Examples of org.wso2.carbon.user.core.UserStoreException

org.wso2.carbon.user.core.UserStoreException
The exception to throw when there is a problem with the realm.

                        UserCoreConstants.RealmConfig.PROPERTY_ROLE_NAME_JAVA_REG_EX);
                String errorMsg = "Role name not valid. Role name must be a non null string " +
                                  "with following format, " + roleNameRegEx;


                logger.error(errorMsg);
                throw new UserStoreException(errorMsg);
            }
            if (isExistingRole(roleName)) {
                String errorMessage = "Can not add the role. Role name: " + roleName +
                                      " already exists.";
                logger.error(errorMessage);
                throw new UserStoreException(errorMessage);
            } else {
                /*there should be at least one member for an LDAP group if EMPTY_ROLES_ALLOWED is false.*/
                if (((userList == null) || (userList.length == 0)) && (!EMPTY_ROLES_ALLOWED)) {
                    String errorMessage = "Can not create empty role. There should be at least " +
                                          "one user for the role.";
                    logger.error(errorMessage);
                    throw new UserStoreException(errorMessage);


                } else if (((userList == null) && (EMPTY_ROLES_ALLOWED)) ||
                           ((userList.length > 0) && (!EMPTY_ROLES_ALLOWED)) ||
                           (EMPTY_ROLES_ALLOWED)) {
                    //if (userList.length > 0) {
                    DirContext mainDirContext = this.connectionSource.getContext();
                    DirContext groupContext = null;
                    NamingEnumeration<SearchResult> results = null;


                    try {
                        //create the attribute set for group entry
                        Attributes groupAttributes = new BasicAttributes(true);


                        //create group entry's object class attribute
                        Attribute objectClassAttribute = new BasicAttribute(
                                LDAPConstants.OBJECT_CLASS_NAME);
                        objectClassAttribute.add(realmConfig.getUserStoreProperty(
                                LDAPConstants.GROUP_ENTRY_OBJECT_CLASS));
                        groupAttributes.put(objectClassAttribute);


                        //create cn attribute
                        String groupNameAttributeName = realmConfig.getUserStoreProperties().get(
                                LDAPConstants.ROLE_NAME_ATTRIBUTE_NAME);
                        Attribute cnAttribute = new BasicAttribute(groupNameAttributeName);
                        cnAttribute.add(roleName);
                        groupAttributes.put(cnAttribute);
                        //following check is for if EMPTY_ROLES_ALLOWED made this code executed.
                        if ((userList != null) && (userList.length > 0)) {
                            String memberAttributeName = realmConfig.getUserStoreProperty(
                                    LDAPConstants.MEMBERSHIP_ATTRIBUTE);
                            Attribute memberAttribute = new BasicAttribute(memberAttributeName);
                            for (String userName : userList) {
                                //search the user in user search base
                                String searchFilter = realmConfig.getUserStoreProperty(
                                        LDAPConstants.USER_NAME_FILTER);
                                searchFilter = searchFilter.replace("?", userName);
                                results =
                                        searchInUserBase(searchFilter, new String[]{},
                                                         SearchControls.SUBTREE_SCOPE, mainDirContext);
                                //we assume only one user with the given user name under user search base.
                                SearchResult userResult = null;
                                if (results.hasMore()) {
                                    userResult = results.next();
                                } else {
                                    String errorMsg = "There is no user with the user name: " +
                                                      userName + " to be added to this role.";
                                    logger.error(errorMsg);
                                    throw new UserStoreException(errorMsg);
                                }
                                //get his DN
                                String userEntryDN = userResult.getNameInNamespace();
                                //put it as member-attribute value
                                memberAttribute.add(userEntryDN);
                            }
                            groupAttributes.put(memberAttribute);
                        }


                        groupContext = (DirContext) mainDirContext.lookup(GROUP_SEARCH_BASE);
                        groupContext.bind(groupNameAttributeName + "=" + roleName, null,
                                          groupAttributes);
                        //if permissions are assigned to role, add permission.
                        if (permissions != null) {
                            for (Permission permission : permissions) {
                                String resourceId = permission.getResourceId();
                                String action = permission.getAction();
                                userRealm.getAuthorizationManager().authorizeRole(
                                        roleName, resourceId, action);
                            }
                        }


                    } catch (NamingException e) {
                        String errorMsg = "Role: " + roleName + "could not be added.";
                        logger.error(errorMsg, e);
                        throw new UserStoreException(errorMsg, e);


                    } catch (Exception e) {
                        String errorMsg = "Role: " + roleName + "could not be added.";
                        logger.error(errorMsg, e);
                        throw new UserStoreException(errorMsg, e);
                    } finally {
                        JNDIUtil.closeNamingEnumeration(results);
                        JNDIUtil.closeContext(groupContext);
                        JNDIUtil.closeContext(mainDirContext);
                    }

View Full Code Here

            //check whether everyone role is trying to be deleted,
            if (deletedRoles != null) {
                Arrays.sort(deletedRoles);
                if (Arrays.binarySearch(deletedRoles, realmConfig.getEveryOneRoleName()) > -1) {
                    log.error("An attempt to remove " + userName + " user from Everyone role ");
                    throw new UserStoreException("Everyone role is not updatable");
                }
            }
            // check whether admin role is trying to be deleted from admin user.
            if (deletedRoles != null) {
                Arrays.sort(deletedRoles);
                if (realmConfig.getAdminUserName().equals(userName)
                    && Arrays.binarySearch(deletedRoles, realmConfig.getAdminRoleName()) > -1) {
                    log.error("An attempt to remove Admin user from Admin role ");
                    throw new UserStoreException("Cannot remove Admin user from Admin role");
                }
            }
            //get the DN of the user entry
            String userNameDN = this.getNameInSpaceForUserName(userName);
            String membershipAttribute = realmConfig.getUserStoreProperty(
                    LDAPConstants.MEMBERSHIP_ATTRIBUTE);


            /*check deleted roles and delete member entries from relevant groups.*/
            String errorMessage = null;
            String searchFilter = realmConfig.getUserStoreProperty(LDAPConstants.ROLE_NAME_FILTER);
            String roleSearchFilter = null;


            DirContext mainDirContext = this.connectionSource.getContext();


            try {
                if (deletedRoles.length != 0) {
                    //perform validation for empty role occurrences before updating in LDAP
                    for (String deletedRole : deletedRoles) {
                        roleSearchFilter = searchFilter.replace("?", deletedRole);
                        String[] returningAttributes = new String[]{membershipAttribute};


                        NamingEnumeration<SearchResult> groupResults = searchInGroupBase(
                                roleSearchFilter, returningAttributes, SearchControls.SUBTREE_SCOPE,
                                mainDirContext);
                        SearchResult resultedGroup = null;
                        if (groupResults.hasMore()) {
                            resultedGroup = groupResults.next();
                        }
                        if ((isOnlyUserInRole(userNameDN, resultedGroup)) &&
                            (!EMPTY_ROLES_ALLOWED)) {
                            errorMessage = userName + " is the only user in the role: "
                                           + deletedRole + ". Hence can not delete user from role.";
                            logger.error(errorMessage);
                            throw new UserStoreException(errorMessage);
                        }


                        JNDIUtil.closeNamingEnumeration(groupResults);
                    }
                    //if empty role violation does not happen, continue updating the LDAP.
                    for (String deletedRole : deletedRoles) {
                        if (isExistingRole(deletedRole)) {
                            roleSearchFilter = searchFilter.replace("?", deletedRole);
                            String[] returningAttributes = new String[]{membershipAttribute};


                            NamingEnumeration<SearchResult> groupResults = searchInGroupBase(
                                    roleSearchFilter, returningAttributes,
                                    SearchControls.SUBTREE_SCOPE, mainDirContext);
                            SearchResult resultedGroup = null;
                            String groupDN = null;
                            if (groupResults.hasMore()) {
                                resultedGroup = groupResults.next();
                                groupDN = resultedGroup.getName();
                            }
                            this.modifyUserInRole(userNameDN, groupDN, DirContext.REMOVE_ATTRIBUTE);


                            JNDIUtil.closeNamingEnumeration(groupResults);


                        } else {
                            errorMessage = "The role: " + deletedRole + " does not exist.";
                            logger.error(errorMessage);
                            throw new UserStoreException(errorMessage);
                        }
                    }
                }
                if (newRoles.length != 0) {
                    for (String newRole : newRoles) {
                        if (isExistingRole(newRole)) {
                            roleSearchFilter = searchFilter.replace("?", newRole);
                            String[] returningAttributes = new String[]{membershipAttribute};


                            NamingEnumeration<SearchResult> groupResults = searchInGroupBase(
                                    roleSearchFilter, returningAttributes,
                                    SearchControls.SUBTREE_SCOPE, mainDirContext);
                            SearchResult resultedGroup = null;
                            //assume only one group with given group name
                            String groupDN = null;
                            if (groupResults.hasMore()) {
                                resultedGroup = groupResults.next();
                                groupDN = resultedGroup.getName();
                            }
                            if (!isUserInRole(userNameDN, resultedGroup)) {
                                modifyUserInRole(userNameDN, groupDN, DirContext.ADD_ATTRIBUTE);
                            } else {
                                errorMessage = "User: " + userName +
                                               " already belongs to role: " + groupDN;
                                logger.error(errorMessage);
                                throw new UserStoreException(errorMessage);
                            }


                            JNDIUtil.closeNamingEnumeration(groupResults);


                        } else {
                            errorMessage = "The role: " + newRole + " does not exist.";
                            logger.error(errorMessage);
                            throw new UserStoreException(errorMessage);
                        }
                    }
                }


            } catch (NamingException e) {
                errorMessage = "Error occurred while modifying the role list of user: " + userName;
                logger.error(errorMessage);
                throw new UserStoreException(errorMessage);
            } finally {
                JNDIUtil.closeContext(mainDirContext);
            }
        }

View Full Code Here

            (("true".equals(READ_LDAP_USER_GROUPS)) && ("false".equals(WRITE_LDAP_USER_GROUPS)))) {
            hybridRoleManager.updateUserListOfHybridRole(roleName, deletedUsers, newUsers);
        }
        if (("true".equals(READ_LDAP_USER_GROUPS)) && ("true".equals(WRITE_LDAP_USER_GROUPS))) {
            if (realmConfig.getEveryOneRoleName().equals(roleName)) {
                throw new UserStoreException("Everyone role is not updatable");
            }


            if (deletedUsers != null) {
                Arrays.sort(deletedUsers);
                if (realmConfig.getAdminRoleName().equals(roleName)
                    && Arrays.binarySearch(deletedUsers, realmConfig.getAdminUserName()) > -1) {
                    log.error("An attempt to remove Admin user from Admin role ");
                    throw new UserStoreException("Cannot remove Admin user from Admin role");
                }
            }
            String errorMessage = null;
            NamingEnumeration<SearchResult> groupSearchResults = null;


            if (isExistingRole(roleName)) {


                DirContext mainDirContext = this.connectionSource.getContext();


                try {
                    String searchFilter = realmConfig.getUserStoreProperty(
                            LDAPConstants.ROLE_NAME_FILTER);
                    searchFilter = searchFilter.replace("?", roleName);
                    String membershipAttributeName = realmConfig.getUserStoreProperty(
                            LDAPConstants.MEMBERSHIP_ATTRIBUTE);
                    String[] returningAttributes = new String[]{membershipAttributeName};


                    groupSearchResults = searchInGroupBase(
                            searchFilter, returningAttributes, SearchControls.SUBTREE_SCOPE, mainDirContext);
                    SearchResult resultedGroup = null;
                    String groupName = null;
                    while (groupSearchResults.hasMoreElements()) {
                        resultedGroup = groupSearchResults.next();
                        groupName = resultedGroup.getName();
                    }
                    //check whether update operations are going to violate non empty role
                    // restriction specified in user-mgt.xml by
                    //checking whether all users are trying to be deleted before updating LDAP.
                    Attribute returnedMemberAttribute = resultedGroup.getAttributes().get(
                            membershipAttributeName);
                    if ((!EMPTY_ROLES_ALLOWED) && (((newUsers.length - deletedUsers.length) +
                                                    returnedMemberAttribute.size()) == 0)) {
                        errorMessage = "There should be at least one member in the role. " +
                                       "Hence can not delete all the members.";
                        logger.error(errorMessage);
                        throw new UserStoreException(errorMessage);


                    } else {
                        if (newUsers.length != 0) {
                            for (String newUser : newUsers) {
                                String userNameDN = getNameInSpaceForUserName(newUser);
                                if (!isUserInRole(userNameDN, resultedGroup)) {
                                    modifyUserInRole(userNameDN, groupName, DirContext.ADD_ATTRIBUTE);
                                } else {
                                    errorMessage = "User: " + newUser +
                                                   " already belongs to role: " + roleName;
                                    logger.error(errorMessage);
                                    throw new UserStoreException(errorMessage);
                                }
                            }
                        }


                        if (deletedUsers != null && deletedUsers.length != 0) {
                            for (String deletedUser : deletedUsers) {
                                String userNameDN = getNameInSpaceForUserName(deletedUser);
                                modifyUserInRole(userNameDN, groupName, DirContext.REMOVE_ATTRIBUTE);
                            }
                        }
                    }
                } catch (NamingException e) {


                    errorMessage = "Error occurred while modifying the user list of role: " +
                                   roleName;
                    logger.error(errorMessage);
                    throw new UserStoreException(errorMessage);
                } finally {
                    JNDIUtil.closeNamingEnumeration(groupSearchResults);
                    JNDIUtil.closeContext(mainDirContext);
                }
            } else {
                errorMessage = "The role: " + roleName + " does not exist.";
                logger.error(errorMessage);
                throw new UserStoreException(errorMessage);
            }




        }

View Full Code Here


        try {


            if (CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME.equals(roleName)) {
                log.error("Security Alert! Carbon anonymous role is being manipulated");
                throw new UserStoreException("Invalid data");// obscure error
                                                             // message
            }


            if (realm.getRealmConfiguration().getEveryOneRoleName().equals(roleName)) {
                log.error("Security Alert! Carbon Everyone role is being manipulated");
                throw new UserStoreException("Invalid data");// obscure error
                                                             // message
            }


            UserStoreManager admin = realm.getUserStoreManager();
            String[] oldUserList = admin.getUserListOfRole(roleName);

View Full Code Here

            }
        } catch (NamingException e) {
            String errorMessage = "Error occurred while modifying user entry: " + userNameDN +
                                  " in LDAP role: " + groupRDN;
            logger.error(errorMessage, e);
            throw new UserStoreException(errorMessage, e);
        } finally {
            JNDIUtil.closeContext(groupContext);
            JNDIUtil.closeContext(mainDirContext);
        }
    }

View Full Code Here

        try {
            Collection regRoot;
            if (tenantId == 0) {
                if (CarbonContext.getCurrentContext().getTenantId() != MultitenantConstants.SUPER_TENANT_ID) {
                    log.error("Illegal access attempt");
                    throw new UserStoreException("Illegal access attempt");
                }
                regRoot = (Collection) registry.get(UserMgtConstants.UI_PERMISSION_ROOT);
                String displayName = regRoot.getProperty(UserMgtConstants.DISPLAY_NAME);
                nodeRoot = new UIPermissionNode(UserMgtConstants.UI_PERMISSION_ROOT, displayName);
            } else {

View Full Code Here

            }
        } catch (NamingException e) {
            String errorMessage = "Error occurred while looping through attributes set of group: " +
                                  groupEntry.getNameInNamespace();
            logger.error(errorMessage, e);
            throw new UserStoreException(errorMessage, e);
        }
        return isUserInRole;
    }

View Full Code Here

            }
        } catch (NamingException e) {
            String errorMessage = "Error occurred while looping through attributes set of group: " +
                                  groupEntry.getNameInNamespace();
            logger.error(errorMessage, e);
            throw new UserStoreException(errorMessage, e);
        }
        return isOnlyUserInRole;
    }

View Full Code Here

            hybridRoleManager.updateHybridRoleName(roleName, newRoleName);
        }
        if (("true".equals(READ_LDAP_USER_GROUPS)) && ("true".equals(WRITE_LDAP_USER_GROUPS))) {
            //admin role and everyone role are not editable.
            if (realmConfig.getAdminRoleName().equals(roleName)) {
                throw new UserStoreException("Cannot rename admin role");
            }
            if (realmConfig.getEveryOneRoleName().equals(roleName)) {
                throw new UserStoreException("Cannot rename everyone role");
            }
            if (isExistingRole(newRoleName)) {
                throw new UserStoreException(
                        "Duplicate role name in the system. Please pick another name");
            } else if (!isExistingRole(newRoleName)) {
                DirContext mainContext = this.connectionSource.getContext();
                DirContext groupContext = null;
                NamingEnumeration<SearchResult> groupSearchResults = null;


                try {
                    String groupSearchFilter = realmConfig.getUserStoreProperty(
                            LDAPConstants.ROLE_NAME_FILTER);
                    groupSearchFilter = groupSearchFilter.replace("?", roleName);
                    String roleNameAttributeName = realmConfig.getUserStoreProperty(
                            LDAPConstants.ROLE_NAME_ATTRIBUTE_NAME);
                    String[] returningAttributes = {roleNameAttributeName};


                    //DirContext mainDirContext = this.connectionSource.getContext();


                    groupSearchResults = searchInGroupBase(
                            groupSearchFilter, returningAttributes, SearchControls.SUBTREE_SCOPE, mainContext);
                    SearchResult resultedGroup = null;
                    while (groupSearchResults.hasMoreElements()) {
                        resultedGroup = groupSearchResults.next();
                    }


                    if (resultedGroup == null) {
                        throw new UserStoreException("Could not find user role " + roleName + " in LDAP server.");
                    }


                    String groupNameRDN = resultedGroup.getName();
                    String newGroupNameRDN = roleNameAttributeName + "=" + newRoleName;


                    groupContext = (DirContext) mainContext.lookup(GROUP_SEARCH_BASE);
                    groupContext.rename(groupNameRDN, newGroupNameRDN);
                    this.userRealm.getAuthorizationManager().resetPermissionOnUpdateRole(roleName,
                                                                                         newRoleName);
                } catch (NamingException e) {
                    String errorMessage = "Error occurred while modifying the name of role: " +
                                          roleName;
                    logger.error(errorMessage, e);
                    throw new UserStoreException(errorMessage, e);
                } finally {
                    JNDIUtil.closeNamingEnumeration(groupSearchResults);
                    JNDIUtil.closeContext(groupContext);
                    JNDIUtil.closeContext(mainContext);
                }

View Full Code Here

            hybridRoleManager.deleteHybridRole(roleName);
        }
        if (("true".equals(READ_LDAP_USER_GROUPS)) && ("true".equals(WRITE_LDAP_USER_GROUPS))) {
            //admin role and everyone role are not editable.
            if (realmConfig.getAdminRoleName().equals(roleName)) {
                throw new UserStoreException("Cannot delete admin role.");
            }
            if (realmConfig.getEveryOneRoleName().equals(roleName)) {
                throw new UserStoreException("Cannot delete everyone role.");
            }
            if (isExistingRole(roleName)) {
                DirContext mainDirContext = null;
                DirContext groupContext = null;
                NamingEnumeration<SearchResult> groupSearchResults = null;


                try {
                    String groupSearchFilter = realmConfig.getUserStoreProperty(
                            LDAPConstants.ROLE_NAME_FILTER);
                    groupSearchFilter = groupSearchFilter.replace("?", roleName);
                    String[] returningAttributes = {realmConfig.getUserStoreProperty(
                            LDAPConstants.ROLE_NAME_ATTRIBUTE_NAME)};


                    mainDirContext = this.connectionSource.getContext();


                    groupSearchResults = searchInGroupBase(
                            groupSearchFilter, returningAttributes, SearchControls.SUBTREE_SCOPE, mainDirContext);
                    SearchResult resultedGroup = null;
                    while (groupSearchResults.hasMoreElements()) {
                        resultedGroup = groupSearchResults.next();
                    }


                    if (resultedGroup == null) {
                        throw new UserStoreException("Could not find specified group/role - " + roleName);
                    }


                    String groupName = resultedGroup.getName();


                    groupContext = (DirContext) mainDirContext.lookup(GROUP_SEARCH_BASE);
                    String groupNameAttributeValue = (String) resultedGroup.getAttributes().get(
                            realmConfig.getUserStoreProperty(
                                    LDAPConstants.ROLE_NAME_ATTRIBUTE_NAME)).get();
                    if (groupNameAttributeValue.equals(roleName)) {
                        groupContext.destroySubcontext(groupName);
                    }
                    this.userRealm.getAuthorizationManager().clearRoleAuthorization(roleName);


                } catch (NamingException e) {
                    String errorMessage = ("Error occurred while deleting the role: " + roleName);
                    logger.error(errorMessage, e);
                    throw new UserStoreException(errorMessage, e);
                } finally {
                    JNDIUtil.closeNamingEnumeration(groupSearchResults);
                    JNDIUtil.closeContext(groupContext);
                    JNDIUtil.closeContext(mainDirContext);
                }


            } else {
                String errorMessage = ("Role name: " + roleName + " does not exist in group base.");
                logger.error(errorMessage);
                throw new UserStoreException(errorMessage);
            }
        }
    }

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.wso2.carbon.user.core.UserStoreException

com.hazelcast.config.Config

com.hazelcast.config.GroupConfig

com.hazelcast.config.NetworkConfig

com.icegreen.greenmail.util.GreenMail

org.apache.axis2.client.ServiceClient

org.apache.axis2.clustering.ClusteringFault

org.apache.axis2.description.Parameter

org.apache.commons.fileupload.FileItem

org.apache.commons.fileupload.servlet.ServletRequestContext

org.apache.stratos.autoscaler.registry.RegistryManager

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.