diff --git a/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/SharedRoleMgtHandler.java b/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/SharedRoleMgtHandler.java index 772139108..6dd8f8d3c 100644 --- a/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/SharedRoleMgtHandler.java +++ b/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/SharedRoleMgtHandler.java @@ -20,6 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; import org.wso2.carbon.identity.event.IdentityEventConstants; import org.wso2.carbon.identity.event.IdentityEventException; import org.wso2.carbon.identity.event.event.Event; @@ -37,6 +38,7 @@ import org.wso2.carbon.identity.role.v2.mgt.core.RoleBasicInfo; import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants; import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService; +import org.wso2.carbon.utils.multitenancy.MultitenantConstants; import java.util.Collections; import java.util.List; @@ -78,7 +80,7 @@ public void handleEvent(Event event) throws IdentityEventException { } } - private void createSubOrgRolesOnNewOrgCreation(Map eventProperties) { + private void createSubOrgRolesOnNewOrgCreation(Map eventProperties) throws IdentityEventException { try { Organization organization = (Organization) eventProperties.get(Constants.EVENT_PROP_ORGANIZATION); @@ -90,7 +92,7 @@ private void createSubOrgRolesOnNewOrgCreation(Map eventProperti ParentOrganizationDO parentOrg = organization.getParent(); String parentOrgId = parentOrg.getId(); // Get parent organization's roles which has organization audience. - String filter = "audienceId eq " + parentOrg.getId(); + String filter = RoleConstants.AUDIENCE_ID + " " + RoleConstants.EQ + " " + parentOrg.getId(); String parenTenantDomain = getOrganizationManager().resolveTenantDomain(parentOrgId); List parentOrgRoles = getRoleManagementServiceV2().getRoles(filter, null, 0, null, null, parenTenantDomain); @@ -106,16 +108,13 @@ private void createSubOrgRolesOnNewOrgCreation(Map eventProperti subOrgRole.getId(), parenTenantDomain, subOrgTenantDomain); } } catch (OrganizationManagementException e) { - // TODO : handle exception - throw new RuntimeException(e); + throw new IdentityEventException("Error occurred while resolving organization id from tenant domain.", e); } catch (IdentityRoleManagementException e) { - // TODO : handle exception - throw new RuntimeException(e); + throw new IdentityEventException("Error occurred while adding main role to shared role relationship.", e); } - } - private void createSubOrgRolesOnNewRoleCreation(Map eventProperties) { + private void createSubOrgRolesOnNewRoleCreation(Map eventProperties) throws IdentityEventException { try { String mainRoleUUID = (String) eventProperties.get(IdentityEventConstants.EventProperty.ROLE_ID); @@ -125,7 +124,7 @@ private void createSubOrgRolesOnNewRoleCreation(Map eventPropert String roleAudienceId = (String) eventProperties.get(IdentityEventConstants.EventProperty.AUDIENCE_ID); String roleOrgId = getOrganizationManager().resolveOrganizationId(roleTenantDomain); boolean isPrimaryOrganization = getOrganizationManager().isPrimaryOrganization(roleOrgId); - if (!isPrimaryOrganization) { + if (!isPrimaryOrganization && !MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(roleTenantDomain)) { return; } switch (roleAudienceType) { @@ -176,15 +175,13 @@ private void createSubOrgRolesOnNewRoleCreation(Map eventPropert LOG.error("Unsupported audience type: " + roleAudienceType); } } catch (OrganizationManagementException e) { - // TODO : handle exception - LOG.debug(e.getMessage()); + throw new IdentityEventException("Error occurred while retrieving shared applications.", e); } catch (IdentityRoleManagementException e) { - // TODO : handle exception - throw new RuntimeException(e); + throw new IdentityEventException("Error occurred while adding main role to shared role relationship.", e); } } - private void createSubOrgRolesOnAppSharing(Map eventProperties) { + private void createSubOrgRolesOnAppSharing(Map eventProperties) throws IdentityEventException { String parentOrganizationId = (String) eventProperties.get(OrgApplicationMgtConstants.EVENT_PROP_PARENT_ORGANIZATION_ID); @@ -194,33 +191,40 @@ private void createSubOrgRolesOnAppSharing(Map eventProperties) (String) eventProperties.get(OrgApplicationMgtConstants.EVENT_PROP_SHARED_ORGANIZATION_ID); String sharedApplicationId = (String) eventProperties.get(OrgApplicationMgtConstants.EVENT_PROP_SHARED_APPLICATION_ID); - boolean hasAppAudiencedRoles = true; - // TODO: check application is using the application audience roles. - if (hasAppAudiencedRoles) { + try { + String mainApplicationTenantDomain = getOrganizationManager().resolveTenantDomain(parentOrganizationId); + String allowedAudienceForRoleAssociation = + OrganizationManagementHandlerDataHolder.getInstance().getApplicationManagementService() + .getAllowedAudienceForRoleAssociation(parentApplicationId, mainApplicationTenantDomain); + boolean hasAppAudiencedRoles = + RoleConstants.APPLICATION.equalsIgnoreCase(allowedAudienceForRoleAssociation); + if (!hasAppAudiencedRoles) { + return; + } // Create the role if not exists, and add the relationship. - try { - String mainApplicationTenantDomain = getOrganizationManager().resolveTenantDomain(parentOrganizationId); - String sharedApplicationTenantDomain = - getOrganizationManager().resolveTenantDomain(sharedOrganizationId); - // Get parent organization's roles which has application audience. - String filter = "audienceId eq " + parentApplicationId; - List parentOrgRoles = - getRoleManagementServiceV2().getRoles(filter, null, 0, null, null, mainApplicationTenantDomain); - for (RoleBasicInfo parentOrgRole : parentOrgRoles) { - String parentOrgRoleName = parentOrgRole.getName(); - // Create the role in the sub org. - RoleBasicInfo subOrgRole = - getRoleManagementServiceV2().addRole(parentOrgRoleName, Collections.emptyList(), - Collections.emptyList(), Collections.emptyList(), RoleConstants.APPLICATION, - sharedApplicationId, sharedApplicationTenantDomain); - // Add relationship between parent org role and sub org role. - getRoleManagementServiceV2().addMainRoleToSharedRoleRelationship(parentOrgRole.getId(), - subOrgRole.getId(), mainApplicationTenantDomain, sharedApplicationTenantDomain); - } - } catch (OrganizationManagementException | IdentityRoleManagementException e) { - // TODO: handle exception - throw new RuntimeException(e); + String sharedApplicationTenantDomain = getOrganizationManager().resolveTenantDomain(sharedOrganizationId); + // Get parent organization's roles which has application audience. + String filter = RoleConstants.AUDIENCE_ID + " " + RoleConstants.EQ + " " + parentApplicationId; + List parentOrgRoles = + getRoleManagementServiceV2().getRoles(filter, null, 0, null, null, + mainApplicationTenantDomain); + for (RoleBasicInfo parentOrgRole : parentOrgRoles) { + String parentOrgRoleName = parentOrgRole.getName(); + // Create the role in the sub org. + RoleBasicInfo subOrgRole = + getRoleManagementServiceV2().addRole(parentOrgRoleName, Collections.emptyList(), + Collections.emptyList(), Collections.emptyList(), RoleConstants.APPLICATION, + sharedApplicationId, sharedApplicationTenantDomain); + // Add relationship between parent org role and sub org role. + getRoleManagementServiceV2().addMainRoleToSharedRoleRelationship(parentOrgRole.getId(), + subOrgRole.getId(), mainApplicationTenantDomain, sharedApplicationTenantDomain); } + } catch (IdentityApplicationManagementException e) { + throw new IdentityEventException("Error occurred checking main application allowed role audience.", e); + } catch (OrganizationManagementException e) { + throw new IdentityEventException("Error occurred while resolving tenant domain from organization id.", e); + } catch (IdentityRoleManagementException e) { + throw new IdentityEventException("Error occurred while adding main role to shared role relationship.", e); } } diff --git a/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/internal/OrganizationManagementHandlerDataHolder.java b/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/internal/OrganizationManagementHandlerDataHolder.java index 1f7cd7f1c..41f1d52a3 100644 --- a/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/internal/OrganizationManagementHandlerDataHolder.java +++ b/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/internal/OrganizationManagementHandlerDataHolder.java @@ -18,6 +18,7 @@ package org.wso2.carbon.identity.organization.management.handler.internal; +import org.wso2.carbon.identity.application.mgt.ApplicationManagementService; import org.wso2.carbon.identity.event.services.IdentityEventService; import org.wso2.carbon.identity.governance.IdentityGovernanceService; import org.wso2.carbon.identity.organization.management.application.OrgApplicationManager; @@ -37,6 +38,7 @@ public class OrganizationManagementHandlerDataHolder { private OrganizationManager organizationManager; private RoleManagementService roleManagementServiceV2; private OrgApplicationManager orgApplicationManager; + private ApplicationManagementService applicationManagementService; public static OrganizationManagementHandlerDataHolder getInstance() { @@ -142,5 +144,26 @@ public void setOrgApplicationManager(OrgApplicationManager orgApplicationManager this.orgApplicationManager = orgApplicationManager; } + + /** + * Get {@link ApplicationManagementService}. + * + * @return Application management instance {@link ApplicationManagementService}. + */ + public ApplicationManagementService getApplicationManagementService() { + + return applicationManagementService; + } + + /** + * Set {@link ApplicationManagementService}. + * + * @param applicationManagementService Instance of {@link ApplicationManagementService}. + */ + public void setApplicationManagementService( + ApplicationManagementService applicationManagementService) { + + this.applicationManagementService = applicationManagementService; + } } diff --git a/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/internal/OrganizationManagementHandlerServiceComponent.java b/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/internal/OrganizationManagementHandlerServiceComponent.java index fe5f5669e..9d13faabf 100644 --- a/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/internal/OrganizationManagementHandlerServiceComponent.java +++ b/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/internal/OrganizationManagementHandlerServiceComponent.java @@ -27,6 +27,7 @@ import org.osgi.service.component.annotations.Reference; import org.osgi.service.component.annotations.ReferenceCardinality; import org.osgi.service.component.annotations.ReferencePolicy; +import org.wso2.carbon.identity.application.mgt.ApplicationManagementService; import org.wso2.carbon.identity.event.handler.AbstractEventHandler; import org.wso2.carbon.identity.event.services.IdentityEventService; import org.wso2.carbon.identity.governance.IdentityGovernanceService; @@ -141,7 +142,7 @@ protected void unsetRoleManagementServiceV2(RoleManagementService roleManagement protected void setOrgApplicationManagementService(OrgApplicationManager orgApplicationManagementService) { OrganizationManagementHandlerDataHolder.getInstance().setOrgApplicationManager(orgApplicationManagementService); - LOG.debug("OrgApplication management service unset in OrganizationManagementHandlerService bundle."); + LOG.debug("OrgApplication management service set in OrganizationManagementHandlerService bundle."); } protected void unsetOrgApplicationManagementService(OrgApplicationManager orgApplicationManagementService) { @@ -149,4 +150,23 @@ protected void unsetOrgApplicationManagementService(OrgApplicationManager orgApp OrganizationManagementHandlerDataHolder.getInstance().setOrgApplicationManager(null); LOG.debug("OrgApplication management service unset in OrganizationManagementHandlerService bundle."); } + + @Reference( + name = "org.wso2.carbon.identity.application.mgt.ApplicationManagementService", + service = org.wso2.carbon.identity.application.mgt.ApplicationManagementService.class, + cardinality = ReferenceCardinality.MANDATORY, + policy = ReferencePolicy.DYNAMIC, + unbind = "unsetApplicationManagementService") + protected void setApplicationManagementService(ApplicationManagementService applicationManagementService) { + + OrganizationManagementHandlerDataHolder.getInstance() + .setApplicationManagementService(applicationManagementService); + LOG.debug("Application management service set in OrganizationManagementHandlerService bundle."); + } + + protected void unsetApplicationManagementService(ApplicationManagementService applicationManagementService) { + + OrganizationManagementHandlerDataHolder.getInstance().setApplicationManagementService(null); + LOG.debug("Application management service unset in OrganizationManagementHandlerService bundle."); + } }