Skip to content

Commit 1d7fefd

Browse files
PasinduYeshanPasinduYeshan
committed
Check claim storage location before listing users.
1 parent c5a3ce6 commit 1d7fefd

File tree

1 file changed

+75
-11
lines changed

1 file changed

+75
-11
lines changed

core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/AbstractUserStoreManager.java

Lines changed: 75 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -3172,6 +3172,22 @@ private List<String> doGetUserList(String claim, String claimValue, String profi
31723172
"matches");
31733173
}
31743174

3175+
try {
3176+
if (isIdentityStoreManagedClaim(claimManager.getClaim(claim), extractedDomain)) {
3177+
if (log.isDebugEnabled()) {
3178+
log.debug("The claim: " + claim + " is an identity store managed claim for the domain: "
3179+
+ extractedDomain + ". Hence returning empty user list.");
3180+
}
3181+
return Collections.emptyList();
3182+
}
3183+
} catch (org.wso2.carbon.user.api.UserStoreException e) {
3184+
handleGetUserListFailure(ErrorMessages.ERROR_CODE_ERROR_DURING_PRE_GET_USER_LIST.getCode(),
3185+
String.format(ErrorMessages.ERROR_CODE_ERROR_DURING_PRE_GET_USER_LIST.getMessage(),
3186+
e.getMessage()), claim, claimValue, profileName);
3187+
throw new UserStoreException(
3188+
"Error occurred while retrieving claim for claim URI: " + claim, e);
3189+
}
3190+
31753191
try {
31763192
property = claimManager.getAttributeName(extractedDomain, claim);
31773193
} catch (org.wso2.carbon.user.api.UserStoreException e) {
@@ -3416,6 +3432,22 @@ private List<User> doGetUserListWithID(String claim, String claimValue, String p
34163432
+ "matches");
34173433
}
34183434

3435+
try {
3436+
if (isIdentityStoreManagedClaim(claimManager.getClaim(claim), extractedDomain)) {
3437+
if (log.isDebugEnabled()) {
3438+
log.debug("The claim: " + claim + " is an identity store managed claim for the domain: "
3439+
+ extractedDomain + ". Hence returning empty user list.");
3440+
}
3441+
return Collections.emptyList();
3442+
}
3443+
} catch (org.wso2.carbon.user.api.UserStoreException e) {
3444+
handleGetUserListFailureWithID(ErrorMessages.ERROR_CODE_ERROR_DURING_PRE_GET_USER_LIST.getCode(),
3445+
String.format(ErrorMessages.ERROR_CODE_ERROR_DURING_PRE_GET_USER_LIST.getMessage(),
3446+
e.getMessage()), claim, claimValue, profileName);
3447+
throw new UserStoreException(
3448+
"Error occurred while retrieving claim for claim URI: " + claim, e);
3449+
}
3450+
34193451
try {
34203452
property = claimManager.getAttributeName(extractedDomain, claim);
34213453
} catch (org.wso2.carbon.user.api.UserStoreException e) {
@@ -3547,6 +3579,22 @@ private List<String> doGetUserList(String claim, String claimValue, String profi
35473579
"matches");
35483580
}
35493581

3582+
try {
3583+
if (isIdentityStoreManagedClaim(claimManager.getClaim(claim), extractedDomain)) {
3584+
if (log.isDebugEnabled()) {
3585+
log.debug("The claim: " + claim + " is an identity store managed claim for the domain: "
3586+
+ extractedDomain + ". Hence returning empty user list.");
3587+
}
3588+
return Collections.emptyList();
3589+
}
3590+
} catch (org.wso2.carbon.user.api.UserStoreException e) {
3591+
handleGetUserListFailure(ErrorMessages.ERROR_CODE_ERROR_DURING_PRE_GET_USER_LIST.getCode(),
3592+
String.format(ErrorMessages.ERROR_CODE_ERROR_DURING_PRE_GET_USER_LIST.getMessage(),
3593+
e.getMessage()), claim, claimValue, limit, offset, profileName);
3594+
throw new UserStoreException(
3595+
"Error occurred while retrieving claim for claim URI: " + claim, e);
3596+
}
3597+
35503598
try {
35513599
property = claimManager.getAttributeName(extractedDomain, claim);
35523600
} catch (org.wso2.carbon.user.api.UserStoreException e) {
@@ -17367,7 +17415,7 @@ private void mapAttributesToLocalIdentityClaims(List<ExpressionCondition> expres
1736717415
}
1736817416

1736917417
// Check if the claim is an identity store managed claim and map the attribute name to claim URI.
17370-
if (isIdentityStoreManagedClaim(mappedClaim, userStoreDomain)) {
17418+
if (isIdentityStoreManagedClaim(mappedClaim.getClaim(), userStoreDomain)) {
1737117419
expressionCondition.setAttributeName(mappedClaim.getClaim().getClaimUri());
1737217420
if (log.isDebugEnabled()) {
1737317421
log.debug("Obtained the ClaimURI " + mappedClaim.getClaim().getClaimUri() +
@@ -17382,33 +17430,33 @@ private void mapAttributesToLocalIdentityClaims(List<ExpressionCondition> expres
1738217430
* Note: This only checks the `managedInUserStore` property of the claim and `excludedUserStores` property only.
1738317431
* This doesn't check if the identity store is a user-store based or if the given user store is configured
1738417432
* to store identity claims.
17385-
* @param mappedClaim
17386-
* @return
17433+
* @param localClaim Claim to be checked.
17434+
* @param userStoreDomain User store domain.
17435+
* @return True if the claim is an identity store managed claim, false otherwise.
1738717436
*/
17388-
private boolean isIdentityStoreManagedClaim(org.wso2.carbon.user.api.ClaimMapping mappedClaim,
17389-
String userStoreDomain) {
17437+
private boolean isIdentityStoreManagedClaim(org.wso2.carbon.user.api.Claim localClaim, String userStoreDomain) {
1739017438

17391-
if (mappedClaim == null) {
17439+
if (localClaim == null) {
1739217440
return false;
1739317441
}
1739417442

17395-
Boolean managedInUserStoreValue = mappedClaim.getClaim().isManagedInUserStore();
17443+
Boolean managedInUserStoreValue = localClaim.isManagedInUserStore();
1739617444
if (managedInUserStoreValue == null) {
1739717445
if (log.isDebugEnabled()) {
1739817446
log.debug("ManagedInUserStore property is not set for the claim: " +
17399-
mappedClaim.getClaim().getClaimUri() + ". Hence defaulting to claim type storage.");
17447+
localClaim.getClaimUri() + ". Hence defaulting to claim type storage.");
1740017448
}
17401-
return mappedClaim.getClaim().getClaimUri().contains(IDENTITY_CLAIM_URI);
17449+
return localClaim.getClaimUri().contains(IDENTITY_CLAIM_URI);
1740217450
}
1740317451
if (!managedInUserStoreValue) {
1740417452
if (log.isDebugEnabled()) {
17405-
log.debug("Claim: " + mappedClaim.getClaim().getClaimUri() +
17453+
log.debug("Claim: " + localClaim.getClaimUri() +
1740617454
" is an identity store managed claim as per the ManagedInUserStore property.");
1740717455
}
1740817456
return true;
1740917457
}
1741017458

17411-
Set<String> excludedUserStores = mappedClaim.getClaim().getExcludedUserStores();
17459+
Set<String> excludedUserStores = localClaim.getExcludedUserStores();
1741217460
if (CollectionUtils.isEmpty(excludedUserStores)) {
1741317461
return false;
1741417462
}
@@ -17474,6 +17522,22 @@ private List<User> doGetUserListWithID(String claim, String claimValue, String p
1747417522
+ "matches");
1747517523
}
1747617524

17525+
try {
17526+
if (isIdentityStoreManagedClaim(claimManager.getClaim(claim), extractedDomain)) {
17527+
if (log.isDebugEnabled()) {
17528+
log.debug("The claim: " + claim + " is an identity store managed claim for the domain: "
17529+
+ extractedDomain + ". Hence returning empty user list.");
17530+
}
17531+
return Collections.emptyList();
17532+
}
17533+
} catch (org.wso2.carbon.user.api.UserStoreException e) {
17534+
handleGetUserListFailure(ErrorMessages.ERROR_CODE_ERROR_DURING_PRE_GET_USER_LIST.getCode(),
17535+
String.format(ErrorMessages.ERROR_CODE_ERROR_DURING_PRE_GET_USER_LIST.getMessage(),
17536+
e.getMessage()), claim, claimValue, limit, offset, profileName);
17537+
throw new UserStoreException(
17538+
"Error occurred while retrieving claim for claim URI: " + claim, e);
17539+
}
17540+
1747717541
try {
1747817542
property = claimManager.getAttributeName(extractedDomain, claim);
1747917543
} catch (org.wso2.carbon.user.api.UserStoreException e) {

0 commit comments

Comments
 (0)