diff --git a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/AbstractUserStoreManager.java b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/AbstractUserStoreManager.java index 7ad801af257..4e896e81261 100644 --- a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/AbstractUserStoreManager.java +++ b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/AbstractUserStoreManager.java @@ -27,6 +27,7 @@ import org.wso2.carbon.base.ServerConfiguration; import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.user.api.RealmConfiguration; +import org.wso2.carbon.user.api.Tenant; import org.wso2.carbon.user.core.NotImplementedException; import org.wso2.carbon.user.core.PaginatedUserStoreManager; import org.wso2.carbon.user.core.Permission; @@ -47,7 +48,9 @@ import org.wso2.carbon.user.core.constants.UserCoreErrorConstants.ErrorMessages; import org.wso2.carbon.user.core.dto.RoleDTO; import org.wso2.carbon.user.core.hash.HashProvider; +import org.wso2.carbon.user.core.hybrid.HybridRoleBasedManager; import org.wso2.carbon.user.core.hybrid.HybridRoleManager; +import org.wso2.carbon.user.core.hybrid.HybridRoleV2Manager; import org.wso2.carbon.user.core.internal.UMListenerServiceComponent; import org.wso2.carbon.user.core.internal.UserStoreMgtDSComponent; import org.wso2.carbon.user.core.internal.UserStoreMgtDataHolder; @@ -178,7 +181,7 @@ public abstract class AbstractUserStoreManager implements PaginatedUserStoreMana protected RealmConfiguration realmConfig = null; protected ClaimManager claimManager = null; protected UserRealm userRealm = null; - protected HybridRoleManager hybridRoleManager = null; + protected HybridRoleBasedManager hybridRoleManager = null; protected HashProvider hashProvider = null; // User roles cache protected UserRolesCache userRolesCache = null; @@ -9034,10 +9037,38 @@ protected List getMappingAttributeList(List claimList) protected void doInitialSetup() throws UserStoreException { systemUserRoleManager = new SystemUserRoleManager(dataSource, tenantId); - hybridRoleManager = new HybridRoleManager(dataSource, tenantId, realmConfig, userRealm); + if (isUsingRoleV2()) { + String organizationID; + RealmService realmService = UserStoreMgtDSComponent.getRealmService(); + if (realmService == null) { + organizationID = "10084a8d-113f-4211-a0d5-efe36b082211"; + } else { + Tenant tenant = null; + try { + tenant = realmService.getTenantManager().getTenant(tenantId); + if (StringUtils.isEmpty(tenant.getAssociatedOrganizationUUID())) { + tenant.setAssociatedOrganizationUUID(UUID.randomUUID().toString()); + } + organizationID = tenant.getAssociatedOrganizationUUID(); + } catch (org.wso2.carbon.user.api.UserStoreException e) { + throw new UserStoreException("Error while loading tenant.", e); + } + } + hybridRoleManager = new HybridRoleV2Manager(dataSource, tenantId, + organizationID, realmConfig, userRealm); + } else { + hybridRoleManager = new HybridRoleManager(dataSource, tenantId, realmConfig, userRealm); + } + userUniqueIDDomainResolver = new UserUniqueIDDomainResolver(dataSource); groupUniqueIDDomainResolver = new GroupUniqueIDDomainResolver(dataSource); } + + private boolean isUsingRoleV2() { + + // TODO: whether we use v2 or v1 roles + return true; + } /** * @return whether this is the initial startup @@ -10022,6 +10053,13 @@ public void removeSecondaryUserStoreManager(String userStoreDomainName) throws U } public HybridRoleManager getInternalRoleManager() { + if (hybridRoleManager instanceof HybridRoleManager) { + return (HybridRoleManager) hybridRoleManager; + } + return null; + } + + public HybridRoleBasedManager getInternalRoleBasedManager() { return hybridRoleManager; } diff --git a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/hybrid/HybridJDBCConstants.java b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/hybrid/HybridJDBCConstants.java index 42951975670..e8f07e7906d 100644 --- a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/hybrid/HybridJDBCConstants.java +++ b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/hybrid/HybridJDBCConstants.java @@ -26,114 +26,303 @@ public class HybridJDBCConstants { public static final String GET_ROLE_LIST_OF_GROUPS = "GetInternalRoleListOfGroupsSQL"; public static final String ADD_ROLE_SQL = "INSERT INTO UM_HYBRID_ROLE (UM_ROLE_NAME, UM_TENANT_ID) VALUES (?, ?)"; + + public static final String ADD_ROLE_V2_SQL = "INSERT INTO UM_HYBRID_ROLE (UM_ROLE_NAME, UM_TENANT_ID, UM_AUDIENCE_REF_ID, UM_UUID) VALUES (?, ?, ?, ?)"; public static final String DELETE_ROLE_SQL = "DELETE FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME = ? AND UM_TENANT_ID=?"; + public static final String DELETE_ROLE_SQL_WITH_AUDIENCE = "DELETE FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME = ? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1"; + public static final String DELETE_ROLE_V2_SQL_WITH_AUDIENCE = "DELETE FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME = ? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?"; + public static final String DELETE_ROLES_BY_TENANT_ID_SQL = "DELETE FROM UM_HYBRID_ROLE WHERE UM_TENANT_ID=?"; public static final String ON_DELETE_ROLE_REMOVE_USER_ROLE_SQL = "DELETE FROM UM_HYBRID_USER_ROLE WHERE " + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME = ? AND " + "UM_TENANT_ID=?) AND UM_TENANT_ID=?"; + public static final String ON_DELETE_ROLE_REMOVE_USER_ROLE_SQL_WITH_AUDIENCE = "DELETE FROM UM_HYBRID_USER_ROLE WHERE " + + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME = ? AND " + + "UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1) AND UM_TENANT_ID=?"; + public static final String ON_DELETE_ROLE_V2_REMOVE_USER_ROLE_SQL_WITH_AUDIENCE = "DELETE FROM UM_HYBRID_USER_ROLE WHERE " + + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME = ? AND " + + "UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?) AND UM_TENANT_ID=?"; public static final String GET_ROLE_ID = "SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME =? " + "AND UM_TENANT_ID=?"; + public static final String GET_ROLE_ID_WITH_AUDIENCE = "SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME =? " + + "AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1"; + public static final String GET_ROLE_V2_ID_WITH_AUDIENCE = "SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME =? " + + "AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?"; + + public static final String GET_ROLE_V2_AUDIENCE_SQL = "SELECT UM_ID FROM UM_HYBRID_ROLE_AUDIENCE WHERE UM_AUDIENCE " + + "=? AND UM_AUDIENCE_ID=?"; + public static final String ADD_ROLE_V2_AUDIENCE_SQL = "INSERT INTO UM_HYBRID_ROLE_AUDIENCE (UM_AUDIENCE," + + "UM_AUDIENCE_ID) VALUES (?, ?)"; + //a single role name - multiple user names public static final String ADD_USER_TO_ROLE_SQL = "INSERT INTO UM_HYBRID_USER_ROLE (UM_USER_NAME, UM_ROLE_ID, " + "UM_TENANT_ID, UM_DOMAIN_ID) VALUES (?,(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=?), ?, " + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?))"; + public static final String ADD_USER_TO_ROLE_SQL_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_USER_ROLE (UM_USER_NAME, UM_ROLE_ID, " + + "UM_TENANT_ID, UM_DOMAIN_ID) VALUES (?,(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1), ?, " + + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?))"; + + public static final String ADD_USER_TO_ROLE_V2_SQL_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_USER_ROLE (UM_USER_NAME, UM_ROLE_ID, " + + "UM_TENANT_ID, UM_DOMAIN_ID) VALUES (?,(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?), ?, " + + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?))"; + public static final String ADD_USER_TO_ROLE_SQL_MSSQL = "INSERT INTO UM_HYBRID_USER_ROLE (UM_USER_NAME, UM_ROLE_ID, " + "UM_TENANT_ID, UM_DOMAIN_ID) SELECT (?),(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=?), (?), " + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String ADD_USER_TO_ROLE_SQL_MSSQL_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_USER_ROLE (UM_USER_NAME, UM_ROLE_ID, " + + "UM_TENANT_ID, UM_DOMAIN_ID) SELECT (?),(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1), (?), " + + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String ADD_USER_TO_ROLE_V2_SQL_MSSQL_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_USER_ROLE (UM_USER_NAME, UM_ROLE_ID, " + + "UM_TENANT_ID, UM_DOMAIN_ID) SELECT (?),(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?), (?), " + + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String ADD_GROUP_TO_ROLE_SQL = "INSERT INTO UM_HYBRID_GROUP_ROLE (UM_GROUP_NAME, UM_ROLE_ID, " + "UM_TENANT_ID, UM_DOMAIN_ID) VALUES (?,(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=?), ?, " + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?))"; - + public static final String ADD_GROUP_TO_ROLE_SQL_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_GROUP_ROLE (UM_GROUP_NAME, UM_ROLE_ID, " + + "UM_TENANT_ID, UM_DOMAIN_ID) VALUES (?,(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1), ?, " + + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?))"; + public static final String ADD_GROUP_TO_ROLE_V2_SQL_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_GROUP_ROLE (UM_GROUP_NAME, UM_ROLE_ID, " + + "UM_TENANT_ID, UM_DOMAIN_ID) VALUES (?,(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?), ?, " + + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?))"; public static final String ADD_GROUP_TO_ROLE_SQL_MSSQL = "INSERT INTO UM_HYBRID_GROUP_ROLE (UM_GROUP_NAME, UM_ROLE_ID, " + "UM_TENANT_ID, UM_DOMAIN_ID) SELECT (?),(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=?), (?), " + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String ADD_GROUP_TO_ROLE_SQL_MSSQL_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_GROUP_ROLE (UM_GROUP_NAME, UM_ROLE_ID, " + + "UM_TENANT_ID, UM_DOMAIN_ID) SELECT (?),(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1), (?), " + + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String ADD_GROUP_TO_ROLE_V2_SQL_MSSQL_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_GROUP_ROLE (UM_GROUP_NAME, UM_ROLE_ID, " + + "UM_TENANT_ID, UM_DOMAIN_ID) SELECT (?),(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?), (?), " + + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; public static final String REMOVE_GROUP_FROM_ROLE_SQL = "DELETE FROM UM_HYBRID_GROUP_ROLE WHERE UM_GROUP_NAME=? AND " + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=?) AND " + "UM_TENANT_ID=? AND UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND " + "UM_DOMAIN_NAME=?)"; + public static final String REMOVE_GROUP_FROM_ROLE_SQL_WITH_AUDIENCE = "DELETE FROM UM_HYBRID_GROUP_ROLE WHERE UM_GROUP_NAME=? AND " + + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1) AND " + + "UM_TENANT_ID=? AND UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND " + + "UM_DOMAIN_NAME=?)"; + public static final String REMOVE_GROUP_FROM_ROLE_V2_SQL_WITH_AUDIENCE = "DELETE FROM UM_HYBRID_GROUP_ROLE WHERE UM_GROUP_NAME=? AND " + + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?) AND " + + "UM_TENANT_ID=? AND UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND " + + "UM_DOMAIN_NAME=?)"; public static final String REMOVE_USER_FROM_ROLE_SQL = "DELETE FROM UM_HYBRID_USER_ROLE WHERE UM_USER_NAME=? AND " + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=?) AND UM_TENANT_ID=? " + "AND UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String REMOVE_USER_FROM_ROLE_SQL_WITH_AUDIENCE = "DELETE FROM UM_HYBRID_USER_ROLE WHERE UM_USER_NAME=? AND " + + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1) AND UM_TENANT_ID=? " + + "AND UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String REMOVE_USER_FROM_ROLE_V2_SQL_WITH_AUDIENCE = "DELETE FROM UM_HYBRID_USER_ROLE WHERE UM_USER_NAME=? AND " + + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?) AND UM_TENANT_ID=? " + + "AND UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String REMOVE_USER_FROM_ROLE_SQL_CASE_INSENSITIVE = "DELETE FROM UM_HYBRID_USER_ROLE WHERE " + "LOWER(UM_USER_NAME)=LOWER(?) AND UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=?) AND UM_TENANT_ID=? " + "AND UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String REMOVE_USER_FROM_ROLE_SQL_CASE_INSENSITIVE_WITH_AUDIENCE = "DELETE FROM UM_HYBRID_USER_ROLE WHERE " + + "LOWER(UM_USER_NAME)=LOWER(?) AND UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1) AND UM_TENANT_ID=? " + + "AND UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String REMOVE_USER_FROM_ROLE_V2_SQL_CASE_INSENSITIVE_WITH_AUDIENCE = "DELETE FROM UM_HYBRID_USER_ROLE WHERE " + + "LOWER(UM_USER_NAME)=LOWER(?) AND UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?) AND UM_TENANT_ID=? " + + "AND UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + //a single user name - multiple role names public static final String ADD_ROLE_TO_USER_SQL = "INSERT INTO UM_HYBRID_USER_ROLE (UM_ROLE_ID, UM_USER_NAME, " + "UM_TENANT_ID, UM_DOMAIN_ID) VALUES ((SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=?), ?, ?," + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?))"; + public static final String ADD_ROLE_TO_USER_SQL_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_USER_ROLE (UM_ROLE_ID, UM_USER_NAME, " + + "UM_TENANT_ID, UM_DOMAIN_ID) VALUES ((SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1), ?, ?," + + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?))"; + public static final String ADD_ROLE_V2_TO_USER_SQL_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_USER_ROLE (UM_ROLE_ID, UM_USER_NAME, " + + "UM_TENANT_ID, UM_DOMAIN_ID) VALUES ((SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?), ?, ?," + + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?))"; public static final String ADD_ROLE_TO_USER_SQL_MSSQL = "INSERT INTO UM_HYBRID_USER_ROLE (UM_ROLE_ID, UM_USER_NAME, " + "UM_TENANT_ID, UM_DOMAIN_ID) SELECT (SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=?), (?), (?)," + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; - + public static final String ADD_ROLE_TO_USER_SQL_MSSQL_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_USER_ROLE (UM_ROLE_ID, UM_USER_NAME, " + + "UM_TENANT_ID, UM_DOMAIN_ID) SELECT (SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1), (?), (?)," + + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String ADD_ROLE_V2_TO_USER_SQL_MSSQL_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_USER_ROLE (UM_ROLE_ID, UM_USER_NAME, " + + "UM_TENANT_ID, UM_DOMAIN_ID) SELECT (SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?), (?), (?)," + + "(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; //openedge //TODO: change to have domain id public static final String ADD_USER_TO_ROLE_SQL_OPENEDGE = "INSERT INTO UM_HYBRID_USER_ROLE (UM_USER_NAME, UM_ROLE_ID, UM_TENANT_ID) SELECT ?, UM_ID, ? FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=?"; + public static final String ADD_USER_TO_ROLE_SQL_OPENEDGE_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_USER_ROLE (UM_USER_NAME, UM_ROLE_ID, UM_TENANT_ID) SELECT ?, UM_ID, ? FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1"; + public static final String ADD_USER_TO_ROLE_V2_SQL_OPENEDGE_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_USER_ROLE (UM_USER_NAME, UM_ROLE_ID, UM_TENANT_ID) SELECT ?, UM_ID, ? FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?"; + public static final String ADD_GROUP_TO_ROLE_SQL_OPENEDGE = "INSERT INTO UM_HYBRID_GROUP_ROLE (UM_GROUP_NAME, " + "UM_ROLE_ID, UM_TENANT_ID) SELECT ?, UM_ID, ? FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND " + "UM_TENANT_ID=?"; + public static final String ADD_GROUP_TO_ROLE_SQL_OPENEDGE_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_GROUP_ROLE (UM_GROUP_NAME, " + + "UM_ROLE_ID, UM_TENANT_ID) SELECT ?, UM_ID, ? FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND " + + "UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1"; + public static final String ADD_GROUP_TO_ROLE_V2_SQL_OPENEDGE_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_GROUP_ROLE (UM_GROUP_NAME, " + + "UM_ROLE_ID, UM_TENANT_ID) SELECT ?, UM_ID, ? FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND " + + "UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?"; public static final String ADD_ROLE_TO_USER_SQL_OPENEDGE = "INSERT INTO UM_HYBRID_USER_ROLE (UM_ROLE_ID, UM_USER_NAME, UM_TENANT_ID) SELECT UM_ID, ?, ? FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=?"; + public static final String ADD_ROLE_TO_USER_SQL_OPENEDGE_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_USER_ROLE (UM_ROLE_ID, UM_USER_NAME, UM_TENANT_ID) SELECT UM_ID, ?, ? FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1"; + public static final String ADD_ROLE_V2_TO_USER_SQL_OPENEDGE_WITH_AUDIENCE = "INSERT INTO UM_HYBRID_USER_ROLE (UM_ROLE_ID, UM_USER_NAME, UM_TENANT_ID) SELECT UM_ID, ?, ? FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?"; public static final String REMOVE_ROLE_FROM_USER_SQL = "DELETE FROM UM_HYBRID_USER_ROLE WHERE UM_ROLE_ID=" + "(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=?) AND " + "UM_USER_NAME=? AND UM_TENANT_ID=? AND UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; - + public static final String REMOVE_ROLE_FROM_USER_SQL_WITH_AUDIENCE = "DELETE FROM UM_HYBRID_USER_ROLE WHERE UM_ROLE_ID=" + + "(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1) AND " + + "UM_USER_NAME=? AND UM_TENANT_ID=? AND UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String REMOVE_ROLE_V2_FROM_USER_SQL_WITH_AUDIENCE = "DELETE FROM UM_HYBRID_USER_ROLE WHERE UM_ROLE_ID=" + + "(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?) AND " + + "UM_USER_NAME=? AND UM_TENANT_ID=? AND UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; public static final String REMOVE_ROLE_FROM_USER_SQL_CASE_INSENSITIVE = "DELETE FROM UM_HYBRID_USER_ROLE WHERE " + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=?) AND " + "LOWER(UM_USER_NAME)=LOWER(?) AND UM_TENANT_ID=? AND UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; - + public static final String REMOVE_ROLE_FROM_USER_SQL_CASE_INSENSITIVE_WITH_AUDIENCE = "DELETE FROM UM_HYBRID_USER_ROLE WHERE " + + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1) AND " + + "LOWER(UM_USER_NAME)=LOWER(?) AND UM_TENANT_ID=? AND UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String REMOVE_ROLE_V2_FROM_USER_SQL_CASE_INSENSITIVE_WITH_AUDIENCE = "DELETE FROM UM_HYBRID_USER_ROLE WHERE " + + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?) AND " + + "LOWER(UM_USER_NAME)=LOWER(?) AND UM_TENANT_ID=? AND UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; public static final String GET_ROLES = "SELECT UM_ROLE_NAME FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME LIKE ? AND UM_TENANT_ID=?"; + + public static final String GET_ROLES_WITH_AUDIENCE = + "SELECT UM_ROLE_NAME FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME LIKE ? AND UM_TENANT_ID=? AND " + + "UM_AUDIENCE_REF_ID=-1"; + + public static final String GET_ROLES_V2_WITH_AUDIENCE = + "SELECT UM_ROLE_NAME FROM UM_HYBRID_ROLE INNER JOIN UM_HYBRID_ROLE_AUDIENCE ON " + + "UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID = UM_HYBRID_ROLE_AUDIENCE.UM_ID WHERE UM_ROLE_NAME LIKE ? " + + "AND UM_TENANT_ID=?"; public static final String GET_INTERNAL_ROLES = "SELECT UM_ROLE_NAME FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME LIKE ? AND NOT UM_ROLE_NAME LIKE ? AND " + "UM_TENANT_ID=?"; + + public static final String GET_INTERNAL_ROLES_WITH_AUDIENCE = + "SELECT UM_ROLE_NAME FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME LIKE ? AND NOT UM_ROLE_NAME LIKE ? AND " + + "UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1"; + public static final String GET_INTERNAL_ROLES_V2_WITH_AUDIENCE = + "SELECT UM_ROLE_NAME FROM UM_HYBRID_ROLE INNER JOIN UM_HYBRID_ROLE_AUDIENCE ON " + + "UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID = UM_HYBRID_ROLE_AUDIENCE.UM_ID WHERE UM_ROLE_NAME LIKE ? " + + "AND NOT UM_ROLE_NAME LIKE ? AND UM_TENANT_ID=?"; public static final String GET_INTERNAL_ROLES_DB2 = "SELECT UM_ROLE_NAME FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME LIKE ? AND NOT(UM_ROLE_NAME LIKE ?) AND " + "UM_TENANT_ID=?"; + public static final String GET_INTERNAL_ROLES_DB2_WITH_AUDIENCE = + "SELECT UM_ROLE_NAME FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME LIKE ? AND NOT(UM_ROLE_NAME LIKE ?) AND " + + "UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1"; + public static final String GET_INTERNAL_ROLES_V2_DB2_WITH_AUDIENCE = + "SELECT UM_ROLE_NAME FROM UM_HYBRID_ROLE INNER JOIN UM_HYBRID_ROLE_AUDIENCE ON " + + "UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID = UM_HYBRID_ROLE_AUDIENCE.UM_ID WHERE UM_ROLE_NAME LIKE ? AND " + + "NOT(UM_ROLE_NAME LIKE ?) AND UM_TENANT_ID=?"; public static final String GET_USER_LIST_OF_ROLE_SQL = "SELECT UM_USER_NAME, UM_DOMAIN_NAME FROM UM_HYBRID_USER_ROLE, UM_DOMAIN WHERE " + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=?) AND UM_HYBRID_USER_ROLE.UM_TENANT_ID=? " + "AND UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=UM_DOMAIN.UM_DOMAIN_ID"; + public static final String GET_USER_LIST_OF_ROLE_SQL_WITH_AUDIENCE = "SELECT UM_USER_NAME, UM_DOMAIN_NAME FROM UM_HYBRID_USER_ROLE, UM_DOMAIN WHERE " + + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1) AND UM_HYBRID_USER_ROLE.UM_TENANT_ID=? " + + "AND UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=UM_DOMAIN.UM_DOMAIN_ID"; + + public static final String GET_USER_LIST_OF_ROLE_V2_SQL_WITH_AUDIENCE = "SELECT UM_USER_NAME, UM_DOMAIN_NAME FROM UM_HYBRID_USER_ROLE, UM_DOMAIN WHERE " + + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?) AND UM_HYBRID_USER_ROLE.UM_TENANT_ID=? " + + "AND UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=UM_DOMAIN.UM_DOMAIN_ID"; + public static final String GET_GROUP_LIST_OF_ROLE_SQL = "SELECT UM_GROUP_NAME, UM_DOMAIN_NAME FROM UM_HYBRID_GROUP_ROLE, UM_DOMAIN WHERE " + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=?) AND " + "UM_HYBRID_GROUP_ROLE.UM_TENANT_ID=? AND UM_HYBRID_GROUP_ROLE.UM_DOMAIN_ID=UM_DOMAIN.UM_DOMAIN_ID"; - + public static final String GET_GROUP_LIST_OF_ROLE_SQL_WITH_AUDIENCE = + "SELECT UM_GROUP_NAME, UM_DOMAIN_NAME FROM UM_HYBRID_GROUP_ROLE, UM_DOMAIN WHERE " + + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1) AND " + + "UM_HYBRID_GROUP_ROLE.UM_TENANT_ID=? AND UM_HYBRID_GROUP_ROLE.UM_DOMAIN_ID=UM_DOMAIN.UM_DOMAIN_ID"; + public static final String GET_GROUP_LIST_OF_ROLE_V2_SQL_WITH_AUDIENCE = + "SELECT UM_GROUP_NAME, UM_DOMAIN_NAME FROM UM_HYBRID_GROUP_ROLE, UM_DOMAIN WHERE " + + "UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?) AND " + + "UM_HYBRID_GROUP_ROLE.UM_TENANT_ID=? AND UM_HYBRID_GROUP_ROLE.UM_DOMAIN_ID=UM_DOMAIN.UM_DOMAIN_ID"; public static final String GET_ROLE_LIST_OF_USER_SQL = "SELECT UM_ROLE_NAME FROM UM_HYBRID_USER_ROLE, " + "UM_HYBRID_ROLE WHERE UM_USER_NAME=? AND UM_HYBRID_USER_ROLE.UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND " + "UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_TENANT_ID=? AND UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN " + "WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String GET_ROLE_LIST_OF_USER_SQL_WITH_AUDIENCE = "SELECT UM_ROLE_NAME FROM UM_HYBRID_USER_ROLE, " + + "UM_HYBRID_ROLE WHERE UM_USER_NAME=? AND UM_HYBRID_USER_ROLE.UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND " + + "UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID=-1 AND UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN " + + "WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String GET_ROLE_V2_LIST_OF_USER_SQL_WITH_AUDIENCE = "SELECT UM_ROLE_NAME FROM UM_HYBRID_USER_ROLE, " + + "UM_HYBRID_ROLE, UM_HYBRID_ROLE_AUDIENCE WHERE UM_USER_NAME=? AND UM_HYBRID_USER_ROLE.UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND " + + "UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_TENANT_ID=? AND UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN " + + "WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; public static final String GET_ROLE_OF_USER_SQL = "SELECT UM_ROLE_NAME FROM UM_HYBRID_USER_ROLE, " + "UM_HYBRID_ROLE WHERE UM_USER_NAME=? AND UM_HYBRID_USER_ROLE.UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND " + "UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_TENANT_ID=? AND " + "UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND " + "UM_DOMAIN_NAME=?) AND UM_ROLE_NAME LIKE ?"; + public static final String GET_ROLE_OF_USER_SQL_WITH_AUDIENCE = "SELECT UM_ROLE_NAME FROM UM_HYBRID_USER_ROLE, " + + "UM_HYBRID_ROLE WHERE UM_USER_NAME=? AND UM_HYBRID_USER_ROLE.UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND " + + "UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID=-1 AND " + + "UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND " + + "UM_DOMAIN_NAME=?) AND UM_ROLE_NAME LIKE ?"; + public static final String GET_ROLE_V2_OF_USER_SQL_WITH_AUDIENCE = "SELECT UM_ROLE_NAME FROM UM_HYBRID_USER_ROLE, " + + "UM_HYBRID_ROLE, UM_HYBRID_ROLE_AUDIENCE WHERE UM_USER_NAME=? AND UM_HYBRID_USER_ROLE.UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND " + + "UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_TENANT_ID=? AND " + + "UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID = UM_HYBRID_ROLE_AUDIENCE.UM_ID AND " + + "UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND " + + "UM_DOMAIN_NAME=?) AND UM_ROLE_NAME LIKE ?"; public static final String GET_USER_ROLE_NAME_SQL = "SELECT UM_ROLE_NAME FROM UM_HYBRID_USER_ROLE, " + "UM_HYBRID_ROLE WHERE UM_USER_NAME=? AND UM_HYBRID_USER_ROLE.UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND " + "UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_TENANT_ID=? AND " + "UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND " + "UM_DOMAIN_NAME=?) AND UM_ROLE_NAME=?"; + public static final String GET_USER_ROLE_NAME_SQL_WITH_AUDIENCE = "SELECT UM_ROLE_NAME FROM UM_HYBRID_USER_ROLE, " + + "UM_HYBRID_ROLE WHERE UM_USER_NAME=? AND UM_HYBRID_USER_ROLE.UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND " + + "UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID=-1 AND " + + "UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND " + + "UM_DOMAIN_NAME=?) AND UM_ROLE_NAME=?"; + public static final String GET_USER_ROLE_V2_NAME_SQL_WITH_AUDIENCE = "SELECT UM_ROLE_NAME FROM UM_HYBRID_USER_ROLE, " + + "UM_HYBRID_ROLE, UM_HYBRID_ROLE_AUDIENCE WHERE UM_USER_NAME=? AND UM_HYBRID_USER_ROLE.UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND " + + "UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID = UM_HYBRID_ROLE_AUDIENCE.UM_ID AND " + + "UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND " + + "UM_DOMAIN_NAME=?) AND UM_ROLE_NAME=?"; public static final String GET_INTERNAL_ROLE_LIST_OF_USERS_SQL = "SELECT UM_USER_NAME, UM_ROLE_NAME FROM " + "UM_HYBRID_USER_ROLE, UM_HYBRID_ROLE WHERE UM_USER_NAME IN (?) AND UM_HYBRID_USER_ROLE" + ".UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE" + ".UM_TENANT_ID=? AND UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE " + "UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; - + public static final String GET_INTERNAL_ROLE_LIST_OF_USERS_SQL_WITH_AUDIENCE = "SELECT UM_USER_NAME, UM_ROLE_NAME FROM " + + "UM_HYBRID_USER_ROLE, UM_HYBRID_ROLE WHERE UM_USER_NAME IN (?) AND UM_HYBRID_USER_ROLE" + + ".UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE" + + ".UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID=-1 AND UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE " + + "UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String GET_INTERNAL_ROLE_V2_LIST_OF_USERS_SQL_WITH_AUDIENCE = "SELECT UM_USER_NAME FROM " + + "UM_HYBRID_USER_ROLE, UM_HYBRID_ROLE, UM_HYBRID_ROLE_AUDIENCE WHERE UM_USER_NAME IN (?) AND UM_HYBRID_USER_ROLE" + + ".UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE" + + ".UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID = UM_HYBRID_ROLE_AUDIENCE.UM_ID AND UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE " + + "UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; public static final String GET_INTERNAL_ROLE_LIST_OF_GROUPS_SQL = "SELECT UM_GROUP_NAME, UM_ROLE_NAME FROM " + "UM_HYBRID_GROUP_ROLE, UM_HYBRID_ROLE WHERE UM_GROUP_NAME IN (?) AND UM_HYBRID_GROUP_ROLE" + ".UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND UM_HYBRID_GROUP_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE" + ".UM_TENANT_ID=? AND UM_HYBRID_GROUP_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE " + "UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String GET_INTERNAL_ROLE_LIST_OF_GROUPS_SQL_WITH_AUDIENCE = "SELECT UM_GROUP_NAME, UM_ROLE_NAME FROM " + + "UM_HYBRID_GROUP_ROLE, UM_HYBRID_ROLE WHERE UM_GROUP_NAME IN (?) AND UM_HYBRID_GROUP_ROLE" + + ".UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND UM_HYBRID_GROUP_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE" + + ".UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID=-1 AND UM_HYBRID_GROUP_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE " + + "UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String GET_INTERNAL_ROLE_V2_LIST_OF_GROUPS_SQL_WITH_AUDIENCE = "SELECT UM_GROUP_NAME, UM_ROLE_NAME FROM " + + "UM_HYBRID_GROUP_ROLE, UM_HYBRID_ROLE, UM_HYBRID_ROLE_AUDIENCE WHERE UM_GROUP_NAME IN (?) AND UM_HYBRID_GROUP_ROLE" + + ".UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND UM_HYBRID_GROUP_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE" + + ".UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID = UM_HYBRID_ROLE_AUDIENCE.UM_ID AND " + + "UM_HYBRID_GROUP_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE " + + "UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; public static final String IS_USER_IN_ROLE_SQL = "SELECT UM_ROLE_ID FROM UM_HYBRID_USER_ROLE WHERE UM_USER_NAME=? " + "AND UM_ROLE_ID=(SELECT UM_ID FROM UM_HYBRID_ROLE WHERE UM_ROLE_NAME=? AND UM_TENANT_ID=?) AND UM_TENANT_ID=?" + @@ -146,6 +335,8 @@ public class HybridJDBCConstants { "LOWER(UM_USER_NAME)=LOWER(?) AND UM_TENANT_ID=? AND UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; public static final String UPDATE_ROLE_NAME_SQL = "UPDATE UM_HYBRID_ROLE set UM_ROLE_NAME=? WHERE UM_ROLE_NAME = ? AND UM_TENANT_ID=?"; + public static final String UPDATE_ROLE_NAME_SQL_WITH_AUDIENCE = "UPDATE UM_HYBRID_ROLE set UM_ROLE_NAME=? WHERE UM_ROLE_NAME = ? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=-1"; + public static final String UPDATE_ROLE_V2_NAME_SQL_WITH_AUDIENCE = "UPDATE UM_HYBRID_ROLE set UM_ROLE_NAME=? WHERE UM_ROLE_NAME = ? AND UM_TENANT_ID=? AND UM_AUDIENCE_REF_ID=?"; public static final String ADD_REMEMBERME_VALUE_SQL = "INSERT INTO UM_HYBRID_REMEMBER_ME (UM_USER_NAME, UM_COOKIE_VALUE, UM_CREATED_TIME, UM_TENANT_ID) VALUES (?,?,?,?)"; @@ -158,9 +349,19 @@ public class HybridJDBCConstants { public static final String COUNT_INTERNAL_ROLES_SQL = "SELECT COUNT(UM_ID) AS RESULT FROM UM_HYBRID_ROLE WHERE " + "UM_ROLE_NAME LIKE ? AND " + "UM_TENANT_ID = ?"; + public static final String COUNT_INTERNAL_ROLES_SQL_WITH_AUDIENCE = "SELECT COUNT(UM_ID) AS RESULT FROM UM_HYBRID_ROLE WHERE " + + "UM_ROLE_NAME LIKE ? AND " + "UM_TENANT_ID = ? AND UM_AUDIENCE_REF_ID=-1"; + public static final String COUNT_INTERNAL_ROLES_V2_SQL_WITH_AUDIENCE = "SELECT COUNT(UM_HYBRID_ROLE.UM_ID) AS RESULT FROM " + + "UM_HYBRID_ROLE INNER JOIN UM_HYBRID_ROLE_AUDIENCE ON UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID = UM_HYBRID_ROLE_AUDIENCE.UM_ID WHERE " + + "UM_ROLE_NAME LIKE ? AND " + "UM_TENANT_ID = ?"; public static final String COUNT_INTERNAL_ONLY_ROLES_SQL = "SELECT COUNT(UM_ID) AS RESULT FROM UM_HYBRID_ROLE " + "WHERE UM_ROLE_NAME NOT LIKE 'Application%' AND UM_ROLE_NAME LIKE ? AND UM_TENANT_ID = ?"; + public static final String COUNT_INTERNAL_ONLY_ROLES_SQL_WITH_AUDIENCE = "SELECT COUNT(UM_ID) AS RESULT FROM UM_HYBRID_ROLE " + + "WHERE UM_ROLE_NAME NOT LIKE 'Application%' AND UM_ROLE_NAME LIKE ? AND UM_TENANT_ID = ? AND UM_AUDIENCE_REF_ID=-1"; + public static final String COUNT_INTERNAL_ONLY_ROLES_V2_SQL_WITH_AUDIENCE = "SELECT COUNT(UM_HYBRID_ROLE.UM_ID) AS RESULT FROM " + + "UM_HYBRID_ROLE INNER JOIN UM_HYBRID_ROLE_AUDIENCE ON UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID = UM_HYBRID_ROLE_AUDIENCE.UM_ID " + + "WHERE UM_ROLE_NAME NOT LIKE 'Application%' AND UM_ROLE_NAME LIKE ? AND UM_TENANT_ID = ?"; public static final String GET_GROUP_ROLE_MAPPING_ID = "SELECT UM_ID FROM UM_HYBRID_GROUP_ROLE WHERE UM_GROUP_NAME = ? " + "AND UM_TENANT_ID = ?"; @@ -170,4 +371,4 @@ public class HybridJDBCConstants { public static final String DELETE_GROUP_SQL = "DELETE FROM UM_HYBRID_GROUP_ROLE WHERE UM_GROUP_NAME = ? " + "AND UM_TENANT_ID = ?"; -} +} \ No newline at end of file diff --git a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/hybrid/HybridRoleBasedManager.java b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/hybrid/HybridRoleBasedManager.java new file mode 100644 index 00000000000..0e789e6e60a --- /dev/null +++ b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/hybrid/HybridRoleBasedManager.java @@ -0,0 +1,166 @@ +package org.wso2.carbon.user.core.hybrid; + +import org.wso2.carbon.user.core.UserStoreException; + +import java.util.List; +import java.util.Map; + +public interface HybridRoleBasedManager { + + /** + * @param roleName Domain-less role + * @param userList Domain-aware user list + * @throws UserStoreException + */ + void addHybridRole(String roleName, String[] userList) throws UserStoreException; + + /** + * @param roleName + * @return + * @throws UserStoreException + */ + boolean isExistingRole(String roleName) throws UserStoreException; + + /** + * @param filter + * @return + * @throws UserStoreException + */ + String[] getHybridRoles(String filter) throws UserStoreException; + + /** + * @param roleName + * @return + * @throws UserStoreException + */ + String[] getUserListOfHybridRole(String roleName) throws UserStoreException; + + /** + * @param roleName + * @param deletedUsers + * @param newUsers + * @throws UserStoreException + */ + void updateUserListOfHybridRole(String roleName, String[] deletedUsers, String[] newUsers) + throws UserStoreException; + + /** + * Update group list of role. + * + * @param roleName Role name. + * @param deletedGroups Deleted groups. + * @param newGroups New groups. + * @throws UserStoreException UserStoreException. + */ + void updateGroupListOfHybridRole(String roleName, String[] deletedGroups, String[] newGroups) + throws UserStoreException; + + /** + * Get group list of the given hybrid role. + * + * @param roleName Role name. + * @return List og groups. + * @throws UserStoreException UserStoreException. + */ + String[] getGroupListOfHybridRole(String roleName) throws UserStoreException; + + /** + * @param userName + * @return + * @throws UserStoreException + */ + String[] getHybridRoleListOfUser(String userName, String filter) throws UserStoreException; + + /** + * Get hybrid role list of users + * + * @param userNames user name list + * @return map of hybrid role list of users + * @throws UserStoreException userStoreException + */ + Map> getHybridRoleListOfUsers(List userNames, String domainName) throws + UserStoreException; + + /** + * Get hybrid role list of groups. + * + * @param groupNames group name list. + * @return map of hybrid role list of groups. + * @throws UserStoreException userStoreException. + */ + Map> getHybridRoleListOfGroups(List groupNames, String domainName) + throws UserStoreException; + + /** + * @param user + * @param deletedRoles + * @param addRoles + * @throws UserStoreException + */ + void updateHybridRoleListOfUser(String user, String[] deletedRoles, String[] addRoles) + throws UserStoreException; + + /** + * @param roleName + * @throws UserStoreException + */ + void deleteHybridRole(String roleName) throws UserStoreException; + + /** + * @param roleName + * @param newRoleName + * @throws UserStoreException + */ + void updateHybridRoleName(String roleName, String newRoleName) throws UserStoreException; + + /** + * Get hybrid role count for the given filter. + * + * @param filter The domain qualified filter. If the domain is 'Internal', all the 'Application' roles are skipped. + * @throws UserStoreException If an error occur while getting the hybrid role count using the filter. + */ + Long countHybridRoles(String filter) throws UserStoreException; + + /** + * ##### This method is not used anywhere + * + * @param userName + * @param roleName + * @return + * @throws UserStoreException + */ + boolean isUserInRole(String userName, String roleName) throws UserStoreException; + + /** + * If a user is added to a hybrid role, that entry should be deleted upon deletion of the user. + * + * @param userName + * @throws UserStoreException + */ + void deleteUser(String userName) throws UserStoreException; + + /** + * Check whether the group exists in the UM_HYBRID_GROUP_ROLE table. + * + * @param groupName The group name. + * @throws UserStoreException An unexpected exception has occurred. + */ + boolean isGroupAssignedToHybridRoles(String groupName) throws UserStoreException; + + /** + * Update group name in the UM_HYBRID_GROUP_ROLE table. + * + * @param groupName The current group name. + * @param newGroupName The new group name. + * @throws UserStoreException An unexpected exception has occurred. + */ + void updateGroupName(String groupName, String newGroupName) throws UserStoreException; + + /** + * Delete group from the UM_HYBRID_GROUP_ROLE table. + * + * @param groupName The group name. + * @throws UserStoreException An unexpected exception has occurred. + */ + void removeGroupRoleMappingByGroupName(String groupName) throws UserStoreException; +} diff --git a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/hybrid/HybridRoleManager.java b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/hybrid/HybridRoleManager.java index 6c9f4a3cf06..eed9234daa5 100644 --- a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/hybrid/HybridRoleManager.java +++ b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/hybrid/HybridRoleManager.java @@ -50,10 +50,10 @@ import java.util.regex.Matcher; import static org.wso2.carbon.user.core.constants.UserCoreErrorConstants.ErrorMessages.ERROR_CODE_DUPLICATE_WHILE_WRITING_TO_DATABASE; -import static org.wso2.carbon.user.core.hybrid.HybridJDBCConstants.COUNT_INTERNAL_ONLY_ROLES_SQL; -import static org.wso2.carbon.user.core.hybrid.HybridJDBCConstants.COUNT_INTERNAL_ROLES_SQL; +import static org.wso2.carbon.user.core.hybrid.HybridJDBCConstants.COUNT_INTERNAL_ONLY_ROLES_SQL_WITH_AUDIENCE; +import static org.wso2.carbon.user.core.hybrid.HybridJDBCConstants.COUNT_INTERNAL_ROLES_SQL_WITH_AUDIENCE; -public class HybridRoleManager { +public class HybridRoleManager implements HybridRoleBasedManager { private static Log log = LogFactory.getLog(JDBCUserStoreManager.class); private final int DEFAULT_MAX_ROLE_LIST_SIZE = 1000; @@ -87,11 +87,13 @@ public HybridRoleManager(DataSource dataSource, int tenantId, RealmConfiguration } + /** * @param roleName Domain-less role * @param userList Domain-aware user list * @throws UserStoreException */ + @Override public void addHybridRole(String roleName, String[] userList) throws UserStoreException { Connection dbConnection = null; try { @@ -115,13 +117,13 @@ public void addHybridRole(String roleName, String[] userList) throws UserStoreEx throwRoleAlreadyExistsError(roleName); } if (userList != null) { - String sql = HybridJDBCConstants.ADD_USER_TO_ROLE_SQL; + String sql = HybridJDBCConstants.ADD_USER_TO_ROLE_SQL_WITH_AUDIENCE; String type = DatabaseCreator.getDatabaseType(dbConnection); if (UserCoreConstants.MSSQL_TYPE.equals(type)) { - sql = HybridJDBCConstants.ADD_USER_TO_ROLE_SQL_MSSQL; + sql = HybridJDBCConstants.ADD_USER_TO_ROLE_SQL_MSSQL_WITH_AUDIENCE; } if (UserCoreConstants.OPENEDGE_TYPE.equals(type)) { - sql = HybridJDBCConstants.ADD_USER_TO_ROLE_SQL_OPENEDGE; + sql = HybridJDBCConstants.ADD_USER_TO_ROLE_SQL_OPENEDGE_WITH_AUDIENCE; DatabaseUtil.udpateUserRoleMappingInBatchModeForInternalRoles(dbConnection, sql, primaryDomainName, userList, tenantId, roleName, tenantId); } else { @@ -163,6 +165,7 @@ public void addHybridRole(String roleName, String[] userList) throws UserStoreEx /** * @param tenantID */ + protected void clearUserRolesCacheByTenant(int tenantID) { if (userRolesCache != null) { userRolesCache.clearCacheByTenant(tenantID); @@ -176,6 +179,7 @@ protected void clearUserRolesCacheByTenant(int tenantID) { * @return * @throws UserStoreException */ + @Override public boolean isExistingRole(String roleName) throws UserStoreException { Connection dbConnection = null; @@ -188,7 +192,7 @@ public boolean isExistingRole(String roleName) throws UserStoreException { // ########### Domain-less Roles and Domain-aware Users from here onwards ############# dbConnection = DatabaseUtil.getDBConnection(dataSource); - prepStmt = dbConnection.prepareStatement(HybridJDBCConstants.GET_ROLE_ID); + prepStmt = dbConnection.prepareStatement(HybridJDBCConstants.GET_ROLE_ID_WITH_AUDIENCE); prepStmt.setString(1, roleName); prepStmt.setInt(2, tenantId); rs = prepStmt.executeQuery(); @@ -218,13 +222,14 @@ public boolean isExistingRole(String roleName) throws UserStoreException { * @return * @throws UserStoreException */ + @Override public String[] getHybridRoles(String filter) throws UserStoreException { Connection dbConnection = null; PreparedStatement prepStmt = null; ResultSet rs = null; - String sqlStmt = HybridJDBCConstants.GET_ROLES; + String sqlStmt = HybridJDBCConstants.GET_ROLES_WITH_AUDIENCE; int maxItemLimit = UserCoreConstants.MAX_USER_ROLE_LIST; int searchTime = UserCoreConstants.MAX_SEARCH_TIME; @@ -273,9 +278,9 @@ public String[] getHybridRoles(String filter) throws UserStoreException { if (filter.startsWith(UserCoreConstants.INTERNAL_DOMAIN)) { if (DB2.equalsIgnoreCase(dbType)) { - sqlStmt = HybridJDBCConstants.GET_INTERNAL_ROLES_DB2; + sqlStmt = HybridJDBCConstants.GET_INTERNAL_ROLES_DB2_WITH_AUDIENCE; } else { - sqlStmt = HybridJDBCConstants.GET_INTERNAL_ROLES; + sqlStmt = HybridJDBCConstants.GET_INTERNAL_ROLES_WITH_AUDIENCE; } } @@ -345,6 +350,7 @@ public String[] getHybridRoles(String filter) throws UserStoreException { * @return * @throws UserStoreException */ + @Override public String[] getUserListOfHybridRole(String roleName) throws UserStoreException { if (UserCoreUtil.isEveryoneRole(roleName, realmConfig)) { @@ -353,7 +359,7 @@ public String[] getUserListOfHybridRole(String roleName) throws UserStoreExcepti // ########### Domain-less Roles and Domain-aware Users from here onwards ############# - String sqlStmt = HybridJDBCConstants.GET_USER_LIST_OF_ROLE_SQL; + String sqlStmt = HybridJDBCConstants.GET_USER_LIST_OF_ROLE_SQL_WITH_AUDIENCE; Connection dbConnection = null; try { dbConnection = DatabaseUtil.getDBConnection(dataSource); @@ -377,13 +383,14 @@ public String[] getUserListOfHybridRole(String roleName) throws UserStoreExcepti * @param newUsers * @throws UserStoreException */ + @Override public void updateUserListOfHybridRole(String roleName, String[] deletedUsers, String[] newUsers) throws UserStoreException { - String sqlStmt1 = HybridJDBCConstants.REMOVE_USER_FROM_ROLE_SQL; - String sqlStmt2 = HybridJDBCConstants.ADD_USER_TO_ROLE_SQL; + String sqlStmt1 = HybridJDBCConstants.REMOVE_USER_FROM_ROLE_SQL_WITH_AUDIENCE; + String sqlStmt2 = HybridJDBCConstants.ADD_USER_TO_ROLE_SQL_WITH_AUDIENCE; if (!isCaseSensitiveUsername()) { - sqlStmt1 = HybridJDBCConstants.REMOVE_USER_FROM_ROLE_SQL_CASE_INSENSITIVE; + sqlStmt1 = HybridJDBCConstants.REMOVE_USER_FROM_ROLE_SQL_CASE_INSENSITIVE_WITH_AUDIENCE; } Connection dbConnection = null; @@ -400,7 +407,7 @@ public void updateUserListOfHybridRole(String roleName, String[] deletedUsers, S String type = DatabaseCreator.getDatabaseType(dbConnection); if (UserCoreConstants.MSSQL_TYPE.equals(type)) { - sqlStmt2 = HybridJDBCConstants.ADD_USER_TO_ROLE_SQL_MSSQL; + sqlStmt2 = HybridJDBCConstants.ADD_USER_TO_ROLE_SQL_MSSQL_WITH_AUDIENCE; } if (deletedUsers != null && deletedUsers.length > 0) { @@ -415,7 +422,7 @@ public void updateUserListOfHybridRole(String roleName, String[] deletedUsers, S if (newUsers != null && newUsers.length > 0) { if (UserCoreConstants.OPENEDGE_TYPE.equals(type)) { - sqlStmt2 = HybridJDBCConstants.ADD_USER_TO_ROLE_SQL_OPENEDGE; + sqlStmt2 = HybridJDBCConstants.ADD_USER_TO_ROLE_SQL_OPENEDGE_WITH_AUDIENCE; DatabaseUtil.udpateUserRoleMappingInBatchModeForInternalRoles(dbConnection, sqlStmt2, primaryDomainName, newUsers, tenantId, roleName, tenantId); } else { @@ -450,11 +457,12 @@ public void updateUserListOfHybridRole(String roleName, String[] deletedUsers, S * @param newGroups New groups. * @throws UserStoreException UserStoreException. */ + @Override public void updateGroupListOfHybridRole(String roleName, String[] deletedGroups, String[] newGroups) throws UserStoreException { - String sqlStmt1 = HybridJDBCConstants.REMOVE_GROUP_FROM_ROLE_SQL; - String sqlStmt2 = HybridJDBCConstants.ADD_GROUP_TO_ROLE_SQL; + String sqlStmt1 = HybridJDBCConstants.REMOVE_GROUP_FROM_ROLE_SQL_WITH_AUDIENCE; + String sqlStmt2 = HybridJDBCConstants.ADD_GROUP_TO_ROLE_SQL_WITH_AUDIENCE; try (Connection dbConnection = DatabaseUtil.getDBConnection(dataSource)) { @@ -465,7 +473,7 @@ public void updateGroupListOfHybridRole(String roleName, String[] deletedGroups, String type = DatabaseCreator.getDatabaseType(dbConnection); if (UserCoreConstants.MSSQL_TYPE.equals(type)) { - sqlStmt2 = HybridJDBCConstants.ADD_GROUP_TO_ROLE_SQL_MSSQL; + sqlStmt2 = HybridJDBCConstants.ADD_GROUP_TO_ROLE_SQL_MSSQL_WITH_AUDIENCE; } if (ArrayUtils.isNotEmpty(deletedGroups)) { @@ -475,7 +483,7 @@ public void updateGroupListOfHybridRole(String roleName, String[] deletedGroups, if (ArrayUtils.isNotEmpty(newGroups)) { if (UserCoreConstants.OPENEDGE_TYPE.equals(type)) { - sqlStmt2 = HybridJDBCConstants.ADD_GROUP_TO_ROLE_SQL_OPENEDGE; + sqlStmt2 = HybridJDBCConstants.ADD_GROUP_TO_ROLE_SQL_OPENEDGE_WITH_AUDIENCE; DatabaseUtil.udpateUserRoleMappingInBatchModeForInternalRoles(dbConnection, sqlStmt2, domainName, newGroups, tenantId, roleName, tenantId); } else { @@ -506,9 +514,10 @@ public void updateGroupListOfHybridRole(String roleName, String[] deletedGroups, * @return List og groups. * @throws UserStoreException UserStoreException. */ + @Override public String[] getGroupListOfHybridRole(String roleName) throws UserStoreException { - String sqlStmt = HybridJDBCConstants.GET_GROUP_LIST_OF_ROLE_SQL; + String sqlStmt = HybridJDBCConstants.GET_GROUP_LIST_OF_ROLE_SQL_WITH_AUDIENCE; try (Connection dbConnection = DatabaseUtil.getDBConnection(dataSource)) { return DatabaseUtil .getStringValuesFromDatabaseForInternalRoles(dbConnection, sqlStmt, roleName, tenantId, tenantId); @@ -526,6 +535,7 @@ public String[] getGroupListOfHybridRole(String roleName) throws UserStoreExcept * @return * @throws UserStoreException */ + @Override public String[] getHybridRoleListOfUser(String userName, String filter) throws UserStoreException { String sqlStmt; @@ -543,7 +553,7 @@ public String[] getHybridRoleListOfUser(String userName, String filter) throws U if (StringUtils.isEmpty(filter) || filter.equals("*")) { sqlStmt = getHybridRoleListSqlStatement( realmConfig.getRealmProperty(HybridJDBCConstants.GET_ROLE_LIST_OF_USER), - HybridJDBCConstants.GET_ROLE_LIST_OF_USER_SQL, + HybridJDBCConstants.GET_ROLE_LIST_OF_USER_SQL_WITH_AUDIENCE, JDBCCaseInsensitiveConstants.GET_ROLE_LIST_OF_USER_SQL_CASE_INSENSITIVE); roles = DatabaseUtil .getStringValuesFromDatabase(dbConnection, sqlStmt, UserCoreUtil.removeDomainFromName(userName), @@ -554,8 +564,8 @@ public String[] getHybridRoleListOfUser(String userName, String filter) throws U filter = filter.replace("?", "_"); sqlStmt = getHybridRoleListSqlStatement( realmConfig.getRealmProperty(HybridJDBCConstants.GET_IS_ROLE_EXIST_LIST_OF_USER), - HybridJDBCConstants.GET_ROLE_OF_USER_SQL, - JDBCCaseInsensitiveConstants.GET_IS_USER_ROLE_SQL_CASE_INSENSITIVE); + HybridJDBCConstants.GET_ROLE_OF_USER_SQL_WITH_AUDIENCE, + JDBCCaseInsensitiveConstants.GET_IS_USER_ROLE_SQL_CASE_INSENSITIVE_WITH_AUDIENCE); // If the filter contains the internal domain, then here we remove the internal domain from the filter // as the database only has the role name without the internal domain. @@ -566,8 +576,8 @@ public String[] getHybridRoleListOfUser(String userName, String filter) throws U } else { sqlStmt = getHybridRoleListSqlStatement( realmConfig.getRealmProperty(HybridJDBCConstants.GET_IS_ROLE_EXIST_LIST_OF_USER), - HybridJDBCConstants.GET_USER_ROLE_NAME_SQL, - JDBCCaseInsensitiveConstants.GET_IS_USER_ROLE_SQL_CASE_INSENSITIVE); + HybridJDBCConstants.GET_USER_ROLE_NAME_SQL_WITH_AUDIENCE, + JDBCCaseInsensitiveConstants.GET_IS_USER_ROLE_SQL_CASE_INSENSITIVE_WITH_AUDIENCE); filter = truncateInternalDomainFromFilter(filter); roles = DatabaseUtil @@ -637,6 +647,7 @@ private String truncateInternalDomainFromFilter(String filter) { * @return map of hybrid role list of users * @throws UserStoreException userStoreException */ + @Override public Map> getHybridRoleListOfUsers(List userNames, String domainName) throws UserStoreException { @@ -648,7 +659,7 @@ public Map> getHybridRoleListOfUsers(List userNames StringBuilder usernameParameter = new StringBuilder(); if (isCaseSensitiveUsername()) { if (StringUtils.isEmpty(sqlStmt)) { - sqlStmt = HybridJDBCConstants.GET_INTERNAL_ROLE_LIST_OF_USERS_SQL; + sqlStmt = HybridJDBCConstants.GET_INTERNAL_ROLE_LIST_OF_USERS_SQL_WITH_AUDIENCE; } for (int i = 0; i < userNames.size(); i++) { @@ -661,7 +672,8 @@ public Map> getHybridRoleListOfUsers(List userNames } } else { if (sqlStmt == null) { - sqlStmt = JDBCCaseInsensitiveConstants.GET_INTERNAL_ROLE_LIST_OF_USERS_SQL_CASE_INSENSITIVE; + sqlStmt = JDBCCaseInsensitiveConstants + .GET_INTERNAL_ROLE_LIST_OF_USERS_SQL_CASE_INSENSITIVE_WITH_AUDIENCE; } for (int i = 0; i < userNames.size(); i++) { @@ -730,6 +742,7 @@ public Map> getHybridRoleListOfUsers(List userNames * @return map of hybrid role list of groups. * @throws UserStoreException userStoreException. */ + @Override public Map> getHybridRoleListOfGroups(List groupNames, String domainName) throws UserStoreException { @@ -741,7 +754,7 @@ public Map> getHybridRoleListOfGroups(List groupNam StringBuilder groupNameParameter = new StringBuilder(); if (StringUtils.isEmpty(sqlStmt)) { - sqlStmt = HybridJDBCConstants.GET_INTERNAL_ROLE_LIST_OF_GROUPS_SQL; + sqlStmt = HybridJDBCConstants.GET_INTERNAL_ROLE_LIST_OF_GROUPS_SQL_WITH_AUDIENCE; } for (int i = 0; i < groupNames.size(); i++) { groupNames.set(i, groupNames.get(i).replaceAll("'", "''")); @@ -791,13 +804,14 @@ public Map> getHybridRoleListOfGroups(List groupNam * @param addRoles * @throws UserStoreException */ + @Override public void updateHybridRoleListOfUser(String user, String[] deletedRoles, String[] addRoles) throws UserStoreException { - String sqlStmt1 = HybridJDBCConstants.REMOVE_ROLE_FROM_USER_SQL; - String sqlStmt2 = HybridJDBCConstants.ADD_ROLE_TO_USER_SQL; + String sqlStmt1 = HybridJDBCConstants.REMOVE_ROLE_FROM_USER_SQL_WITH_AUDIENCE; + String sqlStmt2 = HybridJDBCConstants.ADD_ROLE_TO_USER_SQL_WITH_AUDIENCE; if(!isCaseSensitiveUsername()){ - sqlStmt1 = HybridJDBCConstants.REMOVE_ROLE_FROM_USER_SQL_CASE_INSENSITIVE; + sqlStmt1 = HybridJDBCConstants.REMOVE_ROLE_FROM_USER_SQL_CASE_INSENSITIVE_WITH_AUDIENCE; } Connection dbConnection = null; @@ -810,7 +824,7 @@ public void updateHybridRoleListOfUser(String user, String[] deletedRoles, Strin dbConnection = DatabaseUtil.getDBConnection(dataSource); String type = DatabaseCreator.getDatabaseType(dbConnection); if (UserCoreConstants.MSSQL_TYPE.equals(type)) { - sqlStmt2 = HybridJDBCConstants.ADD_ROLE_TO_USER_SQL_MSSQL; + sqlStmt2 = HybridJDBCConstants.ADD_ROLE_TO_USER_SQL_MSSQL_WITH_AUDIENCE; } if (domain != null) { @@ -836,7 +850,7 @@ public void updateHybridRoleListOfUser(String user, String[] deletedRoles, Strin String[] rolesToAdd = newRoleList.toArray(new String[newRoleList.size()]); if (UserCoreConstants.OPENEDGE_TYPE.equals(type)) { - sqlStmt2 = HybridJDBCConstants.ADD_ROLE_TO_USER_SQL_OPENEDGE; + sqlStmt2 = HybridJDBCConstants.ADD_ROLE_TO_USER_SQL_OPENEDGE_WITH_AUDIENCE; DatabaseUtil.udpateUserRoleMappingInBatchMode(dbConnection, sqlStmt2, user, tenantId, rolesToAdd, tenantId); } else { @@ -870,6 +884,7 @@ public void updateHybridRoleListOfUser(String user, String[] deletedRoles, Strin * @param roleName * @throws UserStoreException */ + @Override public void deleteHybridRole(String roleName) throws UserStoreException { // ########### Domain-less Roles and Domain-aware Users from here onwards ############# @@ -883,9 +898,10 @@ public void deleteHybridRole(String roleName) throws UserStoreException { dbConnection = DatabaseUtil.getDBConnection(dataSource); if(isCascadeDeleteEnabled == null || !Boolean.parseBoolean(isCascadeDeleteEnabled)) { DatabaseUtil.updateDatabase(dbConnection, - HybridJDBCConstants.ON_DELETE_ROLE_REMOVE_USER_ROLE_SQL, roleName, tenantId, tenantId); + HybridJDBCConstants.ON_DELETE_ROLE_REMOVE_USER_ROLE_SQL_WITH_AUDIENCE, roleName, tenantId, + tenantId); } - DatabaseUtil.updateDatabase(dbConnection, HybridJDBCConstants.DELETE_ROLE_SQL, + DatabaseUtil.updateDatabase(dbConnection, HybridJDBCConstants.DELETE_ROLE_SQL_WITH_AUDIENCE, roleName, tenantId); dbConnection.commit(); } catch (SQLException e) { @@ -914,6 +930,7 @@ public void deleteHybridRole(String roleName) throws UserStoreException { * @param newRoleName * @throws UserStoreException */ + @Override public void updateHybridRoleName(String roleName, String newRoleName) throws UserStoreException { // ########### Domain-less Roles and Domain-aware Users from here onwards ############# @@ -924,7 +941,7 @@ public void updateHybridRoleName(String roleName, String newRoleName) throws Use + " in the system. Please pick another role name."); } - String sqlStmt = HybridJDBCConstants.UPDATE_ROLE_NAME_SQL; + String sqlStmt = HybridJDBCConstants.UPDATE_ROLE_NAME_SQL_WITH_AUDIENCE; if (sqlStmt == null) { throw new UserStoreException("The sql statement for update hybrid role name is null"); } @@ -965,6 +982,7 @@ public void updateHybridRoleName(String roleName, String newRoleName) throws Use * @param filter The domain qualified filter. If the domain is 'Internal', all the 'Application' roles are skipped. * @throws UserStoreException If an error occur while getting the hybrid role count using the filter. */ + @Override public Long countHybridRoles(String filter) throws UserStoreException { Connection dbConnection = null; @@ -975,10 +993,10 @@ public Long countHybridRoles(String filter) throws UserStoreException { try { dbConnection = DatabaseUtil.getDBConnection(dataSource); if (filter.startsWith(UserCoreConstants.INTERNAL_DOMAIN)) { - sqlStmt = COUNT_INTERNAL_ONLY_ROLES_SQL; + sqlStmt = COUNT_INTERNAL_ONLY_ROLES_SQL_WITH_AUDIENCE; filter = filter.replace(UserCoreConstants.INTERNAL_DOMAIN, ""); } else { - sqlStmt = COUNT_INTERNAL_ROLES_SQL; + sqlStmt = COUNT_INTERNAL_ROLES_SQL_WITH_AUDIENCE; } prepStmt = dbConnection.prepareStatement(sqlStmt); prepStmt.setString(1, filter); @@ -1011,6 +1029,7 @@ public Long countHybridRoles(String filter) throws UserStoreException { * @return * @throws UserStoreException */ + @Override public boolean isUserInRole(String userName, String roleName) throws UserStoreException { // TODO String[] roles = getHybridRoleListOfUser(userName, "*"); @@ -1078,6 +1097,7 @@ public boolean isUserInRole(String userName, String roleName) throws UserStoreEx * @param userName * @throws UserStoreException */ + @Override public void deleteUser(String userName) throws UserStoreException { Connection dbConnection = null; @@ -1199,6 +1219,7 @@ private void throwRoleAlreadyExistsError(String roleName) throws UserStoreExcept * @param groupName The group name. * @throws UserStoreException An unexpected exception has occurred. */ + @Override public boolean isGroupAssignedToHybridRoles(String groupName) throws UserStoreException { PreparedStatement prepStmt = null; @@ -1235,6 +1256,7 @@ public boolean isGroupAssignedToHybridRoles(String groupName) throws UserStoreEx * @param newGroupName The new group name. * @throws UserStoreException An unexpected exception has occurred. */ + @Override public void updateGroupName(String groupName, String newGroupName) throws UserStoreException { if (!this.isGroupAssignedToHybridRoles(groupName)) { @@ -1258,6 +1280,7 @@ public void updateGroupName(String groupName, String newGroupName) throws UserSt * @param groupName The group name. * @throws UserStoreException An unexpected exception has occurred. */ + @Override public void removeGroupRoleMappingByGroupName(String groupName) throws UserStoreException { if (!this.isGroupAssignedToHybridRoles(groupName)) { diff --git a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/hybrid/HybridRoleV2Manager.java b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/hybrid/HybridRoleV2Manager.java new file mode 100644 index 00000000000..c4b900e8633 --- /dev/null +++ b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/hybrid/HybridRoleV2Manager.java @@ -0,0 +1,1269 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.user.core.hybrid; + +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.lang.ArrayUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.CarbonConstants; +import org.wso2.carbon.user.api.RealmConfiguration; +import org.wso2.carbon.user.core.UserCoreConstants; +import org.wso2.carbon.user.core.UserRealm; +import org.wso2.carbon.user.core.UserStoreException; +import org.wso2.carbon.user.core.authorization.AuthorizationCache; +import org.wso2.carbon.user.core.common.UserRolesCache; +import org.wso2.carbon.user.core.constants.UserCoreDBConstants; +import org.wso2.carbon.user.core.constants.UserCoreErrorConstants; +import org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager; +import org.wso2.carbon.user.core.jdbc.caseinsensitive.JDBCCaseInsensitiveConstants; +import org.wso2.carbon.user.core.util.DatabaseUtil; +import org.wso2.carbon.user.core.util.UserCoreUtil; +import org.wso2.carbon.utils.dbcreator.DatabaseCreator; +import org.wso2.carbon.utils.xml.StringUtils; + +import java.sql.Connection; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; +import java.util.regex.Matcher; +import javax.sql.DataSource; + +import static org.wso2.carbon.user.core.constants.UserCoreErrorConstants.ErrorMessages.ERROR_CODE_DUPLICATE_WHILE_WRITING_TO_DATABASE; +import static org.wso2.carbon.user.core.hybrid.HybridJDBCConstants.COUNT_INTERNAL_ONLY_ROLES_V2_SQL_WITH_AUDIENCE; +import static org.wso2.carbon.user.core.hybrid.HybridJDBCConstants.COUNT_INTERNAL_ROLES_V2_SQL_WITH_AUDIENCE; + +public class HybridRoleV2Manager implements HybridRoleBasedManager { + + private static Log log = LogFactory.getLog(JDBCUserStoreManager.class); + private final int DEFAULT_MAX_ROLE_LIST_SIZE = 1000; + private final int DEFAULT_MAX_SEARCH_TIME = 1000; + protected UserRealm userRealm = null; + protected UserRolesCache userRolesCache = null; + int tenantId; + + private String audience = "organization"; + private String audienceId; + private DataSource dataSource; + private RealmConfiguration realmConfig; + private String isCascadeDeleteEnabled; + private boolean userRolesCacheEnabled = true; + private static final String APPLICATION_DOMAIN = "Application"; + private static final String WORKFLOW_DOMAIN = "Workflow"; + + private static final String CASE_INSENSITIVE_USERNAME = "CaseInsensitiveUsername"; + + private static final String DB2 = "db2"; + + public HybridRoleV2Manager(DataSource dataSource, int tenantId, String audienceId, RealmConfiguration realmConfig, + UserRealm realm) throws UserStoreException { + super(); + this.dataSource = dataSource; + this.tenantId = tenantId; + this.audienceId = audienceId; + this.realmConfig = realmConfig; + this.isCascadeDeleteEnabled = realmConfig.getRealmProperty(UserCoreDBConstants.CASCADE_DELETE_ENABLED); + this.userRealm = realm; + //persist internal domain + UserCoreUtil.persistDomain(UserCoreConstants.INTERNAL_DOMAIN, tenantId, dataSource); + UserCoreUtil.persistDomain(APPLICATION_DOMAIN, tenantId, dataSource); + UserCoreUtil.persistDomain(WORKFLOW_DOMAIN, tenantId, dataSource); + + } + + @Override + public void addHybridRole(String roleName, String[] userList) + throws UserStoreException { + Connection dbConnection = null; + try { + + // ########### Domain-less Roles and Domain-aware Users from here onwards ############# + + // This method is always invoked by the primary user store manager. + String primaryDomainName = getMyDomainName(); + + if (primaryDomainName != null) { + primaryDomainName = primaryDomainName.toUpperCase(); + } + + dbConnection = DatabaseUtil.getDBConnection(dataSource); + int audienceRefId = getRoleAudienceRefId(audience, audienceId); + if (!this.isExistingRole(roleName)) { + + String roleId = UUID.randomUUID().toString(); + DatabaseUtil.updateDatabase(dbConnection, HybridJDBCConstants.ADD_ROLE_V2_SQL, + roleName, tenantId, audienceRefId, roleId); + dbConnection.commit(); + } else { + throwRoleAlreadyExistsError(roleName); + } + if (userList != null) { + String sql = HybridJDBCConstants.ADD_USER_TO_ROLE_V2_SQL_WITH_AUDIENCE; + String type = DatabaseCreator.getDatabaseType(dbConnection); + if (UserCoreConstants.MSSQL_TYPE.equals(type)) { + sql = HybridJDBCConstants.ADD_USER_TO_ROLE_V2_SQL_MSSQL_WITH_AUDIENCE; + } + if (UserCoreConstants.OPENEDGE_TYPE.equals(type)) { + sql = HybridJDBCConstants.ADD_USER_TO_ROLE_V2_SQL_OPENEDGE_WITH_AUDIENCE; + DatabaseUtil.udpateUserRoleMappingInBatchModeForInternalRoles(dbConnection, + sql, primaryDomainName, userList, tenantId, roleName, tenantId, audienceRefId); + } else { + DatabaseUtil.udpateUserRoleMappingInBatchModeForInternalRoles(dbConnection, + sql, primaryDomainName, userList, roleName, tenantId, audienceRefId, tenantId, tenantId); + } + } + dbConnection.commit(); + } catch (UserStoreException e) { + String errorMessage = "Error occurred while adding hybrid role : " + roleName; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + // handle duplicate entry. + if (ERROR_CODE_DUPLICATE_WHILE_WRITING_TO_DATABASE.getCode().equals(e.getErrorCode())) { + throwRoleAlreadyExistsError(roleName); + } + + // Propagate any other. + throw e; + } catch (SQLException e) { + String errorMessage = "Error occurred while adding hybrid role : " + roleName; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + // Other SQL Exception + throw new UserStoreException(e.getMessage(), e); + } catch (Exception e) { + String errorMessage = "Error occurred while getting database type from DB connection"; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } finally { + DatabaseUtil.closeAllConnections(dbConnection); + } + } + + /** + * @param tenantID + */ + protected void clearUserRolesCacheByTenant(int tenantID) { + if (userRolesCache != null) { + userRolesCache.clearCacheByTenant(tenantID); + AuthorizationCache authorizationCache = AuthorizationCache.getInstance(); + authorizationCache.clearCacheByTenant(tenantID); + } + } + + @Override + public String[] getHybridRoles(String filter) throws UserStoreException { + + Connection dbConnection = null; + PreparedStatement prepStmt = null; + ResultSet rs = null; + + String sqlStmt = HybridJDBCConstants.GET_ROLES_V2_WITH_AUDIENCE; + int maxItemLimit = UserCoreConstants.MAX_USER_ROLE_LIST; + int searchTime = UserCoreConstants.MAX_SEARCH_TIME; + + try { + maxItemLimit = Integer.parseInt(realmConfig + .getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_MAX_ROLE_LIST)); + } catch (Exception e) { + maxItemLimit = DEFAULT_MAX_ROLE_LIST_SIZE; + } + + try { + searchTime = Integer.parseInt(realmConfig + .getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_MAX_SEARCH_TIME)); + } catch (Exception e) { + searchTime = DEFAULT_MAX_SEARCH_TIME; + } + + // Convert 'Application' domain from uppercase to PascalCase to accurately perform the DB search. + if (filter.toLowerCase().startsWith(UserCoreConstants.APPLICATION_DOMAIN.toLowerCase())) { + int index; + if ((index = filter.indexOf(CarbonConstants.DOMAIN_SEPARATOR)) >= 0) { + filter = UserCoreConstants.APPLICATION_DOMAIN + filter.substring(index); + } + } + try { + if (filter != null && filter.trim().length() != 0) { + filter = filter.trim(); + filter = filter.replace("*", "%"); + filter = filter.replace("?", "_"); + } else { + filter = "%"; + } + + dbConnection = DatabaseUtil.getDBConnection(dataSource); + + if (dbConnection == null) { + throw new UserStoreException("null connection"); + } + + dbConnection.setAutoCommit(false); + if (dbConnection.getTransactionIsolation() != Connection.TRANSACTION_READ_COMMITTED) { + dbConnection.setTransactionIsolation(Connection.TRANSACTION_READ_COMMITTED); + } + + String dbType = DatabaseCreator.getDatabaseType(dbConnection); + + if (filter.startsWith(UserCoreConstants.INTERNAL_DOMAIN)) { + if (DB2.equalsIgnoreCase(dbType)) { + sqlStmt = HybridJDBCConstants.GET_INTERNAL_ROLES_V2_DB2_WITH_AUDIENCE; + } else { + sqlStmt = HybridJDBCConstants.GET_INTERNAL_ROLES_V2_WITH_AUDIENCE; + } + } + + prepStmt = dbConnection.prepareStatement(sqlStmt); + + byte increment = 0; + if (filter.startsWith(UserCoreConstants.INTERNAL_DOMAIN)) { + prepStmt.setString(++increment, UserCoreUtil.removeDomainFromName(filter)); + } else { + prepStmt.setString(++increment, filter); + } + + if (filter.startsWith(UserCoreConstants.INTERNAL_DOMAIN)) { + prepStmt.setString(++increment, "%/%"); + } + + if (sqlStmt.contains(UserCoreConstants.UM_TENANT_COLUMN)) { + prepStmt.setInt(++increment, tenantId); + } + prepStmt.setMaxRows(maxItemLimit); + try { + prepStmt.setQueryTimeout(searchTime); + } catch (Exception e) { + // this can be ignored since timeout method is not implemented + log.debug(e); + } + List filteredRoles = new ArrayList<>(); + + try { + rs = prepStmt.executeQuery(); + } catch (SQLException e) { + log.error("Error while retrieving roles from Internal JDBC role store", e); + // May be due time out, therefore ignore this exception + } + + if (rs != null) { + while (rs.next()) { + String name = rs.getString(1); + // Append the domain + if (!name.contains(UserCoreConstants.DOMAIN_SEPARATOR)) { + name = UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR + + name; + } + filteredRoles.add(name); + } + } + return filteredRoles.toArray(new String[0]); + } catch (SQLException e) { + String errorMessage = "Error occurred while getting hybrid roles from filter : " + filter; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } catch (Exception e) { + String msg = "Error occur while getting database type"; + if (log.isDebugEnabled()) { + log.debug(msg, e); + } + throw new UserStoreException(msg, e); + } finally { + DatabaseUtil.closeAllConnections(dbConnection, rs, prepStmt); + } + } + + @Override + public String[] getHybridRoleListOfUser(String userName, String filter) throws UserStoreException { + + String sqlStmt; + Connection dbConnection = null; + String[] roles; + userName = UserCoreUtil.addDomainToName(userName, getMyDomainName()); + String domain = UserCoreUtil.extractDomainFromName(userName); + // ########### Domain-less Roles and Domain-aware Users from here onwards ############# + try { + dbConnection = DatabaseUtil.getDBConnection(dataSource); + + if (domain != null) { + domain = domain.toUpperCase(); + } + if (StringUtils.isEmpty(filter) || filter.equals("*")) { + sqlStmt = getHybridRoleListSqlStatement( + realmConfig.getRealmProperty(HybridJDBCConstants.GET_ROLE_LIST_OF_USER), + HybridJDBCConstants.GET_ROLE_V2_LIST_OF_USER_SQL_WITH_AUDIENCE, + JDBCCaseInsensitiveConstants.GET_ROLE_V2_LIST_OF_USER_SQL_CASE_INSENSITIVE_WITH_AUDIENCE); + roles = getHybridRoles(dbConnection, sqlStmt, UserCoreUtil.removeDomainFromName(userName), tenantId, + domain, null); + } else if (filter.contains("*") || filter.contains("?")) { + filter = filter.trim(); + filter = filter.replace("*", "%"); + filter = filter.replace("?", "_"); + sqlStmt = getHybridRoleListSqlStatement( + realmConfig.getRealmProperty(HybridJDBCConstants.GET_IS_ROLE_EXIST_LIST_OF_USER), + HybridJDBCConstants.GET_ROLE_V2_OF_USER_SQL_WITH_AUDIENCE, + JDBCCaseInsensitiveConstants.GET_IS_USER_ROLE_V2_SQL_CASE_INSENSITIVE_WITH_AUDIENCE); + + // If the filter contains the internal domain, then here we remove the internal domain from the filter + // as the database only has the role name without the internal domain. + filter = truncateInternalDomainFromFilter(filter); + roles = getHybridRoles(dbConnection, sqlStmt, UserCoreUtil.removeDomainFromName(userName), tenantId, + domain, filter); + } else { + sqlStmt = getHybridRoleListSqlStatement( + realmConfig.getRealmProperty(HybridJDBCConstants.GET_IS_ROLE_EXIST_LIST_OF_USER), + HybridJDBCConstants.GET_USER_ROLE_V2_NAME_SQL_WITH_AUDIENCE, + JDBCCaseInsensitiveConstants.GET_IS_USER_ROLE_V2_SQL_CASE_INSENSITIVE_WITH_AUDIENCE); + + filter = truncateInternalDomainFromFilter(filter); + roles = getHybridRoles(dbConnection, sqlStmt, UserCoreUtil.removeDomainFromName(userName), tenantId, + domain, filter); + } + + if (!CarbonConstants.REGISTRY_ANONNYMOUS_USERNAME.equals(userName)) { + // Adding everyone role + if (roles == null || roles.length == 0) { + return new String[]{realmConfig.getEveryOneRoleName()}; + } + List allRoles = new ArrayList<>(); + boolean isEveryone = false; + for (String role : roles) { + if (!role.contains(UserCoreConstants.DOMAIN_SEPARATOR)) { + role = UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR + + role; + } + if (role.equals(realmConfig.getEveryOneRoleName())) { + isEveryone = true; + } + allRoles.add(role); + } + if (!isEveryone) { + allRoles.add(realmConfig.getEveryOneRoleName()); + } + return allRoles.toArray(new String[0]); + } else { + return roles; + } + } catch (SQLException e) { + String errorMessage = "Error occurred while getting hybrid role list of user : " + userName; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } finally { + DatabaseUtil.closeAllConnections(dbConnection); + } + } + + @Override + public void updateUserListOfHybridRole(String roleName, String[] deletedUsers, + String[] newUsers) throws UserStoreException { + + String sqlStmt1 = HybridJDBCConstants.REMOVE_USER_FROM_ROLE_V2_SQL_WITH_AUDIENCE; + String sqlStmt2 = HybridJDBCConstants.ADD_USER_TO_ROLE_V2_SQL_WITH_AUDIENCE; + if (!isCaseSensitiveUsername()) { + sqlStmt1 = HybridJDBCConstants.REMOVE_USER_FROM_ROLE_V2_SQL_CASE_INSENSITIVE_WITH_AUDIENCE; + } + int audienceRefId = getRoleAudienceRefId(audience, audienceId); + Connection dbConnection = null; + try { + + // ########### Domain-less Roles and Domain-aware Users from here onwards ############# + String primaryDomainName = getMyDomainName(); + + if (primaryDomainName != null) { + primaryDomainName = primaryDomainName.toUpperCase(); + } + + dbConnection = DatabaseUtil.getDBConnection(dataSource); + String type = DatabaseCreator.getDatabaseType(dbConnection); + if (UserCoreConstants.MSSQL_TYPE.equals(type)) { + sqlStmt2 = HybridJDBCConstants.ADD_USER_TO_ROLE_V2_SQL_MSSQL_WITH_AUDIENCE; + } + + if (deletedUsers != null && deletedUsers.length > 0) { + DatabaseUtil.udpateUserRoleMappingInBatchModeForInternalRoles( + dbConnection, sqlStmt1, primaryDomainName, deletedUsers, + roleName, tenantId, audienceRefId, tenantId, tenantId); + // authz cache of deleted users from role, needs to be updated + for (String deletedUser : deletedUsers) { + userRealm.getAuthorizationManager().clearUserAuthorization(deletedUser); + } + } + + if (newUsers != null && newUsers.length > 0) { + if (UserCoreConstants.OPENEDGE_TYPE.equals(type)) { + sqlStmt2 = HybridJDBCConstants.ADD_USER_TO_ROLE_SQL_OPENEDGE_WITH_AUDIENCE; + DatabaseUtil.udpateUserRoleMappingInBatchModeForInternalRoles(dbConnection, + sqlStmt2, primaryDomainName, newUsers, tenantId, roleName, tenantId, audienceRefId); + } else { + DatabaseUtil.udpateUserRoleMappingInBatchModeForInternalRoles(dbConnection, + sqlStmt2, primaryDomainName, newUsers, roleName, tenantId, audienceRefId, tenantId, tenantId); + } + } + + dbConnection.commit(); + } catch (SQLException | UserStoreException e) { + String errorMessage = "Error occurred while updating user list of hybrid role : " + roleName; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } catch (Exception e) { + String errorMessage = "Error occurred while getting database type from DB connection"; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } finally { + DatabaseUtil.closeAllConnections(dbConnection); + } + } + + @Override + public void updateGroupListOfHybridRole(String roleName, String[] deletedGroups, String[] newGroups) + throws UserStoreException { + + String sqlStmt1 = HybridJDBCConstants.REMOVE_GROUP_FROM_ROLE_V2_SQL_WITH_AUDIENCE; + String sqlStmt2 = HybridJDBCConstants.ADD_GROUP_TO_ROLE_V2_SQL_WITH_AUDIENCE; + int audienceRefId = getRoleAudienceRefId(audience, audienceId); + try (Connection dbConnection = DatabaseUtil.getDBConnection(dataSource)) { + + String domainName = getMyDomainName(); + if (domainName != null) { + domainName = domainName.toUpperCase(); + } + + String type = DatabaseCreator.getDatabaseType(dbConnection); + if (UserCoreConstants.MSSQL_TYPE.equals(type)) { + sqlStmt2 = HybridJDBCConstants.ADD_GROUP_TO_ROLE_V2_SQL_MSSQL_WITH_AUDIENCE; + } + + if (ArrayUtils.isNotEmpty(deletedGroups)) { + DatabaseUtil.udpateUserRoleMappingInBatchModeForInternalRoles(dbConnection, sqlStmt1, domainName, + deletedGroups, roleName, tenantId, audienceRefId, tenantId, tenantId); + } + + if (ArrayUtils.isNotEmpty(newGroups)) { + if (UserCoreConstants.OPENEDGE_TYPE.equals(type)) { + sqlStmt2 = HybridJDBCConstants.ADD_GROUP_TO_ROLE_V2_SQL_OPENEDGE_WITH_AUDIENCE; + DatabaseUtil.udpateUserRoleMappingInBatchModeForInternalRoles(dbConnection, sqlStmt2, domainName, + newGroups, tenantId, roleName, tenantId, audienceRefId); + } else { + DatabaseUtil.udpateUserRoleMappingInBatchModeForInternalRoles(dbConnection, sqlStmt2, domainName, + newGroups, roleName, tenantId, audienceRefId, tenantId, tenantId); + } + } + dbConnection.commit(); + } catch (SQLException | UserStoreException e) { + String errorMessage = "Error occurred while updating user list of hybrid role : " + roleName; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } catch (Exception e) { + String errorMessage = "Error occurred while getting database type from DB connection"; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } + } + + @Override + public String[] getGroupListOfHybridRole(String roleName) throws UserStoreException { + + String sqlStmt = HybridJDBCConstants.GET_GROUP_LIST_OF_ROLE_V2_SQL_WITH_AUDIENCE; + int audienceRefId = getRoleAudienceRefId(audience, audienceId); + try (Connection dbConnection = DatabaseUtil.getDBConnection(dataSource)) { + return DatabaseUtil + .getStringValuesFromDatabaseForInternalRoles(dbConnection, sqlStmt, roleName, tenantId, + audienceRefId, tenantId); + } catch (SQLException e) { + String errorMessage = "Error occurred while getting user list from hybrid role : " + roleName; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } + } + + @Override + public Map> getHybridRoleListOfUsers(List userNames, String domainName) throws + UserStoreException { + + if (CollectionUtils.isEmpty(userNames)) { + return new HashMap<>(); + } + Map> hybridRoleListOfUsers = new HashMap<>(); + String sqlStmt = realmConfig.getRealmProperty(HybridJDBCConstants.GET_ROLE_LIST_OF_USERS); + StringBuilder usernameParameter = new StringBuilder(); + if (isCaseSensitiveUsername()) { + if (StringUtils.isEmpty(sqlStmt)) { + sqlStmt = HybridJDBCConstants.GET_INTERNAL_ROLE_V2_LIST_OF_USERS_SQL_WITH_AUDIENCE; + } + for (int i = 0; i < userNames.size(); i++) { + + userNames.set(i, userNames.get(i).replaceAll("'", "''")); + usernameParameter.append("'").append(userNames.get(i)).append("'"); + + if (i != userNames.size() - 1) { + usernameParameter.append(","); + } + } + } else { + if (sqlStmt == null) { + sqlStmt = JDBCCaseInsensitiveConstants + .GET_INTERNAL_ROLE_V2_LIST_OF_USERS_SQL_CASE_INSENSITIVE_WITH_AUDIENCE; + } + for (int i = 0; i < userNames.size(); i++) { + + userNames.set(i, userNames.get(i).replaceAll("'", "''")); + usernameParameter.append("LOWER('").append(userNames.get(i)).append("')"); + + if (i != userNames.size() - 1) { + usernameParameter.append(","); + } + } + } + + sqlStmt = sqlStmt.replaceFirst("\\?", Matcher.quoteReplacement(usernameParameter.toString())); + try (Connection connection = DatabaseUtil.getDBConnection(dataSource); + PreparedStatement prepStmt = connection.prepareStatement(sqlStmt)) { + prepStmt.setInt(1, tenantId); + prepStmt.setInt(2, tenantId); + prepStmt.setInt(3, tenantId); + prepStmt.setString(4, domainName); + try (ResultSet resultSet = prepStmt.executeQuery()) { + while (resultSet.next()) { + String userName = resultSet.getString(1); + if (!userNames.contains(userName)) { + continue; + } + + String roleName = resultSet.getString(2); + List userRoles = hybridRoleListOfUsers.get(userName); + if (userRoles == null) { + userRoles = new ArrayList<>(); + hybridRoleListOfUsers.put(userName, userRoles); + } + + if (!roleName.contains(UserCoreConstants.DOMAIN_SEPARATOR)) { + roleName = UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR + roleName; + } + userRoles.add(roleName); + } + } + + for (String userName : userNames) { + List hybridRoles = hybridRoleListOfUsers.computeIfAbsent(userName, k -> new ArrayList<>()); + if (hybridRoles.stream().allMatch(role -> role.equals(realmConfig.getEveryOneRoleName())) + && !CarbonConstants.REGISTRY_ANONNYMOUS_USERNAME.equals(userName)) { + hybridRoles.add(realmConfig.getEveryOneRoleName()); + } + } + } catch (SQLException e) { + String errorMessage = + "Error occurred while getting hybrid role list of users : " + Arrays.toString(userNames.toArray()) + + " in domain: " + domainName; + throw new UserStoreException(errorMessage, e); + } + + return hybridRoleListOfUsers; + } + + @Override + public Map> getHybridRoleListOfGroups(List groupNames, String domainName) + throws UserStoreException { + + if (CollectionUtils.isEmpty(groupNames)) { + return new HashMap<>(); + } + Map> hybridRoleListOfGroups = new HashMap<>(); + String sqlStmt = realmConfig.getRealmProperty(HybridJDBCConstants.GET_ROLE_LIST_OF_GROUPS); + StringBuilder groupNameParameter = new StringBuilder(); + + if (StringUtils.isEmpty(sqlStmt)) { + sqlStmt = HybridJDBCConstants.GET_INTERNAL_ROLE_V2_LIST_OF_GROUPS_SQL_WITH_AUDIENCE; + } + for (int i = 0; i < groupNames.size(); i++) { + groupNames.set(i, groupNames.get(i).replaceAll("'", "''")); + groupNameParameter.append("'").append(groupNames.get(i)).append("'"); + + if (i != groupNames.size() - 1) { + groupNameParameter.append(","); + } + } + + sqlStmt = sqlStmt.replaceFirst("\\?", Matcher.quoteReplacement(groupNameParameter.toString())); + try (Connection connection = DatabaseUtil.getDBConnection(dataSource); + PreparedStatement prepStmt = connection.prepareStatement(sqlStmt)) { + prepStmt.setInt(1, tenantId); + prepStmt.setInt(2, tenantId); + prepStmt.setInt(3, tenantId); + prepStmt.setString(4, domainName); + try (ResultSet resultSet = prepStmt.executeQuery()) { + while (resultSet.next()) { + String groupName = resultSet.getString(1); + if (!groupNames.contains(groupName)) { + continue; + } + + String roleName = resultSet.getString(2); + List groupRoles = hybridRoleListOfGroups.computeIfAbsent(groupName, k -> new ArrayList<>()); + + if (!roleName.contains(UserCoreConstants.DOMAIN_SEPARATOR)) { + roleName = UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR + roleName; + } + groupRoles.add(roleName); + } + } + } catch (SQLException e) { + String errorMessage = + "Error occurred while getting hybrid role list of groups : " + Arrays.toString(groupNames.toArray()) + + " in domain: " + domainName; + throw new UserStoreException(errorMessage, e); + } + + return hybridRoleListOfGroups; + } + + @Override + public String[] getUserListOfHybridRole(String roleName) throws UserStoreException { + + if (UserCoreUtil.isEveryoneRole(roleName, realmConfig)) { + return userRealm.getUserStoreManager().listUsers("*", -1); + } + + // ########### Domain-less Roles and Domain-aware Users from here onwards ############# + + String sqlStmt = HybridJDBCConstants.GET_USER_LIST_OF_ROLE_V2_SQL_WITH_AUDIENCE; + int audienceRefId = getRoleAudienceRefId(audience, audienceId); + Connection dbConnection = null; + try { + dbConnection = DatabaseUtil.getDBConnection(dataSource); + String[] names = DatabaseUtil.getStringValuesFromDatabaseForInternalRoles(dbConnection, sqlStmt, + roleName, tenantId, audienceRefId, tenantId); + return names; + } catch (SQLException e) { + String errorMessage = "Error occurred while getting user list from hybrid role : " + roleName; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } finally { + DatabaseUtil.closeAllConnections(dbConnection); + } + } + + @Override + public void updateHybridRoleListOfUser(String user, String[] deletedRoles, String[] addRoles) + throws UserStoreException { + + String sqlStmt1 = HybridJDBCConstants.REMOVE_ROLE_V2_FROM_USER_SQL_WITH_AUDIENCE; + String sqlStmt2 = HybridJDBCConstants.ADD_ROLE_V2_TO_USER_SQL_WITH_AUDIENCE; + int audienceRefId = getRoleAudienceRefId(audience, audienceId); + if(!isCaseSensitiveUsername()){ + sqlStmt1 = HybridJDBCConstants.REMOVE_ROLE_V2_FROM_USER_SQL_CASE_INSENSITIVE_WITH_AUDIENCE; + } + Connection dbConnection = null; + + try { + + user = UserCoreUtil.addDomainToName(user, getMyDomainName()); + String domain = UserCoreUtil.extractDomainFromName(user); + // ########### Domain-less Roles and Domain-aware Users from here onwards ############# + + dbConnection = DatabaseUtil.getDBConnection(dataSource); + String type = DatabaseCreator.getDatabaseType(dbConnection); + if (UserCoreConstants.MSSQL_TYPE.equals(type)) { + sqlStmt2 = HybridJDBCConstants.ADD_ROLE_V2_TO_USER_SQL_MSSQL_WITH_AUDIENCE; + } + + if (domain != null) { + domain = domain.toUpperCase(); + } + + if (deletedRoles != null && deletedRoles.length > 0) { + DatabaseUtil.udpateUserRoleMappingInBatchMode(dbConnection, sqlStmt1, deletedRoles, + tenantId, audienceRefId, UserCoreUtil.removeDomainFromName(user), tenantId, tenantId, domain); + } + if (addRoles != null && addRoles.length > 0) { + ArrayList newRoleList = new ArrayList<>(); + for (String role : addRoles) { + if(!isExistingRole(role)){ + String errorMessage = "The role: " + role + " does not exist."; + throw new UserStoreException(errorMessage); + } + if (!isUserInRole(user, role)) { + newRoleList.add(role); + } + } + + String[] rolesToAdd = newRoleList.toArray(new String[newRoleList.size()]); + + if (UserCoreConstants.OPENEDGE_TYPE.equals(type)) { + sqlStmt2 = HybridJDBCConstants.ADD_ROLE_V2_TO_USER_SQL_OPENEDGE_WITH_AUDIENCE; + DatabaseUtil.udpateUserRoleMappingInBatchMode(dbConnection, sqlStmt2, user, + tenantId, rolesToAdd, tenantId, audienceRefId); + } else { + DatabaseUtil.udpateUserRoleMappingInBatchMode(dbConnection, sqlStmt2, rolesToAdd, tenantId, + audienceRefId, UserCoreUtil.removeDomainFromName(user), tenantId, tenantId, domain); + } + } + dbConnection.commit(); + } catch (SQLException | UserStoreException e) { + String errorMessage = "Error occurred while updating hybrid role list of user : " + user; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } catch (Exception e) { + String errorMessage = "Error occurred while getting database type from DB connection"; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } finally { + DatabaseUtil.closeAllConnections(dbConnection); + } + // Authorization cache of user should also be updated if deleted roles are involved + if (deletedRoles != null && deletedRoles.length > 0) { + userRealm.getAuthorizationManager().clearUserAuthorization(user); + } + } + + @Override + public void deleteHybridRole(String roleName) throws UserStoreException { + + // ########### Domain-less Roles and Domain-aware Users from here onwards ############# + + if (UserCoreUtil.isEveryoneRole(roleName, realmConfig)) { + throw new UserStoreException("Invalid operation"); + } + int audienceRefId = getRoleAudienceRefId(audience, audienceId); + Connection dbConnection = null; + try { + dbConnection = DatabaseUtil.getDBConnection(dataSource); + if(isCascadeDeleteEnabled == null || !Boolean.parseBoolean(isCascadeDeleteEnabled)) { + DatabaseUtil.updateDatabase(dbConnection, + HybridJDBCConstants.ON_DELETE_ROLE_V2_REMOVE_USER_ROLE_SQL_WITH_AUDIENCE, roleName, tenantId, + audienceRefId, tenantId); + } + DatabaseUtil.updateDatabase(dbConnection, HybridJDBCConstants.DELETE_ROLE_V2_SQL_WITH_AUDIENCE, + roleName, tenantId, audienceRefId); + dbConnection.commit(); + } catch (SQLException e) { + String errorMessage = "Error occurred while deleting hybrid role : " + roleName; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } finally { + DatabaseUtil.closeAllConnections(dbConnection); + } + + // UM_ROLE_PERMISSION Table, roles are associated with Domain ID. + // At this moment Role name doesn't contain the Domain prefix. + // clearRoleAuthorization() expects domain qualified name. + // Hence we add the "Internal" Domain name explicitly here. + if (!roleName.contains(UserCoreConstants.DOMAIN_SEPARATOR)) { + roleName = UserCoreUtil.addDomainToName(roleName, UserCoreConstants.INTERNAL_DOMAIN); + } + // also need to clear role authorization + userRealm.getAuthorizationManager().clearRoleAuthorization(roleName); + } + + @Override + public void updateHybridRoleName(String roleName, String newRoleName) throws UserStoreException { + + // ########### Domain-less Roles and Domain-aware Users from here onwards ############# + + if (!org.apache.commons.lang.StringUtils.equalsIgnoreCase(roleName, newRoleName) + && this.isExistingRole(newRoleName)) { + throw new UserStoreException("Role name: " + newRoleName + + " in the system. Please pick another role name."); + } + + String sqlStmt = HybridJDBCConstants.UPDATE_ROLE_V2_NAME_SQL_WITH_AUDIENCE; + if (sqlStmt == null) { + throw new UserStoreException("The sql statement for update hybrid role name is null"); + } + int audienceRefId = getRoleAudienceRefId(audience, audienceId); + Connection dbConnection = null; + try { + + dbConnection = DatabaseUtil.getDBConnection(dataSource); + if (sqlStmt.contains(UserCoreConstants.UM_TENANT_COLUMN)) { + DatabaseUtil.updateDatabase(dbConnection, sqlStmt, newRoleName, roleName, tenantId, audienceRefId); + } else { + DatabaseUtil.updateDatabase(dbConnection, sqlStmt, newRoleName, roleName); + } + dbConnection.commit(); + if (roleName.contains(UserCoreConstants.DOMAIN_SEPARATOR)) { + this.userRealm.getAuthorizationManager().resetPermissionOnUpdateRole(roleName, + newRoleName); + } else { + String domainNamePrefix = UserCoreConstants.INTERNAL_DOMAIN + UserCoreConstants.DOMAIN_SEPARATOR; + this.userRealm.getAuthorizationManager().resetPermissionOnUpdateRole(domainNamePrefix + + roleName, domainNamePrefix + newRoleName); + } + } catch (SQLException e) { + String errorMessage = + "Error occurred while updating hybrid role : " + roleName + " to new role : " + newRoleName; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } finally { + DatabaseUtil.closeAllConnections(dbConnection); + } + } + + @Override + public Long countHybridRoles(String filter) throws UserStoreException { + + Connection dbConnection = null; + String sqlStmt = null; + PreparedStatement prepStmt = null; + ResultSet resultSet = null; + + try { + dbConnection = DatabaseUtil.getDBConnection(dataSource); + if (filter.startsWith(UserCoreConstants.INTERNAL_DOMAIN)) { + sqlStmt = COUNT_INTERNAL_ONLY_ROLES_V2_SQL_WITH_AUDIENCE; + filter = filter.replace(UserCoreConstants.INTERNAL_DOMAIN, ""); + } else { + sqlStmt = COUNT_INTERNAL_ROLES_V2_SQL_WITH_AUDIENCE; + } + prepStmt = dbConnection.prepareStatement(sqlStmt); + prepStmt.setString(1, filter); + prepStmt.setInt(2, tenantId); + prepStmt.setQueryTimeout(UserCoreConstants.MAX_SEARCH_TIME); + + resultSet = prepStmt.executeQuery(); + if (resultSet.next()) { + return resultSet.getLong("RESULT"); + } else { + log.error("No role count is retrieved for Internal domain filter: " + filter); + return (long) -1; + } + } catch (SQLException e) { + if (log.isDebugEnabled()) { + log.debug("An error occurred while getting hybrid roles count Using sql : " + sqlStmt + ", with " + + "the filter: " + filter); + } + throw new UserStoreException(e.getMessage(), e); + } finally { + DatabaseUtil.closeAllConnections(dbConnection, resultSet, prepStmt); + } + } + + /** + * Get the SQL statement for HybridRole. + * + * @param getRoleListOfUserSQLConfig query for getting role set from resource property. + * @param caseSensitiveUsernameQuery query for getting role with case sensitive username. + * @param nonCaseSensitiveUsernameQuery query for getting role with non-case sensitive username. + * @return sql statement. + * @throws UserStoreException + */ + private String getHybridRoleListSqlStatement(String getRoleListOfUserSQLConfig, String caseSensitiveUsernameQuery, + String nonCaseSensitiveUsernameQuery) throws UserStoreException { + + String sqlStmt; + if (isCaseSensitiveUsername()) { + sqlStmt = caseSensitiveUsernameQuery; + } else { + sqlStmt = nonCaseSensitiveUsernameQuery; + } + if (!StringUtils.isEmpty(getRoleListOfUserSQLConfig)) { + sqlStmt = getRoleListOfUserSQLConfig; + } + return sqlStmt; + } + + private static String[] getHybridRoles(Connection dbConnection, String sqlStmt, String userName, + int tenantId, String domain, String filter) + throws UserStoreException { + + PreparedStatement prepStmt = null; + List roles = new ArrayList<>(); + ResultSet rs = null; + try { + prepStmt = dbConnection.prepareStatement(sqlStmt); + prepStmt.setString(1, userName); + prepStmt.setInt(2, tenantId); + prepStmt.setInt(3, tenantId); + prepStmt.setInt(4, tenantId); + prepStmt.setString(5, domain); + if (filter != null) { + prepStmt.setString(6, filter); + } + rs = prepStmt.executeQuery(); + while (rs.next()) { + String name = rs.getString(1); + roles.add(name); + } + return roles.toArray(new String[0]); + } catch (SQLException e) { + String errorMessage = "Using sql : " + sqlStmt + " " + e.getMessage(); + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } finally { + DatabaseUtil.closeAllConnections(null, rs, prepStmt); + } + } + + @Override + public boolean isExistingRole(String roleName) throws UserStoreException { + + Connection dbConnection = null; + PreparedStatement prepStmt = null; + ResultSet rs = null; + boolean isExisting = false; + int audienceRefId = getRoleAudienceRefId(audience, audienceId); + try { + + // ########### Domain-less Roles and Domain-aware Users from here onwards ############# + + dbConnection = DatabaseUtil.getDBConnection(dataSource); + prepStmt = dbConnection.prepareStatement(HybridJDBCConstants.GET_ROLE_V2_ID_WITH_AUDIENCE); + prepStmt.setString(1, roleName); + prepStmt.setInt(2, tenantId); + prepStmt.setInt(3, audienceRefId); + rs = prepStmt.executeQuery(); + if (rs.next()) { + int value = rs.getInt(1); + if (value > -1) { + isExisting = true; + } + } + if (log.isDebugEnabled()) { + log.debug("Is roleName: " + roleName + " audience : " + audience + " audienceId : " + audienceId + + " Exist: " + isExisting + " TenantId: " + tenantId); + } + return isExisting; + } catch (SQLException e) { + String errorMessage = "Error occurred while checking is existing role for role name : " + roleName; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } finally { + DatabaseUtil.closeAllConnections(dbConnection, rs, prepStmt); + } + } + + @Override + public boolean isUserInRole(String userName, String roleName) throws UserStoreException { + // TODO + String[] roles = getHybridRoleListOfUser(userName, "*"); + if (roles != null && roleName != null) { + for (String role : roles) { + if (roleName.contains(CarbonConstants.DOMAIN_SEPARATOR)) { + if (role.equalsIgnoreCase(roleName)) { + if (log.isDebugEnabled()) { + log.debug("Role: " + roleName + " is already assigned to the user: " + userName); + } + return true; + } + } else { + if (UserCoreUtil.removeDomainFromName(role).equalsIgnoreCase(roleName)) { + if (log.isDebugEnabled()) { + log.debug("Role: " + roleName + " is already assigned to the user: " + userName); + } + return true; + } + } + } + } + + return false; + } + + /** + * If a user is added to a hybrid role, that entry should be deleted upon deletion of the user. + * + * @param userName + * @throws UserStoreException + */ + @Override + public void deleteUser(String userName) throws UserStoreException { + + Connection dbConnection = null; + PreparedStatement preparedStatement = null; + + userName = UserCoreUtil.addDomainToName(userName, getMyDomainName()); + String domain = UserCoreUtil.extractDomainFromName(userName); + // ########### Domain-less Roles and Domain-aware Users from here onwards ############# + + if (domain != null) { + domain = domain.toUpperCase(); + } + + String sqlStmt = HybridJDBCConstants.REMOVE_USER_SQL; + if (!isCaseSensitiveUsername()) { + sqlStmt = HybridJDBCConstants.REMOVE_USER_SQL_CASE_INSENSITIVE; + } + + try { + dbConnection = DatabaseUtil.getDBConnection(dataSource); + preparedStatement = dbConnection.prepareStatement(sqlStmt); + preparedStatement.setString(1, UserCoreUtil.removeDomainFromName(userName)); + preparedStatement.setInt(2, tenantId); + preparedStatement.setInt(3, tenantId); + preparedStatement.setString(4, domain); + preparedStatement.execute(); + dbConnection.commit(); + } catch (SQLException e) { + String errorMessage = "Error occurred while deleting user : " + userName; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } finally { + DatabaseUtil.closeAllConnections(dbConnection, preparedStatement); + } + } + + /** + * + */ + protected void initUserRolesCache() { + + String userRolesCacheEnabledString = (realmConfig + .getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_ROLES_CACHE_ENABLED)); + + if (userRolesCacheEnabledString != null && !userRolesCacheEnabledString.equals("")) { + userRolesCacheEnabled = Boolean.parseBoolean(userRolesCacheEnabledString); + if (log.isDebugEnabled()) { + log.debug("User Roles Cache is configured to:" + userRolesCacheEnabledString); + } + } else { + if (log.isDebugEnabled()) { + log.info("User Roles Cache is not configured. Default value: " + + userRolesCacheEnabled + " is taken."); + } + } + + if (userRolesCacheEnabled) { + int timeOut = UserCoreConstants.USER_ROLE_CACHE_DEFAULT_TIME_OUT; + String timeOutString = realmConfig. + getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_USER_ROLE_CACHE_TIME_OUT); + if (timeOutString != null) { + timeOut = Integer.parseInt(timeOutString); + } + userRolesCache = UserRolesCache.getInstance(); + userRolesCache.setTimeOut(timeOut); + } + } + + /** + * Get role audience ref id. + * + * @param audience Audience. + * @param audienceId Audience ID. + * @return audience ref id. + * @throws UserStoreException IdentityRoleManagementException. + */ + private int getRoleAudienceRefId(String audience, String audienceId) throws UserStoreException { + + Connection dbConnection = null; + PreparedStatement prepStmt = null; + ResultSet rs = null; + try { + dbConnection = DatabaseUtil.getDBConnection(dataSource); + prepStmt = dbConnection.prepareStatement(HybridJDBCConstants.GET_ROLE_V2_AUDIENCE_SQL); + prepStmt.setString(1, audience); + prepStmt.setString(2, audienceId); + rs = prepStmt.executeQuery(); + if (rs.next()) { + return rs.getInt(1); + } else { + addRoleAudience(audience, audienceId); + return getRoleAudienceRefId(audience, audienceId); + } + } catch (SQLException e) { + String errorMessage = "Error occurred while retrieving audience ref id for audience : " + audience + + " audienceId : " + audienceId; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } finally { + DatabaseUtil.closeAllConnections(dbConnection); + } + } + + private void addRoleAudience(String audience, String audienceId) throws UserStoreException { + + Connection dbConnection = null; + PreparedStatement prepStmt = null; + ResultSet rs = null; + try { + dbConnection = DatabaseUtil.getDBConnection(dataSource); + DatabaseUtil.updateDatabase(dbConnection, HybridJDBCConstants.ADD_ROLE_V2_AUDIENCE_SQL, + audience, audienceId); + dbConnection.commit(); + } catch (SQLException e) { + String errorMessage = "Error occurred while retrieving audience ref id for audience : " + audience + + " audienceId : " + audienceId; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } + } + + private void throwRoleAlreadyExistsError(String roleName) throws UserStoreException{ + + String errorCode = UserCoreErrorConstants.ErrorMessages.ERROR_CODE_ROLE_ALREADY_EXISTS.getCode(); + String errorMessage = String.format(UserCoreErrorConstants.ErrorMessages.ERROR_CODE_ROLE_ALREADY_EXISTS + .getMessage(), roleName); + throw new UserStoreException(errorCode + " - " + errorMessage, errorCode, null); + } + + /** + * If the filter contains the internal domain, then here we remove the internal domain from the filter + * as the database only has the role name without the internal domain. + * + * @param filter raw filter + * @return truncated filter without the internal domain + */ + private String truncateInternalDomainFromFilter(String filter) { + + String filterLowerCased = filter.toLowerCase(); + + if (filterLowerCased.contains(UserCoreConstants.INTERNAL_DOMAIN_LOWER_CASED) + && filterLowerCased.indexOf(UserCoreConstants.INTERNAL_DOMAIN_LOWER_CASED) == 0) { + int index; + if ((index = filter.indexOf(CarbonConstants.DOMAIN_SEPARATOR)) >= 0) { + filter = filter.substring(index + 1); + } + } + return filter; + } + + protected String getMyDomainName() { + return UserCoreUtil.getDomainName(realmConfig); + } + + private boolean isCaseSensitiveUsername() throws UserStoreException{ + + String isUsernameCaseInsensitiveString = realmConfig.getUserStoreProperty(CASE_INSENSITIVE_USERNAME); + return !Boolean.parseBoolean(isUsernameCaseInsensitiveString); + } + + /** + * Check whether the group exists in the UM_HYBRID_GROUP_ROLE table. + * + * @param groupName The group name. + * @throws UserStoreException An unexpected exception has occurred. + */ + @Override + public boolean isGroupAssignedToHybridRoles(String groupName) throws UserStoreException { + + PreparedStatement prepStmt = null; + ResultSet rs = null; + boolean isGroupAssignedToHybridRoles = false; + + try (Connection dbConnection = DatabaseUtil.getDBConnection(dataSource)) { + prepStmt = dbConnection.prepareStatement(HybridJDBCConstants.GET_GROUP_ROLE_MAPPING_ID); + prepStmt.setString(1, groupName); + prepStmt.setInt(2, tenantId); + rs = prepStmt.executeQuery(); + + if (rs.next()) { + int value = rs.getInt(1); + if (value > -1) { + isGroupAssignedToHybridRoles = true; + } + } + return isGroupAssignedToHybridRoles; + } catch (SQLException e) { + String errorMessage = "Error occurred while checking the group : " + groupName + + "has assigned hybrid roles."; + if (log.isDebugEnabled()) { + log.debug(errorMessage, e); + } + throw new UserStoreException(errorMessage, e); + } + } + + /** + * Update group name in the UM_HYBRID_GROUP_ROLE table. + * + * @param groupName The current group name. + * @param newGroupName The new group name. + * @throws UserStoreException An unexpected exception has occurred. + */ + @Override + public void updateGroupName(String groupName, String newGroupName) throws UserStoreException { + + if (!this.isGroupAssignedToHybridRoles(groupName)) { + return; + } + + try (Connection dbConnection = DatabaseUtil.getDBConnection(dataSource)) { + DatabaseUtil.updateDatabase(dbConnection, HybridJDBCConstants.UPDATE_GROUP_NAME_SQL, + newGroupName, groupName, tenantId); + dbConnection.commit(); + } catch (SQLException e) { + String errorMessage = "Error occurred while updating group name : " + groupName + + " to new group name: " + newGroupName + " in assigned hybrid roles."; + throw new UserStoreException(errorMessage, e); + } + } + + /** + * Delete group from the UM_HYBRID_GROUP_ROLE table. + * + * @param groupName The group name. + * @throws UserStoreException An unexpected exception has occurred. + */ + @Override + public void removeGroupRoleMappingByGroupName(String groupName) throws UserStoreException { + + if (!this.isGroupAssignedToHybridRoles(groupName)) { + return; + } + + try (Connection dbConnection = DatabaseUtil.getDBConnection(dataSource)) { + DatabaseUtil.updateDatabase(dbConnection, HybridJDBCConstants.DELETE_GROUP_SQL, groupName, tenantId); + dbConnection.commit(); + } catch (SQLException e) { + String errorMessage = "Error occurred while deleting the group : " + groupName; + throw new UserStoreException(errorMessage, e); + } + } + +} diff --git a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/jdbc/caseinsensitive/JDBCCaseInsensitiveConstants.java b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/jdbc/caseinsensitive/JDBCCaseInsensitiveConstants.java index 03a72d11297..e82da7df03f 100644 --- a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/jdbc/caseinsensitive/JDBCCaseInsensitiveConstants.java +++ b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/jdbc/caseinsensitive/JDBCCaseInsensitiveConstants.java @@ -250,18 +250,54 @@ public class JDBCCaseInsensitiveConstants { ".UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE" + ".UM_TENANT_ID=? AND UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE " + "UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + + public static final String GET_ROLE_LIST_OF_USER_SQL_CASE_INSENSITIVE_WITH_AUDIENCE = "SELECT UM_ROLE_NAME FROM " + + "UM_HYBRID_USER_ROLE, UM_HYBRID_ROLE WHERE LOWER(UM_USER_NAME)=LOWER(?) AND UM_HYBRID_USER_ROLE" + + ".UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE" + + ".UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID=-1 AND UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE " + + "UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + + public static final String GET_ROLE_V2_LIST_OF_USER_SQL_CASE_INSENSITIVE_WITH_AUDIENCE = "SELECT UM_ROLE_NAME FROM " + + "UM_HYBRID_USER_ROLE, UM_HYBRID_ROLE, UM_HYBRID_ROLE_AUDIENCE WHERE LOWER(UM_USER_NAME)=LOWER(?) AND UM_HYBRID_USER_ROLE" + + ".UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE" + + ".UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID = UM_HYBRID_ROLE_AUDIENCE.UM_ID AND " + + "UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; public static final String GET_IS_USER_ROLE_SQL_CASE_INSENSITIVE = "SELECT UM_ROLE_NAME FROM " + "UM_HYBRID_USER_ROLE, UM_HYBRID_ROLE WHERE LOWER(UM_USER_NAME)=LOWER(?) AND " + "UM_HYBRID_USER_ROLE.UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND " + "UM_HYBRID_ROLE.UM_TENANT_ID=? AND UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE " + "UM_TENANT_ID=? AND UM_DOMAIN_NAME=?) AND UM_ROLE_NAME LIKE ?"; + public static final String GET_IS_USER_ROLE_SQL_CASE_INSENSITIVE_WITH_AUDIENCE = "SELECT UM_ROLE_NAME FROM " + + "UM_HYBRID_USER_ROLE, UM_HYBRID_ROLE WHERE LOWER(UM_USER_NAME)=LOWER(?) AND " + + "UM_HYBRID_USER_ROLE.UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND " + + "UM_HYBRID_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID=-1 AND UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE " + + "UM_TENANT_ID=? AND UM_DOMAIN_NAME=?) AND UM_ROLE_NAME LIKE ?"; + public static final String GET_IS_USER_ROLE_V2_SQL_CASE_INSENSITIVE_WITH_AUDIENCE = "SELECT UM_ROLE_NAME FROM " + + "UM_HYBRID_USER_ROLE, UM_HYBRID_ROLE, UM_HYBRID_ROLE_AUDIENCE WHERE LOWER(UM_USER_NAME)=LOWER(?) AND " + + "UM_HYBRID_USER_ROLE.UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND " + + "UM_HYBRID_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID = UM_HYBRID_ROLE_AUDIENCE.UM_ID AND " + + "UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE " + + "UM_TENANT_ID=? AND UM_DOMAIN_NAME=?) AND UM_ROLE_NAME LIKE ?"; + public static final String GET_INTERNAL_ROLE_LIST_OF_USERS_SQL_CASE_INSENSITIVE = "SELECT UM_USER_NAME, UM_ROLE_NAME FROM " + "UM_HYBRID_USER_ROLE, UM_HYBRID_ROLE WHERE LOWER(UM_USER_NAME) IN (?) AND UM_HYBRID_USER_ROLE" + ".UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE" + ".UM_TENANT_ID=? AND UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE " + "UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String GET_INTERNAL_ROLE_LIST_OF_USERS_SQL_CASE_INSENSITIVE_WITH_AUDIENCE = "SELECT UM_USER_NAME, UM_ROLE_NAME FROM " + + "UM_HYBRID_USER_ROLE, UM_HYBRID_ROLE WHERE LOWER(UM_USER_NAME) IN (?) AND UM_HYBRID_USER_ROLE" + + ".UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE" + + ".UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID=-1 AND UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE " + + "UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + public static final String GET_INTERNAL_ROLE_V2_LIST_OF_USERS_SQL_CASE_INSENSITIVE_WITH_AUDIENCE = "SELECT UM_USER_NAME, UM_ROLE_NAME, UM_AUDIENCE, UM_AUDIENCE_ID FROM " + + "UM_HYBRID_USER_ROLE, UM_HYBRID_ROLE, UM_HYBRID_ROLE_AUDIENCE WHERE LOWER(UM_USER_NAME) IN (?) AND UM_HYBRID_USER_ROLE" + + ".UM_ROLE_ID=UM_HYBRID_ROLE.UM_ID AND UM_HYBRID_USER_ROLE.UM_TENANT_ID=? AND UM_HYBRID_ROLE" + + ".UM_TENANT_ID=? AND UM_HYBRID_ROLE.UM_AUDIENCE_REF_ID = UM_HYBRID_ROLE_AUDIENCE.UM_ID AND " + + "UM_HYBRID_USER_ROLE.UM_DOMAIN_ID=(SELECT UM_DOMAIN_ID FROM UM_DOMAIN WHERE " + + "UM_TENANT_ID=? AND UM_DOMAIN_NAME=?)"; + @Deprecated public static final String CASE_SENSITIVE_USERNAME = "CaseInsensitiveUsername"; public static final String CASE_SENSITIVE_USERNAME_DESCRIPTION = "Whether the username is case sensitive or not"; diff --git a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/ldap/ReadWriteLDAPUserStoreManager.java b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/ldap/ReadWriteLDAPUserStoreManager.java index 63788bb4fd7..e3f1d41e9a1 100644 --- a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/ldap/ReadWriteLDAPUserStoreManager.java +++ b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/ldap/ReadWriteLDAPUserStoreManager.java @@ -35,7 +35,10 @@ import org.wso2.carbon.user.core.claim.ClaimManager; import org.wso2.carbon.user.core.common.RoleContext; import org.wso2.carbon.user.core.hybrid.HybridRoleManager; +import org.wso2.carbon.user.core.hybrid.HybridRoleV2Manager; +import org.wso2.carbon.user.core.internal.UserStoreMgtDSComponent; import org.wso2.carbon.user.core.profile.ProfileConfigurationManager; +import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.tenant.Tenant; import org.wso2.carbon.user.core.util.DatabaseUtil; import org.wso2.carbon.user.core.util.JNDIUtil; @@ -54,7 +57,6 @@ import java.util.Random; import java.util.StringTokenizer; import java.util.regex.Pattern; - import javax.naming.Name; import javax.naming.NameAlreadyBoundException; import javax.naming.NameParser; @@ -152,7 +154,23 @@ public ReadWriteLDAPUserStoreManager(RealmConfiguration realmConfig, .get(UserCoreConstants.FIRST_STARTUP_CHECK); // hybrid role manager used if only users needs to be read-written. - hybridRoleManager = new HybridRoleManager(dataSource, tenantId, realmConfig, userRealm); + if (isUsingRoleV2()) { + RealmService realmService = UserStoreMgtDSComponent.getRealmService(); + org.wso2.carbon.user.api.Tenant tenant; + try { + tenant = realmService.getTenantManager().getTenant(tenantId); + } catch (org.wso2.carbon.user.api.UserStoreException e) { + throw new UserStoreException("Error while retrieving tenant"); + } + String organizationID = tenant.getAssociatedOrganizationUUID(); + if (StringUtils.isEmpty(organizationID)) { + throw new UserStoreException("Organization id for tenant id : " + tenantId + "not found" ); + } + hybridRoleManager = new HybridRoleV2Manager(dataSource, tenantId, + organizationID, realmConfig, userRealm); + } else { + hybridRoleManager = new HybridRoleManager(dataSource, tenantId, realmConfig, userRealm); + } // obtain the ldap connection source that was created in // DefaultRealmService. @@ -196,6 +214,12 @@ public ReadWriteLDAPUserStoreManager(RealmConfiguration realmConfig, } } + private boolean isUsingRoleV2() { + + // TODO: whether we use v2 or v1 roles + return true; + } + /** * This constructor is not used. So not applying the changes done to above constructor. * diff --git a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/ldap/UniqueIDReadWriteLDAPUserStoreManager.java b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/ldap/UniqueIDReadWriteLDAPUserStoreManager.java index fcafbde716c..dc328df6704 100644 --- a/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/ldap/UniqueIDReadWriteLDAPUserStoreManager.java +++ b/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/ldap/UniqueIDReadWriteLDAPUserStoreManager.java @@ -37,7 +37,10 @@ import org.wso2.carbon.user.core.common.User; import org.wso2.carbon.user.core.constants.UserCoreErrorConstants; import org.wso2.carbon.user.core.hybrid.HybridRoleManager; +import org.wso2.carbon.user.core.hybrid.HybridRoleV2Manager; +import org.wso2.carbon.user.core.internal.UserStoreMgtDSComponent; import org.wso2.carbon.user.core.profile.ProfileConfigurationManager; +import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.tenant.Tenant; import org.wso2.carbon.user.core.util.DatabaseUtil; import org.wso2.carbon.user.core.util.JNDIUtil; @@ -152,7 +155,23 @@ public UniqueIDReadWriteLDAPUserStoreManager(RealmConfiguration realmConfig, Map .get(UserCoreConstants.FIRST_STARTUP_CHECK); // hybrid role manager used if only users needs to be read-written. - hybridRoleManager = new HybridRoleManager(dataSource, tenantId, realmConfig, userRealm); + if (isUsingRoleV2()) { + RealmService realmService = UserStoreMgtDSComponent.getRealmService(); + org.wso2.carbon.user.api.Tenant tenant; + try { + tenant = realmService.getTenantManager().getTenant(tenantId); + } catch (org.wso2.carbon.user.api.UserStoreException e) { + throw new UserStoreException("Error while retrieving tenant"); + } + String organizationID = tenant.getAssociatedOrganizationUUID(); + if (StringUtils.isEmpty(organizationID)) { + throw new UserStoreException("Organization id for tenant id : " + tenantId + "not found" ); + } + hybridRoleManager = new HybridRoleV2Manager(dataSource, tenantId, + organizationID, realmConfig, userRealm); + } else { + hybridRoleManager = new HybridRoleManager(dataSource, tenantId, realmConfig, userRealm); + } // obtain the ldap connection source that was created in // DefaultRealmService. @@ -193,6 +212,12 @@ public UniqueIDReadWriteLDAPUserStoreManager(RealmConfiguration realmConfig, Map } } + private boolean isUsingRoleV2() { + + // TODO: whether we use v2 or v1 roles + return true; + } + /** * This constructor is not used. So not applying the changes done to above constructor. * diff --git a/core/org.wso2.carbon.user.core/src/test/java/org/wso2/carbon/user/core/hybrid/AdvancedHybridRoleManagerTest.java b/core/org.wso2.carbon.user.core/src/test/java/org/wso2/carbon/user/core/hybrid/AdvancedHybridRoleManagerTest.java index 68185192e8f..1d150fdf23a 100644 --- a/core/org.wso2.carbon.user.core/src/test/java/org/wso2/carbon/user/core/hybrid/AdvancedHybridRoleManagerTest.java +++ b/core/org.wso2.carbon.user.core/src/test/java/org/wso2/carbon/user/core/hybrid/AdvancedHybridRoleManagerTest.java @@ -28,7 +28,7 @@ public class AdvancedHybridRoleManagerTest extends BaseTestCase { - private HybridRoleManager hybridRoleMan; + private HybridRoleV2Manager hybridRoleMan; public void setUp() throws Exception { super.setUp(); diff --git a/core/org.wso2.carbon.user.core/src/test/java/org/wso2/carbon/user/core/hybrid/HybridRoleManagerTest.java b/core/org.wso2.carbon.user.core/src/test/java/org/wso2/carbon/user/core/hybrid/HybridRoleManagerTest.java index 6cf863577f1..088478d1c8f 100644 --- a/core/org.wso2.carbon.user.core/src/test/java/org/wso2/carbon/user/core/hybrid/HybridRoleManagerTest.java +++ b/core/org.wso2.carbon.user.core/src/test/java/org/wso2/carbon/user/core/hybrid/HybridRoleManagerTest.java @@ -41,7 +41,7 @@ public class HybridRoleManagerTest extends BaseTestCase { private static final String TARGET_BASIC_HYBRID_ROLE_TEST = "target/HybridRoleTest"; - private HybridRoleManager hybridRoleMan; + private HybridRoleV2Manager hybridRoleMan; private UserRealm realm = null; private static String TEST_URL = "jdbc:h2:./target/HybridRoleTest/CARBON_TEST"; private static final String JDBC_TEST_CASE_INSENSITIVE_USERMGT_XML = "user-mgt-test-caseinsensitive.xml"; @@ -67,7 +67,8 @@ private void initRealmStuff(String userMgtxml) throws Exception { realm = new DefaultRealm(); realm.init(realmConfig, ClaimTestUtil.getClaimTestData(), ClaimTestUtil .getProfileTestData(), MultitenantConstants.SUPER_TENANT_ID); - hybridRoleMan = new HybridRoleManager(ds, MultitenantConstants.SUPER_TENANT_ID, realmConfig, realm); + hybridRoleMan = new HybridRoleV2Manager(ds, MultitenantConstants.SUPER_TENANT_ID, "10084a8d-113f-4211-a0d5-efe36b082211", + realmConfig, realm); } diff --git a/core/org.wso2.carbon.user.core/src/test/resources/dbscripts/h2.sql b/core/org.wso2.carbon.user.core/src/test/resources/dbscripts/h2.sql index d797fc995f5..2d1a2cb1833 100644 --- a/core/org.wso2.carbon.user.core/src/test/resources/dbscripts/h2.sql +++ b/core/org.wso2.carbon.user.core/src/test/resources/dbscripts/h2.sql @@ -398,12 +398,22 @@ CREATE TABLE IF NOT EXISTS UM_CLAIM_BEHAVIOR( PRIMARY KEY(UM_ID, UM_TENANT_ID) ); +CREATE TABLE IF NOT EXISTS UM_HYBRID_ROLE_AUDIENCE( + UM_ID INTEGER NOT NULL AUTO_INCREMENT, + UM_AUDIENCE VARCHAR(255) NOT NULL, + UM_AUDIENCE_ID VARCHAR(255) NOT NULL, + UNIQUE (UM_AUDIENCE, UM_AUDIENCE_ID), + PRIMARY KEY (UM_ID) +); + CREATE TABLE IF NOT EXISTS UM_HYBRID_ROLE( UM_ID INTEGER NOT NULL AUTO_INCREMENT, UM_ROLE_NAME VARCHAR(255) NOT NULL, UM_TENANT_ID INTEGER DEFAULT 0, + UM_AUDIENCE_REF_ID DECIMAL(31,0) DEFAULT -1 NOT NULL, + UM_UUID VARCHAR(36), PRIMARY KEY (UM_ID, UM_TENANT_ID), - UNIQUE (UM_ROLE_NAME, UM_TENANT_ID) + UNIQUE(UM_ROLE_NAME,UM_TENANT_ID,UM_AUDIENCE_REF_ID) ); CREATE INDEX IF NOT EXISTS UM_ROLE_NAME_IND ON UM_HYBRID_ROLE(UM_ROLE_NAME); diff --git a/distribution/kernel/carbon-home/dbscripts/h2.sql b/distribution/kernel/carbon-home/dbscripts/h2.sql index 8ef5f224170..409f8011163 100644 --- a/distribution/kernel/carbon-home/dbscripts/h2.sql +++ b/distribution/kernel/carbon-home/dbscripts/h2.sql @@ -422,7 +422,7 @@ CREATE TABLE IF NOT EXISTS UM_HYBRID_ROLE( UM_ROLE_NAME VARCHAR(255) NOT NULL, UM_TENANT_ID INTEGER DEFAULT 0, PRIMARY KEY (UM_ID, UM_TENANT_ID), - UNIQUE (UM_ROLE_NAME, UM_TENANT_ID) + UNIQUE(UM_ROLE_NAME,UM_TENANT_ID) ); CREATE INDEX IF NOT EXISTS UM_ROLE_NAME_IND ON UM_HYBRID_ROLE(UM_ROLE_NAME);