModifiedDate, String location, int tenantId) throws UserStoreException { + + Map attributes = new HashMap<>(); + attributes.put(SCIMConstants.CommonSchemaConstants.ID_URI, groupID); + attributes.put(SCIMConstants.CommonSchemaConstants.CREATED_URI, AttributeUtil.formatDateTime( + createdDate.toInstant(ZoneOffset.UTC))); + attributes.put(SCIMConstants.CommonSchemaConstants.LAST_MODIFIED_URI, AttributeUtil.formatDateTime( + lastModifiedDate.toInstant(ZoneOffset.UTC))); + attributes.put(SCIMConstants.CommonSchemaConstants.LOCATION_URI, location); try { - Map attributes = new HashMap<>(); - attributes.put(SCIMConstants.CommonSchemaConstants.ID_URI, groupID); - attributes.put(SCIMConstants.CommonSchemaConstants.CREATED_URI, AttributeUtil.formatDateTime( - createdDate.toInstant())); - attributes.put(SCIMConstants.CommonSchemaConstants.LAST_MODIFIED_URI, AttributeUtil.formatDateTime( - lastModifiedDate.toInstant())); - attributes.put(SCIMConstants.CommonSchemaConstants.LOCATION_URI, location); GroupDAO groupDAO = new GroupDAO(); groupDAO.addSCIMGroupAttributes(tenantId, displayName, attributes); } catch (IdentitySCIMException e) { throw new UserStoreException(String.format("Error occurred while saving the " + "group: %s in tenant: %s", displayName, tenantId), e); } + + return true; } @Override - public void deleteGroup(String groupName, int tenantId) throws UserStoreException { + public boolean deleteGroup(String groupName, int tenantId) throws UserStoreException { try { GroupDAO groupDAO = new GroupDAO(); @@ -664,5 +668,6 @@ public void deleteGroup(String groupName, int tenantId) throws UserStoreExceptio throw new UserStoreException(String.format("Error occurred while deleting the " + "group: %s in tenant: %s", groupName, tenantId), e); } + return true; } } From d46517319779de8401990d1383772a54df9809e0 Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Wed, 16 Aug 2023 15:51:08 +0530 Subject: [PATCH 10/14] Refactoring --- .../identity/scim2/common/listener/SCIMGroupResolver.java | 4 ---- 1 file changed, 4 deletions(-) diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java index e6af23a0c..90b353fdb 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java @@ -42,14 +42,11 @@ import org.wso2.carbon.user.core.model.ExpressionCondition; import org.wso2.carbon.user.core.model.OperationalCondition; import org.wso2.carbon.user.core.util.UserCoreUtil; -import org.wso2.charon3.core.exceptions.CharonException; import org.wso2.charon3.core.schema.SCIMConstants; import org.wso2.charon3.core.utils.AttributeUtil; -import java.time.LocalDate; import java.time.LocalDateTime; import java.time.ZoneOffset; -import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -647,7 +644,6 @@ public boolean addGroup(String displayName, String groupID, LocalDateTime create throw new UserStoreException(String.format("Error occurred while saving the " + "group: %s in tenant: %s", displayName, tenantId), e); } - return true; } From 5bddfc3fd9b847d707c6275689489bc5b63b798f Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Wed, 16 Aug 2023 15:54:00 +0530 Subject: [PATCH 11/14] Refactoring --- .../wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java | 1 + 1 file changed, 1 insertion(+) diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java index fd6a9ea24..d67654636 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java @@ -2807,6 +2807,7 @@ public void deleteGroup(String groupId) throws NotFoundException, CharonExceptio } catch (UserStoreException e) { throw resolveError(e, "Error occurred while deleting group " + groupId); } + } @Override From a2a9d3b80927042a91efff04c2b78b754a9f77c4 Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Fri, 18 Aug 2023 11:57:09 +0530 Subject: [PATCH 12/14] Add isExistingGroup method call --- .../wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java index d67654636..734e985a1 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java @@ -2576,7 +2576,7 @@ public Group createGroup(Group group, Map requiredAttributes) } group.setDisplayName(roleNameWithDomain); //check if the group already exists - if (carbonUM.isExistingRole(group.getDisplayName(), false)) { + if (carbonUM.isExistingGroup(group.getDisplayName())) { String error = "Group with name: " + group.getDisplayName() + " already exists in the system."; throw new ConflictException(error); } From cb9fc4360a205315b8a3880972d86c50d3fc6251 Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Thu, 24 Aug 2023 14:01:11 +0530 Subject: [PATCH 13/14] Enable group name update with group specific functions --- .../identity/scim2/common/DAO/GroupDAO.java | 28 +++++++++++++++++++ .../scim2/common/impl/SCIMUserManager.java | 2 +- .../common/listener/SCIMGroupResolver.java | 18 ++++++++++++ 3 files changed, 47 insertions(+), 1 deletion(-) diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/DAO/GroupDAO.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/DAO/GroupDAO.java index 9ba867766..2829b3e6b 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/DAO/GroupDAO.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/DAO/GroupDAO.java @@ -548,4 +548,32 @@ private String removePrimaryDomainName(String roleName) { return roleName; } } + + public void updateGroupName(int tenantId, String oldGroupName, String newGroupName) + throws IdentitySCIMException { + Connection connection = IdentityDatabaseUtil.getDBConnection(); + PreparedStatement prepStmt = null; + + if (isExistingGroup(SCIMCommonUtils.getGroupNameWithDomain(oldGroupName), tenantId)) { + try { + prepStmt = connection.prepareStatement(SQLQueries.UPDATE_GROUP_NAME_SQL); + + prepStmt.setString(1, SCIMCommonUtils.getGroupNameWithDomain(newGroupName)); + prepStmt.setInt(2, tenantId); + prepStmt.setString(3, SCIMCommonUtils.getGroupNameWithDomain(oldGroupName)); + + int count = prepStmt.executeUpdate(); + if (log.isDebugEnabled()) { + log.debug("No. of records updated for updating SCIM Group : " + count); + } + connection.commit(); + } catch (SQLException e) { + throw new IdentitySCIMException("Error updating the SCIM Group Attributes", e); + } finally { + IdentityDatabaseUtil.closeAllConnections(connection, null, prepStmt); + } + } else { + throw new IdentitySCIMException("Error when updating group name of the group: " + oldGroupName); + } + } } diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java index 734e985a1..00354a004 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java @@ -3498,7 +3498,7 @@ private void setGroupDisplayName(String oldGroupName, String newGroupName) if (!StringUtils.equals(oldGroupName, newGroupName)) { // Update group name in carbon UM. - carbonUM.updateRoleName(oldGroupName, newGroupName); + carbonUM.updateNameOfGroup(oldGroupName, newGroupName); } } diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java index 90b353fdb..194c1534f 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/listener/SCIMGroupResolver.java @@ -666,4 +666,22 @@ public boolean deleteGroup(String groupName, int tenantId) throws UserStoreExcep } return true; } + + @Override + public boolean updateGroupName(String oldGroupName, String newGroupName, int tenantID) throws UserStoreException { + + try { + GroupDAO groupDAO = new GroupDAO(); + if (groupDAO.isExistingGroup(oldGroupName, tenantID)) { + groupDAO.updateGroupName(tenantID, oldGroupName, newGroupName); + } else { + log.warn("Non-existent group: " + oldGroupName + " is trying to be updated.."); + } + + } catch (IdentitySCIMException e) { + throw new UserStoreException(String.format("Error occurred while updating the " + + "group: %s in tenant: %s", oldGroupName, tenantID), e); + } + return true; + } } From dae629c37f56712ec3bd0cd06e7cedde3ce6bf8a Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Fri, 25 Aug 2023 18:46:16 +0530 Subject: [PATCH 14/14] Call for group specific update methods in core --- .../identity/scim2/common/impl/SCIMUserManager.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java index 00354a004..c5a4f3008 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java @@ -3400,7 +3400,7 @@ private void doPatchGroup(String groupId, String currentGroupName, Map