本文整理汇总了Java中org.wso2.carbon.user.api.UserStoreManager.addRole方法的典型用法代码示例。如果您正苦于以下问题:Java UserStoreManager.addRole方法的具体用法?Java UserStoreManager.addRole怎么用?Java UserStoreManager.addRole使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.wso2.carbon.user.api.UserStoreManager的用法示例。
在下文中一共展示了UserStoreManager.addRole方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getRegistryService
import org.wso2.carbon.user.api.UserStoreManager; //导入方法依赖的package包/类
/**
* To get the registry service.
* @return RegistryService
* @throws RegistryException Registry Exception
*/
private RegistryService getRegistryService() throws RegistryException, UserStoreException {
RealmService realmService = new InMemoryRealmService();
AuthenticatorFrameworkDataHolder.getInstance().setRealmService(realmService);
UserStoreManager userStoreManager = AuthenticatorFrameworkDataHolder.getInstance().getRealmService()
.getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager();
Permission adminPermission = new Permission(PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH,
CarbonConstants.UI_PERMISSION_ACTION);
userStoreManager.addRole(ADMIN_ROLE + "t", new String[] { ADMIN_USER }, new Permission[] { adminPermission });
RegistryDataHolder.getInstance().setRealmService(realmService);
DeviceManagementDataHolder.getInstance().setRealmService(realmService);
InputStream is = BaseWebAppAuthenticatorFrameworkTest.class.getClassLoader()
.getResourceAsStream("carbon-home/repository/conf/registry.xml");
RegistryContext context = RegistryContext.getBaseInstance(is, realmService);
context.setSetup(true);
return context.getEmbeddedRegistryService();
}
示例2: manageGroupSharing
import org.wso2.carbon.user.api.UserStoreManager; //导入方法依赖的package包/类
@Test(dependsOnMethods = ("updateGroupSecondTime"))
public void manageGroupSharing() throws GroupManagementException, RoleDoesNotExistException, UserStoreException {
groupManagementProviderService.manageGroupSharing(0, null);
List<String> newRoles = new ArrayList<>();
newRoles.add("TEST_ROLE_1");
newRoles.add("TEST_ROLE_2");
newRoles.add("TEST_ROLE_3");
UserStoreManager userStoreManager =
DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(
-1234).getUserStoreManager();
Permission[] permissions = new Permission[1];
Permission perm = new Permission("/admin/test/perm", "add");
permissions[0] = perm;
userStoreManager.addRole("TEST_ROLE_1", null, permissions);
userStoreManager.addRole("TEST_ROLE_2", null, permissions);
userStoreManager.addRole("TEST_ROLE_3", null, permissions);
groupManagementProviderService.manageGroupSharing(groupManagementProviderService.getGroup(
TestUtils.createDeviceGroup1().getName()).getGroupId(), newRoles);
}
示例3: registerApiAccessRoles
import org.wso2.carbon.user.api.UserStoreManager; //导入方法依赖的package包/类
public static void registerApiAccessRoles(String user) {
UserStoreManager userStoreManager = null;
try {
userStoreManager = getUserStoreManager();
String[] userList = new String[]{user};
if (userStoreManager != null) {
String rolesOfUser[] = userStoreManager.getRoleListOfUser(user);
if (!userStoreManager.isExistingRole(Constants.DEFAULT_ROLE_NAME)) {
userStoreManager.addRole(Constants.DEFAULT_ROLE_NAME, userList, Constants.DEFAULT_PERMISSION);
} else if (rolesOfUser != null && Arrays.asList(rolesOfUser).contains(Constants.DEFAULT_ROLE_NAME)) {
return;
} else {
userStoreManager.updateUserListOfRole(Constants.DEFAULT_ROLE_NAME, new String[0], userList);
}
}
} catch (UserStoreException e) {
log.error("Error while creating a role and adding a user for virtual_firealarm.", e);
}
}
示例4: createInternalUserRole
import org.wso2.carbon.user.api.UserStoreManager; //导入方法依赖的package包/类
/**
* Creating Internal/user Role at Carbon Server Start-up
*/
public static void createInternalUserRole(UserStoreManager userStoreManager) throws UserManagerException {
String userRole = "Internal/user";
try {
if (!userStoreManager.isExistingRole(userRole)) {
log.info("Creating internal user role: " + userRole);
//Set permissions to the Internal/user role
List<Permission> permissions = new ArrayList<Permission>();
for (String permissionResourceId : PermissionConstants.STRATOS_PERMISSIONS) {
Permission permission = new Permission(permissionResourceId, UserMgtConstants.EXECUTE_ACTION);
permissions.add(permission);
}
String[] userList = new String[]{};
userStoreManager.addRole(userRole, userList, permissions.toArray(new Permission[permissions.size()]));
}
} catch (UserStoreException e) {
String msg = "Error while creating the role: " + userRole;
log.error(msg, e);
throw new UserManagerException(msg, e);
}
}
示例5: createdConfigurationContext
import org.wso2.carbon.user.api.UserStoreManager; //导入方法依赖的package包/类
/**
* Create configuration context.
*
* @param configurationContext {@link ConfigurationContext} object
*/
public void createdConfigurationContext(ConfigurationContext configurationContext) {
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
try {
//Add the devicemgt-user and devicemgt-admin roles if not exists.
UserRealm userRealm = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm();
UserStoreManager userStoreManager =
DeviceManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId)
.getUserStoreManager();
String tenantAdminName = userRealm.getRealmConfiguration().getAdminUserName();
userStoreManager.addRole(User.DEFAULT_DEVICE_USER, null, User.PERMISSIONS_FOR_DEVICE_USER);
userStoreManager.addRole(User.DEFAULT_DEVICE_ADMIN, new String[]{tenantAdminName},
User.PERMISSIONS_FOR_DEVICE_ADMIN);
if (log.isDebugEnabled()) {
log.debug("Device management roles: " + User.DEFAULT_DEVICE_USER + ", " + User.DEFAULT_DEVICE_ADMIN +
" created for the tenant:" + tenantDomain + "."
);
log.debug("Tenant administrator: " + tenantAdminName + "@" + tenantDomain +
" is assigned to the role:" + User.DEFAULT_DEVICE_ADMIN + "."
);
}
} catch (UserStoreException e) {
log.error("Error occurred while creating roles for the tenant: " + tenantDomain + ".");
}
}
示例6: initializeTestEnvironment
import org.wso2.carbon.user.api.UserStoreManager; //导入方法依赖的package包/类
private void initializeTestEnvironment() throws UserStoreException, GroupManagementException,
RoleDoesNotExistException, DeviceNotFoundException {
//creating UI permission
Permission adminPermission = new Permission(ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION);
Permission deviceViewPermission = new Permission(NON_ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION);
UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService()
.getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager();
//Adding a non Admin User
userStoreManager.addUser(NON_ADMIN_ALLOWED_USER, PASSWORD, null, defaultUserClaims, null);
//Adding a normal user
userStoreManager.addUser(NORMAL_USER, PASSWORD, null, defaultUserClaims, null);
//Adding role with permission to Admin user
userStoreManager.addRole(ADMIN_ROLE, new String[]{ADMIN_USER}, new Permission[]{adminPermission});
//Adding role with permission to non Admin user
userStoreManager.addRole(NON_ADMIN_ROLE, new String[]{NON_ADMIN_ALLOWED_USER},
new Permission[]{deviceViewPermission});
//Creating default group
GroupManagementProviderService groupManagementProviderService = DeviceManagementDataHolder.getInstance()
.getGroupManagementProviderService();
groupManagementProviderService.createDefaultGroup(DEFAULT_GROUP);
int groupId = groupManagementProviderService.getGroup(DEFAULT_GROUP).getGroupId();
//Sharing group with admin and non admin roles
groupManagementProviderService.manageGroupSharing(groupId, new ArrayList<>(Arrays.asList(ADMIN_ROLE,
NON_ADMIN_ROLE)));
//Adding first 2 devices to the group
groupDeviceIds.add(deviceIds.get(0));
groupDeviceIds.add(deviceIds.get(1));
groupManagementProviderService.addDevices(groupId, groupDeviceIds);
}
示例7: authorizePermissionsToLoggedInUser
import org.wso2.carbon.user.api.UserStoreManager; //导入方法依赖的package包/类
/**
* Create a new role which has the same name as the destinationName and assign the logged in
* user to the newly created role. Then, authorize the newly created role to subscribe and
* publish to the destination.
*
* @param username name of the logged in user
* @param destinationName destination name. Either topic or queue name
* @param destinationId ID given to the destination
* @param userRealm the user store
* @throws UserStoreException
*/
private static void authorizePermissionsToLoggedInUser(String username, String destinationName,
String destinationId,
UserRealm userRealm) throws
UserStoreException {
//For registry we use a modified queue name
String newDestinationName = destinationName.replace("@", AT_REPLACE_CHAR);
// creating the internal role name
String roleName = UserCoreUtil.addInternalDomainName(TOPIC_ROLE_PREFIX +
newDestinationName.replace("/", "-"));
// the interface to store user data
UserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager();
if (!userStoreManager.isExistingRole(roleName)) {
String[] user = {MultitenantUtils.getTenantAwareUsername(username)};
// adds the internal role to user store
userStoreManager.addRole(roleName, user, null);
// gives subscribe permissions to the internal role in the user store
userRealm.getAuthorizationManager().authorizeRole(
roleName, destinationId, EventBrokerConstants.EB_PERMISSION_SUBSCRIBE);
// gives publish permissions to the internal role in the user store
userRealm.getAuthorizationManager().authorizeRole(
roleName, destinationId, EventBrokerConstants.EB_PERMISSION_PUBLISH);
// gives change permissions to the internal role in the user store
userRealm.getAuthorizationManager().authorizeRole(
roleName, destinationId, EventBrokerConstants.EB_PERMISSION_CHANGE_PERMISSION);
} else {
log.warn("Unable to provide permissions to the user, " +
" " + username + ", to subscribe and publish to " + newDestinationName);
}
}
示例8: authorizePermissionsToLoggedInUser
import org.wso2.carbon.user.api.UserStoreManager; //导入方法依赖的package包/类
/**
* Create a new role which has the same name as the queueName and assign the logged in
* user to the newly created role. Then, authorize the newly created role to subscribe and* * publish to the queue.
*
* @param queueName queue name
* @param queueId Id given to the queue
* @param userRealm User's Realm
* @throws QueueManagerException
*/
private static void authorizePermissionsToLoggedInUser(String queueName,
String queueId,
UserRealm userRealm)
throws QueueManagerException {
//For registry we use a modified queue name
String newQueueName = queueName.replace("@", AT_REPLACE_CHAR);
String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
try {
String roleName = UserCoreUtil.addInternalDomainName(QUEUE_ROLE_PREFIX +
queueName.replace(".", "-").replace("/", "-"));
UserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext()
.getUserRealm().getUserStoreManager();
if (!userStoreManager.isExistingRole(roleName)) {
String[] user = {MultitenantUtils.getTenantAwareUsername(username)};
userStoreManager.addRole(roleName, user, null);
userRealm.getAuthorizationManager().authorizeRole(roleName, queueId,
PERMISSION_CHANGE_PERMISSION);
userRealm.getAuthorizationManager().authorizeRole(
roleName, queueId, TreeNode.Permission.CONSUME.toString().toLowerCase());
userRealm.getAuthorizationManager().authorizeRole(
roleName, queueId, TreeNode.Permission.PUBLISH.toString().toLowerCase());
} else {
throw new QueueManagerException("Unable to provide permissions to the user, " +
" " + username + ", to subscribe and publish to " +
newQueueName);
}
} catch (UserStoreException e) {
throw new QueueManagerException("Error while creating " + newQueueName, e);
}
}
示例9: authorizePermissionsToLoggedInUser
import org.wso2.carbon.user.api.UserStoreManager; //导入方法依赖的package包/类
/**
* Create a new role which has the same name as the destinationName and assign the logged in
* user to the newly created role. Then, authorize the newly created role to subscribe and
* publish to the destination.
*
* @param username name of the logged in user
* @param destinationName destination name. Either topic or queue name
* @param destinationId ID given to the destination
* @param userRealm the user store
* @throws org.wso2.carbon.user.api.UserStoreException
*/
private static void authorizePermissionsToLoggedInUser(String username, String destinationName,
String destinationId,
UserRealm userRealm) throws
UserStoreException {
//For registry we use a modified queue name
String roleName;
String newDestinationName = destinationName.replace("@", AT_REPLACE_CHAR);
String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
// creating the internal role name
newDestinationName = newDestinationName.substring(0, 1)
.equalsIgnoreCase("/") ? newDestinationName.replaceFirst("/", "") : newDestinationName;
if (CarbonContext.getThreadLocalCarbonContext().getTenantId() >= 0) {
String destinationWithTenantDomain = tenantDomain + "/" + newDestinationName;
roleName = UserCoreUtil.addInternalDomainName(TOPIC_ROLE_PREFIX +
destinationWithTenantDomain.replace(".","-").replace("/", "-"));
} else {
roleName = UserCoreUtil.addInternalDomainName(TOPIC_ROLE_PREFIX +
newDestinationName.replace(".","-").replace("/", "-"));
}
// the interface to store user data
UserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager();
if (!userStoreManager.isExistingRole(roleName)) {
String[] user = {MultitenantUtils.getTenantAwareUsername(username)};
// adds the internal role to user store
userStoreManager.addRole(roleName, user, null);
// giving permissions to the topic and it's all hierarchy
grantPermissionToHierarchyLevel(userRealm, destinationId, roleName);
} else {
log.warn("Unable to provide permissions to the user, " +
" " + username + ", to subscribe and publish to " + newDestinationName);
}
}
示例10: authorizeQueuePermissionsToLoggedInUser
import org.wso2.carbon.user.api.UserStoreManager; //导入方法依赖的package包/类
/**
* Create a new role which has the same name as the queueName and assign the logged in
* user to the newly created role. Then, authorize the newly created role to subscribe and
* publish to the queue.
*
* @param username name of the logged in user
* @param queueName queue name
* @param queueId ID given to the queue
* @param userRealm User's Realm
* @throws UserStoreException if user store exception occurred
*/
private static void authorizeQueuePermissionsToLoggedInUser(String username, String queueName,
String queueId, UserRealm userRealm)
throws UserStoreException {
// if this is the dead letter channel user is not given permission to consume or subscribe
if (DLCQueueUtils.isDeadLetterQueue(queueName)) {
if (log.isDebugEnabled()) {
log.debug("Dead letter channel permission to subscribe or consume is not granted " +
"to users");
}
return;
}
String roleName = UserCoreUtil.addInternalDomainName(QUEUE_ROLE_PREFIX
+ queueName.replace(".","-").replace("/", "-"));
UserStoreManager userStoreManager = userRealm.getUserStoreManager();
if (!userStoreManager.isExistingRole(roleName)) {
String[] user = {MultitenantUtils.getTenantAwareUsername(username)};
userStoreManager.addRole(roleName, user, null);
authorizeRoleToPublishConsume(userRealm, roleName, queueId);
if (log.isDebugEnabled()) {
log.debug("permission granted to user = " + username + " role = " + roleName
+ " queue = " + queueName + " queueId = " + queueId);
}
} else {
log.warn("Unable to provide permissions to the user, " +
" " + username + ", to subscribe and publish to " + queueName);
}
}
示例11: authorizeTopicPermissionsToLoggedInUser
import org.wso2.carbon.user.api.UserStoreManager; //导入方法依赖的package包/类
/**
* Create a new role which has the same name as the topicName and assign the logged in
* user to the newly created role. Then, authorize the newly created role to subscribe and
* publish to the topic.
*
* @param username name of the logged in user
* @param topicName destination name. Either topic or queue name
* @param topicId Id given to the destination
* @param queueName temp queue name
* @param userRealm User's Realm
* @throws UserStoreException if user store exception occurred
*/
private static void authorizeTopicPermissionsToLoggedInUser(String username, String topicName,
String topicId, String queueName,
UserRealm userRealm)
throws UserStoreException {
String roleName = UserCoreUtil.addInternalDomainName(TOPIC_ROLE_PREFIX +
topicName.replace(".*", "").replace(".#", "")
.replace(".","-").replace("/", "-"));
UserStoreManager userStoreManager = userRealm.getUserStoreManager();
String[] user = {MultitenantUtils.getTenantAwareUsername(username)};
String tempQueueId = CommonsUtil.getQueueID(queueName);
if (!userStoreManager.isExistingRole(roleName)) {
userStoreManager.addRole(roleName, user, null);
}
boolean userShouldBeAdded = true;
for (String foundUser : userStoreManager.getUserListOfRole(roleName)) {
if (username.equals(foundUser)) {
userShouldBeAdded = false;
break;
}
}
if (userShouldBeAdded) {
userStoreManager.updateUserListOfRole(roleName, new String[0], user);
}
//giving permissions to the topic
grantPermissionToHierarchyLevel(username, userRealm, topicId, roleName);
if (isTopicSubscriberQueue(queueName)) {
//if user has add topic permission then map tmp queue with topic name because in
//consume we are getting only tmp queue name
temporaryQueueToTopicMap.put(queueName, topicName);
} else {
//Giving permissions for the durable topic queue because this has to be persist in permission table.
//We need to handle durable subscription even server shutdown and start again. We cannot maintain durable
//subscription queue permission as above in memory.
authorizeRoleToPublishConsume(userRealm, roleName, tempQueueId);
}
if (log.isDebugEnabled()) {
log.debug("permission granted to user = " + username + " role = " + roleName
+ " topic = " + topicName + " topicId = " + topicId);
}
}