Add application roles for Users and Groups roles

components/org.wso2.carbon.identity.scim2.common/pom.xml

@@ -168,6 +168,11 @@
             <groupId>org.ops4j.pax.logging</groupId>
             <artifactId>pax-logging-api</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.framework</groupId>
+            <artifactId>org.wso2.carbon.identity.application.role.mgt</artifactId>
+            <scope>provided</scope>
+        </dependency>
     </dependencies>
     <build>
         <plugins>
@@ -217,6 +222,8 @@
                             version="${carbon.identity.framework.imp.pkg.version.range}",
                             org.wso2.carbon.identity.role.mgt.core.*;
                             version="${carbon.identity.framework.imp.pkg.version.range}",
+                            org.wso2.carbon.identity.application.role.mgt.*;
+                            version="${carbon.identity.framework.imp.pkg.version.range}",
                             org.wso2.carbon.user.mgt.*;version="${carbon.identity.framework.imp.pkg.version.range}"
                         </Import-Package>
                         <Export-Package>

components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java

@@ -32,6 +32,8 @@
 import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
 import org.wso2.carbon.identity.application.common.model.ServiceProvider;
 import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
+import org.wso2.carbon.identity.application.role.mgt.exceptions.ApplicationRoleManagementException;
+import org.wso2.carbon.identity.application.role.mgt.model.ApplicationRole;
 import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementService;
 import org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException;
 import org.wso2.carbon.identity.claim.metadata.mgt.model.ExternalClaim;
@@ -48,6 +50,7 @@
 import org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreErrorResolver;
 import org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreException;
 import org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler;
+import org.wso2.carbon.identity.scim2.common.internal.SCIMCommonComponent;
 import org.wso2.carbon.identity.scim2.common.internal.SCIMCommonComponentHolder;
 import org.wso2.carbon.identity.scim2.common.utils.AttributeMapper;
 import org.wso2.carbon.identity.scim2.common.utils.SCIMCommonConstants;
@@ -127,6 +130,8 @@
 
 import static org.apache.commons.collections.CollectionUtils.isNotEmpty;
 import static org.wso2.carbon.identity.core.util.IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR;
+import static org.wso2.carbon.identity.scim2.common.utils.SCIMCommonConstants.APP_ROLE_TYPE;
+import static org.wso2.carbon.identity.scim2.common.utils.SCIMCommonConstants.DEFAULT_ROLE_TYPE;
 import static org.wso2.carbon.identity.scim2.common.utils.SCIMCommonUtils.buildCustomSchema;
 import static org.wso2.carbon.identity.scim2.common.utils.SCIMCommonUtils.getCustomSchemaURI;
 import static org.wso2.carbon.identity.scim2.common.utils.SCIMCommonUtils
@@ -4232,7 +4237,21 @@ private void setRolesOfUser(List<String> rolesOfUser, Map<String, Group> groupMe
             role.setId(groupObject.getId());
             String location = SCIMCommonUtils.getSCIMRoleURL(groupObject.getId());
             role.setLocation(location);
-            scimUser.setRole(role);
+            scimUser.setRole(role, DEFAULT_ROLE_TYPE);
+        }
+
+        // Add application roles of the user
+        try {
+            List<ApplicationRole> applicationRoles = SCIMCommonComponentHolder.getApplicationRoleManager()
+                    .getApplicationRolesByUserId(scimUser.getId(), tenantDomain);
+            for(ApplicationRole applicationRole: applicationRoles) {
+                Role role = new Role();
+                role.setDisplayName(applicationRole.getRoleName());
+                role.setId(applicationRole.getRoleId());
+                scimUser.setRole(role, APP_ROLE_TYPE);
+            }
+        } catch (ApplicationRoleManagementException e) {
+            throw new IdentitySCIMException("Error while getting application roles", e);
         }
     }
 
@@ -4458,7 +4477,21 @@ private void setGroupRoles(Group group) throws org.wso2.carbon.user.core.UserSto
             role.setId(groupObject.getId());
             String location = SCIMCommonUtils.getSCIMRoleURL(groupObject.getId());
             role.setLocation(location);
-            group.setRole(role);
+            group.setRole(role, DEFAULT_ROLE_TYPE);
+        }
+
+        // Add application roles of the group
+        try {
+            List<ApplicationRole> applicationRoles = SCIMCommonComponentHolder.getApplicationRoleManager()
+                    .getApplicationRolesByGroupId(group.getId(), tenantDomain);
+            for(ApplicationRole applicationRole: applicationRoles) {
+                Role role = new Role();
+                role.setDisplayName(applicationRole.getRoleName());
+                role.setId(applicationRole.getRoleId());
+                group.setRole(role, APP_ROLE_TYPE);
+            }
+        } catch (ApplicationRoleManagementException e) {
+            throw new IdentitySCIMException("Error while getting application roles", e);
         }
     }
 

components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponent.java

@@ -28,6 +28,7 @@
 import org.osgi.service.component.annotations.Reference;
 import org.osgi.service.component.annotations.ReferenceCardinality;
 import org.osgi.service.component.annotations.ReferencePolicy;
+import org.wso2.carbon.identity.application.role.mgt.ApplicationRoleManager;
 import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementService;
 import org.wso2.carbon.identity.core.util.IdentityCoreInitializedEvent;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
@@ -266,6 +267,36 @@ protected void unsetRoleManagementService(RoleManagementService roleManagementSe
         SCIMCommonComponentHolder.setRoleManagementService(null);
     }
 
+    /**
+     * Set application role manager implementation.
+     *
+     * @param applicationRoleManager ApplicationRoleManager
+     */
+    @Reference(
+            name = "identity.application.role.mgt.component",
+            service = org.wso2.carbon.identity.application.role.mgt.ApplicationRoleManager.class,
+            cardinality = ReferenceCardinality.MANDATORY,
+            policy = ReferencePolicy.DYNAMIC,
+            unbind = "unsetApplicationRoleManager")
+    protected void setApplicationRoleManager(ApplicationRoleManager applicationRoleManager) {
+
+        if (logger.isDebugEnabled()) {
+            logger.debug("ApplicationRoleManager set in SCIMCommonComponent bundle.");
+        }
+        SCIMCommonComponentHolder.setApplicationRoleManager(applicationRoleManager);
+    }
+
+    /**
+     * Unset application role manager implementation.
+     */
+    protected void unsetApplicationRoleManager(ApplicationRoleManager applicationRoleManager) {
+
+        if (logger.isDebugEnabled()) {
+            logger.debug("ApplicationRoleManager unset in SCIMCommonComponent bundle.");
+        }
+        SCIMCommonComponentHolder.setApplicationRoleManager(null);
+    }
+
     /**
      * Set SCIMUserStoreErrorResolver implementation
      *
@@ -287,6 +318,7 @@ protected void unsetScimUserStoreErrorResolver(SCIMUserStoreErrorResolver scimUs
         SCIMCommonComponentHolder.removeScimUserStoreErrorResolver(scimUserStoreErrorResolver);
     }
 
+
     @Deactivate
     protected void deactivate(ComponentContext context) {
 

components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponentHolder.java

@@ -18,6 +18,7 @@
 
 package org.wso2.carbon.identity.scim2.common.internal;
 
+import org.wso2.carbon.identity.application.role.mgt.ApplicationRoleManager;
 import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementService;
 import org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreErrorResolver;
 import org.wso2.carbon.user.core.service.RealmService;
@@ -38,6 +39,7 @@ public class SCIMCommonComponentHolder {
     private static ClaimMetadataManagementService claimManagementService;
     private static RolePermissionManagementService rolePermissionManagementService;
     private static RoleManagementService roleManagementService;
+    private static ApplicationRoleManager applicationRoleManager;
     private static final List<SCIMUserStoreErrorResolver> scimUserStoreErrorResolvers = new ArrayList<>();
 
     /**
@@ -120,6 +122,26 @@ public static RoleManagementService getRoleManagementService() {
         return roleManagementService;
     }
 
+    /**
+     * Set application role management service.
+     *
+     * @param applicationRoleManager ApplicationRoleManager.
+     */
+    public static void setApplicationRoleManager(ApplicationRoleManager applicationRoleManager) {
+
+        SCIMCommonComponentHolder.applicationRoleManager = applicationRoleManager;
+    }
+
+    /**
+     * Get role management service.
+     *
+     * @return RoleManagementService.
+     */
+    public static ApplicationRoleManager getApplicationRoleManager() {
+
+        return applicationRoleManager;
+    }
+
     public static List<SCIMUserStoreErrorResolver> getScimUserStoreErrorResolverList() {
 
         return scimUserStoreErrorResolvers;

components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/SCIMCommonConstants.java

@@ -141,6 +141,8 @@ public class SCIMCommonConstants {
     public static final String MIN_LENGTH = "minLength";
     public static final String MAX_LENGTH = "maxLength";
     public static final String REQUIRED = "required";
+    public static final String DEFAULT_ROLE_TYPE = "default";
+    public static final String APP_ROLE_TYPE = "application";
 
 
     private static final Map<String, String> groupAttributeSchemaMap = new HashMap<>();

components/org.wso2.carbon.identity.scim2.common/src/test/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManagerTest.java

@@ -36,6 +36,7 @@
 import org.wso2.carbon.identity.application.common.model.InboundProvisioningConfig;
 import org.wso2.carbon.identity.application.common.model.ServiceProvider;
 import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
+import org.wso2.carbon.identity.application.role.mgt.ApplicationRoleManager;
 import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataHandler;
 import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementService;
 import org.wso2.carbon.identity.claim.metadata.mgt.model.AttributeMapping;
@@ -195,6 +196,9 @@ public class SCIMUserManagerTest extends PowerMockTestCase {
     @Mock
     private RolePermissionManagementService mockedRolePermissionManagementService;
 
+    @Mock
+    private ApplicationRoleManager mockApplicationRoleManager;
+
 
     @BeforeMethod
     public void setUp() throws Exception {
@@ -314,6 +318,11 @@ public void testGetGroup(String groupId, String roleName, String userStoreDomain
         when(IdentityUtil.extractDomainFromName(anyString())).thenReturn(userStoreDomain);
         when(mockedUserStoreManager.getGroup(groupId, null)).
                 thenReturn(buildUserCoreGroupResponse(roleName, groupId, userStoreDomain));
+        mockStatic(SCIMCommonComponentHolder.class);
+        when(SCIMCommonComponentHolder.getApplicationRoleManager())
+                .thenReturn(mockApplicationRoleManager);
+        when(mockApplicationRoleManager.getApplicationRolesByGroupId(anyString(), anyString()))
+                .thenReturn(new ArrayList<>());
         mockStatic(SCIMCommonUtils.class);
         when(SCIMCommonUtils.getSCIMGroupURL()).thenReturn("https://localhost:9443/scim2/Groups");
         SCIMUserManager scimUserManager = new SCIMUserManager(mockedUserStoreManager, mockedClaimManager);
@@ -400,6 +409,12 @@ public void testListGroupsWithFilter(String filter, String roleName, String user
         when(mockedGroupDAO.getSCIMGroupAttributes(0, "testRole")).thenReturn(attributes);
         when(IdentityUtil.extractDomainFromName(anyString())).thenReturn(userStoreDomain);
 
+        mockStatic(SCIMCommonComponentHolder.class);
+        when(SCIMCommonComponentHolder.getApplicationRoleManager())
+                .thenReturn(mockApplicationRoleManager);
+        when(mockApplicationRoleManager.getApplicationRolesByGroupId(anyString(), anyString()))
+                .thenReturn(new ArrayList<>());
+
         mockedUserStoreManager = PowerMockito.mock(AbstractUserStoreManager.class);
 
         MemberModifier.field(AbstractUserStoreManager.class, "userStoreManagerHolder")
@@ -956,6 +971,13 @@ public void testListApplicationRolesWithDomainParam(Map<String, Boolean> require
             when(abstractUserStoreManager.getGroupByGroupName(role, null)).
                     thenReturn(buildUserCoreGroupResponse(role, "123456789", null));
         }
+
+        mockStatic(SCIMCommonComponentHolder.class);
+        when(SCIMCommonComponentHolder.getApplicationRoleManager())
+                .thenReturn(mockApplicationRoleManager);
+        when(mockApplicationRoleManager.getApplicationRolesByGroupId(anyString(), anyString()))
+                .thenReturn(new ArrayList<>());
+
         whenNew(GroupDAO.class).withAnyArguments().thenReturn(mockedGroupDAO);
         when(mockedGroupDAO.isExistingGroup(anyString(), anyInt())).thenReturn(true);
         when(mockedGroupDAO.getSCIMGroupAttributes(anyInt(), anyString())).thenReturn(attributes);
@@ -1021,6 +1043,12 @@ public void testFilterApplicationRolesWithDomainParam(String filter, String[] ro
         mockStatic(SCIMCommonUtils.class);
         when(SCIMCommonUtils.getSCIMGroupURL()).thenReturn("https://localhost:9443/scim2/Groups");
 
+        mockStatic(SCIMCommonComponentHolder.class);
+        when(SCIMCommonComponentHolder.getApplicationRoleManager())
+                .thenReturn(mockApplicationRoleManager);
+        when(mockApplicationRoleManager.getApplicationRolesByGroupId(anyString(), anyString()))
+                .thenReturn(new ArrayList<>());
+
         SCIMUserManager scimUserManager = new SCIMUserManager(abstractUserStoreManager, mockedClaimManager);
         GroupsGetResponse groupsResponse = scimUserManager
                 .listGroupsWithGET(node, 1, null, null, null, "Application", requiredAttributes);
@@ -1370,6 +1398,12 @@ public void testGetUser(Boolean isGroupsVsRolesSeparationImprovementsEnabled, Ma
         when(IdentityUtil.getProperty(SCIMCommonConstants.ENABLE_LOGIN_IDENTIFIERS)).thenReturn(enableLoginIdentifiers);
         when(IdentityUtil.extractDomainFromName(anyString())).thenReturn("Internal");
 
+        mockStatic(SCIMCommonComponentHolder.class);
+        when(SCIMCommonComponentHolder.getApplicationRoleManager())
+                .thenReturn(mockApplicationRoleManager);
+        when(mockApplicationRoleManager.getApplicationRolesByGroupId(anyString(), anyString()))
+                .thenReturn(new ArrayList<>());
+
         PowerMockito.whenNew(SCIMGroupHandler.class).withArguments(anyInt()).thenReturn(mockedSCIMGroupHandler);
         when(mockedSCIMGroupHandler.listSCIMRoles()).thenReturn(scimRoles);
         when(mockedSCIMGroupHandler.getGroupWithAttributes(any(Group.class), anyString()))

pom.xml

@@ -160,6 +160,12 @@
                 <version>${identity.framework.version}</version>
                 <scope>provided</scope>
             </dependency>
+            <dependency>
+                <groupId>org.wso2.carbon.identity.framework</groupId>
+                <artifactId>org.wso2.carbon.identity.application.role.mgt</artifactId>
+                <version>${identity.framework.version}</version>
+                <scope>provided</scope>
+            </dependency>
             <dependency>
                 <groupId>org.wso2.carbon.identity.framework</groupId>
                 <artifactId>org.wso2.carbon.identity.testutil</artifactId>
@@ -258,7 +264,7 @@
         <inbound.auth.oauth.version>6.5.3</inbound.auth.oauth.version>
         <commons-collections.version>3.2.0.wso2v1</commons-collections.version>
         <carbon.kernel.version>4.9.4</carbon.kernel.version>
-        <identity.framework.version>5.25.143</identity.framework.version>
+        <identity.framework.version>5.25.287-SNAPSHOT</identity.framework.version>
         <junit.version>4.13.1</junit.version>
         <commons.lang.version>20030203.000129</commons.lang.version>
         <identity.governance.version>1.8.12</identity.governance.version>