UserMgtInitializer.java

/*
 * Copyright (c) 2007 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
 *
 *  WSO2 Inc. licenses this file to you under the Apache License,
 *  Version 2.0 (the "License"); you may not use this file except
 *  in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing,
 *  software distributed under the License is distributed on an
 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 *  KIND, either express or implied.  See the License for the
 *  specific language governing permissions and limitations
 *  under the License.
 */

package org.wso2.carbon.user.mgt.internal;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.BundleContext;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.registry.core.Collection;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.user.core.AuthorizationManager;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.mgt.UserMgtConstants;
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;

/**
 * This class performs initialization logic of the user manager
 */
public class UserMgtInitializer {

    private static final Log log = LogFactory.getLog(UserMgtInitializer.class);

    public void start(BundleContext bc, RegistryService registryService) throws Exception {
        PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        carbonContext.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
        carbonContext.setTenantId(MultitenantConstants.SUPER_TENANT_ID);

        addPermissions(registryService);
    }

    private void addPermissions(RegistryService registryService) throws Exception {

        try {
            UserRegistry registry = registryService.getGovernanceSystemRegistry();
            Map<String, String> map = new HashMap<String, String>();
            map.put(CarbonConstants.UI_PERMISSION_COLLECTION, "All Permissions");
            map.put(CarbonConstants.UI_ADMIN_PERMISSION_COLLECTION, "Admin Permissions");
            map.put(UserMgtConstants.UI_PROTECTED_PERMISSION_ROOT, "Super Admin Permissions");
            map.put(UserMgtConstants.UI_ADMIN_PERMISSION_ROOT + "manage", "Manage");
            map.put(UserMgtConstants.UI_ADMIN_PERMISSION_ROOT + "monitor", "Monitor");
            map.put(UserMgtConstants.UI_ADMIN_PERMISSION_ROOT + "manage/modify", "Configure");
            map.put(UserMgtConstants.UI_ADMIN_PERMISSION_ROOT + "manage/add", "Add");
            map.put(UserMgtConstants.UI_ADMIN_PERMISSION_ROOT + "configure", "Configure");
            map.put(UserMgtConstants.UI_ADMIN_PERMISSION_ROOT + "configure/security", "Security");
            map.put(UserMgtConstants.UI_ADMIN_PERMISSION_ROOT + "configure/security/usermgt", "Identity Management");
            map.put(UserMgtConstants.UI_ADMIN_PERMISSION_ROOT + "configure/security/usermgt/users", "User Management");
            map.put(UserMgtConstants.UI_ADMIN_PERMISSION_ROOT + "configure/security/usermgt/passwords",
                    "Password Management");
            map.put(UserMgtConstants.UI_ADMIN_PERMISSION_ROOT + "configure/security/usermgt/profiles",
                    "Profile Management");
            map.put(UserMgtConstants.UI_ADMIN_PERMISSION_ROOT + "login", "Login");

            for (Iterator<Map.Entry<String, String>> ite = map.entrySet().iterator(); ite.hasNext(); ) {
                Map.Entry<String, String> entry = ite.next();
                String resourcePath = entry.getKey();
                String displayName = entry.getValue();

                if (registry.resourceExists(resourcePath)) {
                    Resource resource = registry.get(resourcePath);
                    if (resource.getProperty(UserMgtConstants.DISPLAY_NAME) == null) {
                        resource.setProperty(UserMgtConstants.DISPLAY_NAME, displayName);
                        registry.put(resourcePath, resource);
                    }
                    continue;
                }

                Collection resource = registry.newCollection();
                resource.setProperty(UserMgtConstants.DISPLAY_NAME, displayName);
                registry.put(resourcePath, resource);

            }

            // realm is taken from the registry rather than realm service to fix
            // chrooted issues
            UserRealm realm = registry.getUserRealm();
            String adminRole = realm.getRealmConfiguration().getAdminRoleName();
            AuthorizationManager authMan = realm.getAuthorizationManager();
            if (!authMan.isRoleAuthorized(adminRole, CarbonConstants.UI_PERMISSION_COLLECTION,
                    UserMgtConstants.EXECUTE_ACTION)) {
                authMan.authorizeRole(adminRole, CarbonConstants.UI_PERMISSION_COLLECTION,
                        UserMgtConstants.EXECUTE_ACTION);
            }
        } catch (Exception e) {
            log.error("While adding management permission :: " + e.getMessage(), e);
            throw new Exception("While adding management permission :: " + e.getMessage(), e);
        }
    }
}