airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From machris...@apache.org
Subject [airavata] 01/03: Add isUserEnabled to IamAdminServices
Date Fri, 08 Jun 2018 21:16:26 GMT
This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch group-based-auth
in repository https://gitbox.apache.org/repos/asf/airavata.git

commit a79b48465d9edc844fada683d2eb777e4eb0cf7d
Author: Marcus Christie <machristie@apache.org>
AuthorDate: Fri Jun 8 17:09:03 2018 -0400

    Add isUserEnabled to IamAdminServices
---
 .../core/impl/TenantManagementKeycloakImpl.java       | 19 +++++++++++++++++++
 .../core/interfaces/TenantManagementInterface.java    | 10 ++++++++++
 .../profile/handlers/IamAdminServicesHandler.java     | 14 ++++++++++++++
 .../iam-admin-services/iam-admin-services-cpi.thrift  |  5 +++++
 4 files changed, 48 insertions(+)

diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
index 4296bca..3e2fc1a 100644
--- a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
+++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
@@ -346,6 +346,25 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface
{
     }
 
     @Override
+    public boolean isUserAccountEnabled(PasswordCredential realmAdminCreds, String tenantId,
String username) throws IamAdminServicesException{
+        Keycloak client = null;
+        try{
+            client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
tenantId, realmAdminCreds);
+            List<UserRepresentation> userResourceList = client.realm(tenantId).users().search(username,0,1);
+            return userResourceList.size() == 1 && userResourceList.get(0).isEnabled();
+        } catch (ApplicationSettingsException ex) {
+            logger.error("Error getting values from property file, reason: " + ex.getMessage(),
ex);
+            IamAdminServicesException exception = new IamAdminServicesException();
+            exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
+            throw exception;
+        } finally {
+            if (client != null) {
+                client.close();
+            }
+        }
+    }
+
+    @Override
     public boolean resetUserPassword(PasswordCredential realmAdminCreds, String tenantId,
String username, String newPassword) throws IamAdminServicesException{
         Keycloak client = null;
         try{
diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
index 429453c..b097c04 100644
--- a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
+++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
@@ -83,6 +83,16 @@ public interface TenantManagementInterface {
     boolean enableUserAccount(PasswordCredential realmAdminCreds, String tenantId, String
username) throws IamAdminServicesException;
 
     /**
+     * Method to check if user is enabled in Identity Server
+     *
+     * @param realmAdminCreds identity server realm admin credentials
+     * @param tenantId
+     * @param username
+     * @return boolean.
+     */
+    boolean isUserAccountEnabled(PasswordCredential realmAdminCreds, String tenantId, String
username) throws IamAdminServicesException;
+
+    /**
      * Method to reset user password in Identity Server
      *
      * @param realmAdminCreds identity server realm admin credentials
diff --git a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
index 6ad75f3..1d15285 100644
--- a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
+++ b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
@@ -127,6 +127,20 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface
{
     }
 
     @Override
+    public boolean isUserEnabled(AuthzToken authzToken, String username) throws IamAdminServicesException,
AuthorizationException, TException {
+        TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
+        String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+        try {
+            PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
+            return keycloakclient.isUserAccountEnabled(isRealmAdminCredentials, gatewayId,
username);
+        } catch (TException | ApplicationSettingsException ex) {
+            String msg = "Error while checking if user account is enabled, reason: " + ex.getMessage();
+            logger.error(msg, ex);
+            throw new IamAdminServicesException(msg);
+        }
+    }
+
+    @Override
     @SecurityCheck
     public boolean resetUserPassword(AuthzToken authzToken, String username, String newPassword)
throws IamAdminServicesException, AuthorizationException, TException {
         TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
diff --git a/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift
b/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift
index d75847a..b5d9cb2 100644
--- a/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift
+++ b/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift
@@ -62,6 +62,11 @@ service IamAdminServices {
                             throws (1: iam_admin_services_cpi_errors.IamAdminServicesException
Idse,
                                                         2: airavata_errors.AuthorizationException
ae)
 
+    bool isUserEnabled(1: required security_model.AuthzToken authzToken,
+                        2: required string username)
+                            throws (1: iam_admin_services_cpi_errors.IamAdminServicesException
Idse,
+                                                        2: airavata_errors.AuthorizationException
ae)
+
     bool resetUserPassword(1: required security_model.AuthzToken authzToken,
                             2: required string username,
                             3: required string newPassword)

-- 
To stop receiving notification emails like this one, please contact
machristie@apache.org.

Mime
View raw message