Examples of org.wso2.carbon.user.api.UserRealm

• org.wso2.carbon.user.api.UserRealm
  The Realm of the WSO2 user Kernel. The realm represents a user store. This is a collection of interfaces. To enable WSO2 platform with a clustom realm, implement this interface and add the class to the class path. Provide the class name in the configuration file and the framework will pick the new realm code.

    public TopicRolePermission[] getTopicRolePermission(String topicName)
            throws EventBrokerException {
        String topicResoucePath = getResourcePath(topicName);
        List<TopicRolePermission> topicRolePermissions = new ArrayList<TopicRolePermission>();
        UserRealm userRealm = CarbonContext.getCurrentContext().getUserRealm();
        String adminRole =
                EventBrokerHolder.getInstance().getRealmService().
                        getBootstrapRealmConfiguration().getAdminRoleName();
        TopicRolePermission topicRolePermission;
        try {
            for (String role : userRealm.getUserStoreManager().getRoleNames()) {
                // remove admin role and anonymous role related permissions
                if (!(role.equals(adminRole) ||
                      CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME.equals(adminRole))) {
                    topicRolePermission = new TopicRolePermission();
                    topicRolePermission.setRoleName(role);
                    topicRolePermission.setAllowedToSubscribe(
                            userRealm.getAuthorizationManager().isRoleAuthorized(
                                    role, topicResoucePath, EventBrokerConstants.EB_PERMISSION_SUBSCRIBE));
                    topicRolePermission.setAllowedToPublish(
                            userRealm.getAuthorizationManager().isRoleAuthorized(
                                    role, topicResoucePath, EventBrokerConstants.EB_PERMISSION_PUBLISH));
                    topicRolePermissions.add(topicRolePermission);
                }
            }
            return topicRolePermissions.toArray(

    }

    public void updatePermissions(String topicName, TopicRolePermission[] topicRolePermissions)
            throws EventBrokerException {
        String topicResourcePath = getResourcePath(topicName);
        UserRealm userRealm = CarbonContext.getCurrentContext().getUserRealm();
        String role;
        String loggedInUser = CarbonContext.getCurrentContext().getUsername();
        try {
            if (!userRealm.getAuthorizationManager().isUserAuthorized(
                    loggedInUser, topicResourcePath,
                    EventBrokerConstants.EB_PERMISSION_CHANGE_PERMISSION)) {
                if (!JavaUtil.isAdmin(loggedInUser)) {
                    throw new EventBrokerException(" User " + loggedInUser + " can not change" +
                                                   " the permissions of " + topicName);
                }
            }
            for (TopicRolePermission topicRolePermission : topicRolePermissions) {
                role = topicRolePermission.getRoleName();
                if (topicRolePermission.isAllowedToSubscribe()) {
                    if (!userRealm.getAuthorizationManager().isRoleAuthorized(
                            role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_SUBSCRIBE)) {
                        userRealm.getAuthorizationManager().authorizeRole(
                                role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_SUBSCRIBE);
                    }
                } else {
                    if (userRealm.getAuthorizationManager().isRoleAuthorized(
                            role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_SUBSCRIBE)) {
                        userRealm.getAuthorizationManager().denyRole(
                                role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_SUBSCRIBE);
                    }
                }

                if (topicRolePermission.isAllowedToPublish()) {
                    if (!userRealm.getAuthorizationManager().isRoleAuthorized(
                            role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_PUBLISH)) {
                        userRealm.getAuthorizationManager().authorizeRole(
                                role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_PUBLISH);
                    }
                } else {
                    if (userRealm.getAuthorizationManager().isRoleAuthorized(
                            role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_PUBLISH)) {
                        userRealm.getAuthorizationManager().denyRole(
                                role, topicResourcePath, EventBrokerConstants.EB_PERMISSION_PUBLISH);
                    }
                }
            }
        } catch (UserStoreException e) {

     *
     * @return array of roles
     * @throws EventBrokerException if fails to get roles
     */
    public String[] getBackendRoles() throws EventBrokerException {
        UserRealm userRealm = CarbonContext.getCurrentContext().getUserRealm();
        try {
            String adminRole =
                    EventBrokerHolder.getInstance().getRealmService().
                            getBootstrapRealmConfiguration().getAdminRoleName();
            String[] allRoles = userRealm.getUserStoreManager().getRoleNames();
            // check if more roles available than admin role and anonymous role
            if (allRoles!=null && allRoles.length > 2) {
                String[] rolesExceptAdminRole = new String[allRoles.length - 2];
                int index = 0;
                for (String role : allRoles) {

            throw new UnsupportedOperationException(msg);
        }

        try {
            //TODO - get the realm for a special user that can be used to authorize other users - security team - already talked but need to implement
            UserRealm userRealm =
                    CassandraServerComponentManager.getInstance().getRealmForTenant(authenticatedUser.domainName);
            UserStoreManager userStoreManager = userRealm.getUserStoreManager();
            AuthorizationManager authorizationManager = userRealm.getAuthorizationManager();

            String tenantLessUsername = UserCoreUtil.getTenantLessUsername(authenticatedUser.username);

            switch (action) {
                case ADD: {

            String tenantDomain = UserCoreUtil.getTenantDomain(realmService, username);
            int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
            handleAuthenticationStarted(tenantId);
            String userNameWithDomain = username;
            username = UserCoreUtil.getTenantLessUsername(username);
            UserRealm realm = AnonymousSessionUtil.getRealmByTenantDomain(registryService,
                    realmService, tenantDomain);
            if (realm == null) {
                throw new AuthenticationException("Invalid domain or unactivated tenant login");
            }
            ServerConfiguration serverConfig = CarbonServicesServiceComponent
                    .getServerConfiguration();
            boolean isAuthenticated = realm.getUserStoreManager().authenticate(username, password);
            boolean isAuthorized = realm.getAuthorizationManager().isUserAuthorized(username,
                    "/permission/admin/login", CarbonConstants.UI_PERMISSION_ACTION);

            if (isAuthenticated && isAuthorized) {
                CarbonAuthenticationUtil.onSuccessAdminLogin(httpSession, username, tenantId,
                        tenantDomain, remoteAddress);

                data.setMaxAge(CarbonConstants.REMEMBER_ME_COOKIE_TTL);
                data.setValue(username + "-" + uuid);
                RealmService realmService = CarbonServicesServiceComponent.getRealmService();
                String tenantDomain = UserCoreUtil.getTenantDomain(realmService, username);
                int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
                UserRealm realm = realmService.getTenantUserRealm(tenantId);
                realm.getUserStoreManager().addRememberMe(username, uuid);
                data.setAuthenticated(true);
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new AuthenticationException(e.getMessage(), e);

            int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
            handleAuthenticationStarted(tenantId);

            String userName = UserCoreUtil.getTenantLessUsername(userNameWithTenant);
            String uuid = cookie.substring(index + 1);
            UserRealm realm = realmService.getTenantUserRealm(tenantId);
            boolean isAuthenticated = realm.getUserStoreManager().isValidRememberMeToken(userName,
                                                                                         uuid);
            boolean isAuthorized = false;
            if (isAuthenticated) {
                isAuthorized =
                               realm.getAuthorizationManager()
                                    .isUserAuthorized(userName,
                                                      "/permission/admin/login",
                                                      CarbonConstants.UI_PERMISSION_ACTION);
            }

            RealmService realmService = ServiceHolder.getRealmService();
            RegistryService registryService = ServiceHolder.getRegistryService();
            String tenantDomain = MultitenantUtils.getTenantDomain(username);
            int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);

            UserRealm userRealm = AnonymousSessionUtil.getRealmByTenantDomain(registryService, realmService, tenantDomain);
            if (userRealm == null) {
                log .error("Invalid domain or unactivated tenant login");
                // is this the correct HTTP code for this scenario ? (401)
                return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic").
                        type(MediaType.APPLICATION_JSON).entity(Utils.buildMessage("Tenant not found")).build();
            }
            username = MultitenantUtils.getTenantAwareUsername(username);
            if (userRealm.getUserStoreManager().authenticate(username, password)) {  // if authenticated

                // setting the correct tenant info for downstream code..
                PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                carbonContext.setTenantDomain(tenantDomain);
                carbonContext.setTenantId(tenantId);

            }
            // authorize using permissionString given as annotation in the service class
            String permissionString = authorizationActionMap.get(targetMethod.getName());

            // get the authorization manager for this tenant..
            UserRealm userRealm = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm();
            AuthorizationManager authorizationManager = userRealm.getAuthorizationManager();

            boolean isAuthorized = isAuthorized(authorizationManager, userName, permissionString, ACTION_ON_RESOURCE);
            return isAuthorized;

    }

                throw new Exception(msg, e);
            }
            tenant.setEmail(tenantInfoBean.getEmail());
        }

        UserRealm userRealm = configSystemRegistry.getUserRealm();
        try {
            userStoreManager = userRealm.getUserStoreManager();
        } catch (UserStoreException e) {
            String msg = "Error in getting the user store manager for tenant, tenant domain: " +
                    tenantDomain + ".";
            log.error(msg, e);
            throw new Exception(msg, e);