Add hard limit for scim2/Users/.search API response

components/org.wso2.carbon.identity.scim2.common/pom.xml

@@ -156,6 +156,10 @@
  <groupId>org.wso2.carbon.identity.event.handler.accountlock</groupId>
  <artifactId>org.wso2.carbon.identity.handler.event.account.lock</artifactId>
  </dependency>
+ <dependency>
+ <groupId>org.wso2.carbon.identity.framework</groupId>
+ <artifactId>org.wso2.carbon.identity.configuration.mgt.core</artifactId>
+ </dependency>
  <dependency>
  <groupId>commons-lang</groupId>
  <artifactId>commons-lang</artifactId>
@@ -249,6 +253,7 @@
  org.wso2.carbon.identity.handler.event.account.lock.*;
  version="${carbon.identity.account.lock.handler.imp.pkg.version.range}",
  org.wso2.carbon.idp.mgt.*;version="${carbon.identity.framework.imp.pkg.version.range}",
+ org.wso2.carbon.identity.configuration.mgt.core.*; version="${carbon.identity.framework.imp.pkg.version.range}",
  </Import-Package>
  <Export-Package>
  !org.wso2.carbon.identity.scim2.common.internal,

components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java

@@ -39,6 +39,7 @@
 import org.wso2.carbon.identity.claim.metadata.mgt.model.ExternalClaim;
 import org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim;
 import org.wso2.carbon.identity.claim.metadata.mgt.util.ClaimConstants;
+import org.wso2.carbon.identity.configuration.mgt.core.exception.ConfigurationManagementException;
 import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
 import org.wso2.carbon.identity.event.IdentityEventConstants;
@@ -111,6 +112,7 @@
 import org.wso2.charon3.core.utils.codeutils.OperationNode;
 import org.wso2.charon3.core.utils.codeutils.PatchOperation;
 import org.wso2.charon3.core.utils.codeutils.SearchRequest;
+import org.wso2.carbon.identity.configuration.mgt.core.model.Resource;
 
 import java.time.Instant;
 import java.util.AbstractMap;
@@ -181,6 +183,9 @@ public class SCIMUserManager implements UserManager {
  private static final String ROLE_CLAIM = "http://wso2.org/claims/role";
  private boolean removeDuplicateUsersInUsersResponseEnabled = isRemoveDuplicateUsersInUsersResponseEnabled();
 
+ private static final String MAX_LIMIT_RESOURCE_TYPE_NAME = "response-max-limit-configurations";
+ private static final String MAX_LIMIT_RESOURCE_NAME = "user-response-limit";
+
  @Deprecated
  public SCIMUserManager(UserStoreManager carbonUserStoreManager, ClaimManager claimManager) {
 
@@ -622,11 +627,45 @@ public UsersGetResponse listUsersWithGET(Node rootNode, Integer startIndex, Inte
  public UsersGetResponse listUsersWithPost(SearchRequest searchRequest, Map<String, Boolean> requiredAttributes)
  throws CharonException, NotImplementedException, BadRequestException {
 
+ int count = searchRequest.getCount();
+
+ try {
+ if (!IdentityUtil.isConsiderServerWideUserEndpointMaxLimitEnabled()) {
+ Resource maxLimitResource = getResourceByTenantId(carbonUM.getTenantId());
+ if (maxLimitResource != null) {
+ count = maxLimitResource.getAttributes().stream()
+ .filter(item -> "userResponseMaxLimit".equals(item.getKey()))
+ .map(org.wso2.carbon.identity.configuration.mgt.core.model.Attribute::getValue)
+ .findFirst()
+ .map(Integer::parseInt)
+ .orElse(count); // Use the local count variable
+ }
+ } else {
+ count = SCIMCommonUtils.validateCountParameter(count);
+ }
+ } catch (org.wso2.carbon.user.core.UserStoreException e) {
+ log.error("Error occurred while getting the tenant name", e);
+ }
+
  return listUsersWithGET(searchRequest.getFilter(), (Integer) searchRequest.getStartIndex(),
- (Integer) searchRequest.getCount(), searchRequest.getSortBy(), searchRequest.getSortOder(),
+ (Integer) count, searchRequest.getSortBy(), searchRequest.getSortOder(),
  searchRequest.getDomainName(), requiredAttributes);
  }
 
+ private Resource getResourceByTenantId(int tenantId) throws org.wso2.carbon.user.core.UserStoreException {
+
+ try {
+ return SCIMCommonComponentHolder.getConfigurationManager()
+ .getResourceByTenantId(tenantId, MAX_LIMIT_RESOURCE_TYPE_NAME, MAX_LIMIT_RESOURCE_NAME);
+ } catch (ConfigurationManagementException e) {
+ if (log.isDebugEnabled()) {
+ log.debug("The user response maximum limit is not configured for the tenant: " +
+ tenantId);
+ }
+ return null;
+ }
+ }
+
  /**
  * Method to list users for given conditions.
  *

components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponent.java

@@ -29,6 +29,7 @@
 import org.osgi.service.component.annotations.ReferenceCardinality;
 import org.osgi.service.component.annotations.ReferencePolicy;
 import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementService;
+import org.wso2.carbon.identity.configuration.mgt.core.ConfigurationManager;
 import org.wso2.carbon.identity.core.util.IdentityCoreInitializedEvent;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
 import org.wso2.carbon.identity.event.handler.AbstractEventHandler;
@@ -388,6 +389,34 @@ protected void setIdentityEventService(IdentityEventService identityEventService
  SCIMCommonComponentHolder.setIdentityEventService(identityEventService);
  }
 
+ @Reference(
+ name = "resource.configuration.manager",
+ service = ConfigurationManager.class,
+ cardinality = ReferenceCardinality.MANDATORY,
+ policy = ReferencePolicy.DYNAMIC,
+ unbind = "unsetConfigurationManager"
+ )
+
+ /**
+ * This method is used to set the Configuration manager Service.
+ *
+ * @param configurationManager The Realm Service which needs to be set.
+ */
+ protected void setConfigurationManager(ConfigurationManager configurationManager) {
+
+ SCIMCommonComponentHolder.setConfigurationManager(configurationManager);
+ }
+
+ /**
+ * This method is used to unset the Configuration manager Service.
+ *
+ * @param configurationManager The Configuration manager Service which needs to unset.
+ */
+ protected void unsetConfigurationManager(ConfigurationManager configurationManager) {
+
+ SCIMCommonComponentHolder.setConfigurationManager(null);
+ }
+
  @Deactivate
  protected void deactivate(ComponentContext context) {
 

components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponentHolder.java

@@ -19,6 +19,7 @@
 package org.wso2.carbon.identity.scim2.common.internal;
 
 import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementService;
+import org.wso2.carbon.identity.configuration.mgt.core.ConfigurationManager;
 import org.wso2.carbon.identity.event.services.IdentityEventService;
 import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
 import org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreErrorResolver;
@@ -45,6 +46,7 @@ public class SCIMCommonComponentHolder {
  private static OrganizationManager organizationManager;
  private static IdpManager idpManager;
  private static IdentityEventService identityEventService;
+ private static ConfigurationManager configurationManager;
  private static final List<SCIMUserStoreErrorResolver> scimUserStoreErrorResolvers = new ArrayList<>();
 
  /**
@@ -225,4 +227,24 @@ public static void setIdentityEventService(IdentityEventService identityEventSer
 
  SCIMCommonComponentHolder.identityEventService = identityEventService;
  }
+
+ /**
+ * Get Configuration Manager.
+ *
+ * @return ConfigurationManager.
+ */
+ public static ConfigurationManager getConfigurationManager() {
+
+ return configurationManager;
+ }
+
+ /**
+ * Set Configuration manager.
+ *
+ * @param configurationManager Configuration Manager.
+ */
+ public static void setConfigurationManager(ConfigurationManager configurationManager) {
+
+ SCIMCommonComponentHolder.configurationManager = configurationManager;
+ }
 }

components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/SCIMCommonUtils.java

@@ -966,4 +966,24 @@ public static boolean isOrganization(String tenantDomain) throws CharonException
  throw new CharonException("Error occurred while checking the organization state.", e);
  }
  }
+
+ /**
+ * Validate the count query parameter.
+ *
+ * @param count Requested item count.
+ * @return Validated count parameter.
+ */
+ public static int validateCountParameter(Integer count) {
+
+ int maximumItemsPerPage = IdentityUtil.getMaximumItemPerPage();
+ if (count > maximumItemsPerPage) {
+ if (log.isDebugEnabled()) {
+ log.debug(String.format("Given limit exceeds the maximum limit. Therefore the limit is set to %s.",
+ maximumItemsPerPage));
+ }
+ return maximumItemsPerPage;
+ }
+
+ return count;
+ }
 }

pom.xml

@@ -183,6 +183,11 @@
  <scope>test</scope>
  <version>${identity.framework.version}</version>
  </dependency>
+ <dependency>
+ <groupId>org.wso2.carbon.identity.framework</groupId>
+ <artifactId>org.wso2.carbon.identity.configuration.mgt.core</artifactId>
+ <version>${identity.framework.version}</version>
+ </dependency>
  <dependency>
  <groupId>org.wso2.carbon.identity.organization.management.core</groupId>
  <artifactId>org.wso2.carbon.identity.organization.management.service</artifactId>
@@ -285,7 +290,7 @@
  <inbound.auth.oauth.version>6.5.3</inbound.auth.oauth.version>
  <commons-collections.version>3.2.0.wso2v1</commons-collections.version>
  <carbon.kernel.version>4.10.16</carbon.kernel.version>
- <identity.framework.version>7.0.112</identity.framework.version>
+ <identity.framework.version>7.3.59</identity.framework.version>
  <junit.version>4.13.1</junit.version>
  <commons.lang.version>20030203.000129</commons.lang.version>
  <identity.governance.version>1.8.12</identity.governance.version>