You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2018/06/08 21:16:26 UTC
[airavata] 01/03: Add isUserEnabled to IamAdminServices
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch group-based-auth
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit a79b48465d9edc844fada683d2eb777e4eb0cf7d
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Fri Jun 8 17:09:03 2018 -0400
Add isUserEnabled to IamAdminServices
---
.../core/impl/TenantManagementKeycloakImpl.java | 19 +++++++++++++++++++
.../core/interfaces/TenantManagementInterface.java | 10 ++++++++++
.../profile/handlers/IamAdminServicesHandler.java | 14 ++++++++++++++
.../iam-admin-services/iam-admin-services-cpi.thrift | 5 +++++
4 files changed, 48 insertions(+)
diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
index 4296bca..3e2fc1a 100644
--- a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
+++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
@@ -346,6 +346,25 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface {
}
@Override
+ public boolean isUserAccountEnabled(PasswordCredential realmAdminCreds, String tenantId, String username) throws IamAdminServicesException{
+ Keycloak client = null;
+ try{
+ client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds);
+ List<UserRepresentation> userResourceList = client.realm(tenantId).users().search(username,0,1);
+ return userResourceList.size() == 1 && userResourceList.get(0).isEnabled();
+ } catch (ApplicationSettingsException ex) {
+ logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
+ IamAdminServicesException exception = new IamAdminServicesException();
+ exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
+ throw exception;
+ } finally {
+ if (client != null) {
+ client.close();
+ }
+ }
+ }
+
+ @Override
public boolean resetUserPassword(PasswordCredential realmAdminCreds, String tenantId, String username, String newPassword) throws IamAdminServicesException{
Keycloak client = null;
try{
diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
index 429453c..b097c04 100644
--- a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
+++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
@@ -83,6 +83,16 @@ public interface TenantManagementInterface {
boolean enableUserAccount(PasswordCredential realmAdminCreds, String tenantId, String username) throws IamAdminServicesException;
/**
+ * Method to check if user is enabled in Identity Server
+ *
+ * @param realmAdminCreds identity server realm admin credentials
+ * @param tenantId
+ * @param username
+ * @return boolean.
+ */
+ boolean isUserAccountEnabled(PasswordCredential realmAdminCreds, String tenantId, String username) throws IamAdminServicesException;
+
+ /**
* Method to reset user password in Identity Server
*
* @param realmAdminCreds identity server realm admin credentials
diff --git a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
index 6ad75f3..1d15285 100644
--- a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
+++ b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
@@ -127,6 +127,20 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface {
}
@Override
+ public boolean isUserEnabled(AuthzToken authzToken, String username) throws IamAdminServicesException, AuthorizationException, TException {
+ TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
+ String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+ try {
+ PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
+ return keycloakclient.isUserAccountEnabled(isRealmAdminCredentials, gatewayId, username);
+ } catch (TException | ApplicationSettingsException ex) {
+ String msg = "Error while checking if user account is enabled, reason: " + ex.getMessage();
+ logger.error(msg, ex);
+ throw new IamAdminServicesException(msg);
+ }
+ }
+
+ @Override
@SecurityCheck
public boolean resetUserPassword(AuthzToken authzToken, String username, String newPassword) throws IamAdminServicesException, AuthorizationException, TException {
TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
diff --git a/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift b/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift
index d75847a..b5d9cb2 100644
--- a/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift
+++ b/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift
@@ -62,6 +62,11 @@ service IamAdminServices {
throws (1: iam_admin_services_cpi_errors.IamAdminServicesException Idse,
2: airavata_errors.AuthorizationException ae)
+ bool isUserEnabled(1: required security_model.AuthzToken authzToken,
+ 2: required string username)
+ throws (1: iam_admin_services_cpi_errors.IamAdminServicesException Idse,
+ 2: airavata_errors.AuthorizationException ae)
+
bool resetUserPassword(1: required security_model.AuthzToken authzToken,
2: required string username,
3: required string newPassword)
--
To stop receiving notification emails like this one, please contact
machristie@apache.org.