[prev in list] [next in list] [prev in thread] [next in thread]
List: esb-java-dev
Subject: Re: [Dev] Display the roles of a custom user store for Identity Server
From: Isura Karunaratne <isura () wso2 ! com>
Date: 2017-08-28 9:52:46
Message-ID: CAO6_PMn7mUbk4zpC+eDydN+FahvPFsdhe0ASUvq2b3Djb0jm0A () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/related)]
[Attachment #4 (multipart/alternative)]
Hi Thomas,
Here you have extended the custom user store manager from
AbstractUserStoreManger. In that case, you have to initialize
the realmConfig,dataSource, hybridRoleManager and ext.
If your custom user store manager is JDBC extended version, you can do the
customization easily by extending the JDBCUserStoreManager.
Here I have attached sample files.
Thanks
Isura.
On Mon, Aug 21, 2017 at 12:33 PM, Thomas LEGRAND <
thomas.legrand@versusmind.eu> wrote:
> Hello Isura,
>
> As I said, I modified my custom user store to prefix the names of the
> users with the domain name. So I modified, the method doListUsers to have
> the following:
>
> @Override
>> public String[] doListUsers(String filter, int maxItemLimit) throws
>> UserStoreException {
>> LOGGER.info("doListUsers()");
>> return new String[]{"CUSTOM/Lala", "CUSTOM/Toto", "CUSTOM/Titi",
>> "CUSTOM/Jeje"};
>> }
>
>
> Of course, "CUSTOM" is the defined domain name I used to configure my user
> store on the IS.
>
> So I can see list my names [1] but when I want to retrieve the roles via
> the "View roles" button in the list, I have the following stack trace and
> so, the popup in [2] which appears:
>
> [2017-08-21 08:57:16,158] INFO {fr.icl.picsel20.user.store.CustomUserStoreManager}
>> - getRoleListOfUser()
>> [2017-08-21 08:57:16,158] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager}
>> - Retrieving internal roles for user name : Jeje and search filter *
>> [2017-08-21 08:57:16,158] ERROR {org.wso2.carbon.user.core.common.AbstractUserStoreManager}
>> - Error occurred while accessing Java Security Manager Privilege Block
>> [2017-08-21 08:57:16,158] ERROR {org.wso2.carbon.user.mgt.UserRealmProxy}
>> - org.wso2.carbon.user.core.UserStoreException: Error occurred while
>> accessing Java Security Manager Privilege Block
>> [2017-08-21 08:57:16,174] ERROR {org.wso2.carbon.user.mgt.ui.UserAdminClient}
>> - Error occurred while accessing Java Security Manager Privilege Block
>> org.wso2.carbon.user.mgt.stub.UserAdminUserAdminException:
>> UserAdminUserAdminException
>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
>> Method)
>> at sun.reflect.NativeConstructorAccessorImpl.newInstance(
>> NativeConstructorAccessorImpl.java:62)
>> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(
>> DelegatingConstructorAccessorImpl.java:45)
>> at java.lang.reflect.Constructor.newInstance(Constructor.java:
>> 423)
>> at java.lang.Class.newInstance(Class.java:442)
>> at org.wso2.carbon.user.mgt.stub.UserAdminStub.getRolesOfUser(
>> UserAdminStub.java:3054)
>> at org.wso2.carbon.user.mgt.ui.UserAdminClient.getRolesOfUser(
>> UserAdminClient.java:154)
>> at org.apache.jsp.user.view_002droles_jsp._jspService(
>> view_002droles_jsp.java:263)
>> at org.apache.jasper.runtime.HttpJspBase.service(
>> HttpJspBase.java:70)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.apache.jasper.servlet.JspServletWrapper.service(
>> JspServletWrapper.java:439)
>> at org.apache.jasper.servlet.JspServlet.serviceJspFile(
>> JspServlet.java:395)
>> at org.apache.jasper.servlet.JspServlet.service(JspServlet.
>> java:339)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)
>> at org.wso2.carbon.ui.TilesJspServlet.service(
>> TilesJspServlet.java:80)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.
>> service(ContextPathServletAdaptor.java:37)
>> at org.eclipse.equinox.http.servlet.internal.
>> ServletRegistration.service(ServletRegistration.java:61)
>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.
>> processAlias(ProxyServlet.java:128)
>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.
>> service(ProxyServlet.java:68)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.
>> service(DelegationServlet.java:68)
>> at org.apache.catalina.core.ApplicationFilterChain.
>> internalDoFilter(ApplicationFilterChain.java:303)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
>> ApplicationFilterChain.java:208)
>> at org.apache.catalina.core.ApplicationDispatcher.invoke(
>> ApplicationDispatcher.java:747)
>> at org.apache.catalina.core.ApplicationDispatcher.doInclude(
>> ApplicationDispatcher.java:603)
>> at org.apache.catalina.core.ApplicationDispatcher.include(
>> ApplicationDispatcher.java:542)
>> at org.eclipse.equinox.http.servlet.internal.
>> RequestDispatcherAdaptor.include(RequestDispatcherAdaptor.java:37)
>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor$
>> RequestDispatcherAdaptor.include(ContextPathServletAdaptor.java:369)
>> at org.apache.jasper.runtime.JspRuntimeLibrary.include(
>> JspRuntimeLibrary.java:897)
>> at org.apache.jasper.runtime.PageContextImpl.doInclude(
>> PageContextImpl.java:688)
>> at org.apache.jasper.runtime.PageContextImpl.include(
>> PageContextImpl.java:682)
>> at sun.reflect.GeneratedMethodAccessor90.invoke(Unknown Source)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
>> DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> at org.apache.tiles.jsp.context.JspUtil.doInclude(JspUtil.
>> java:87)
>> at org.apache.tiles.jsp.context.JspTilesRequestContext.include(
>> JspTilesRequestContext.java:88)
>> at org.apache.tiles.jsp.context.JspTilesRequestContext.dispatch(
>> JspTilesRequestContext.java:82)
>> at org.apache.tiles.impl.BasicTilesContainer.render(
>> BasicTilesContainer.java:465)
>> at org.apache.tiles.jsp.taglib.InsertAttributeTag.render(
>> InsertAttributeTag.java:140)
>> at org.apache.tiles.jsp.taglib.InsertAttributeTag.render(
>> InsertAttributeTag.java:117)
>> at org.apache.tiles.jsp.taglib.RenderTagSupport.execute(
>> RenderTagSupport.java:171)
>> at org.apache.tiles.jsp.taglib.RoleSecurityTagSupport.doEndTag(
>> RoleSecurityTagSupport.java:75)
>> at org.apache.tiles.jsp.taglib.ContainerTagSupport.doEndTag(
>> ContainerTagSupport.java:80)
>> at org.apache.jsp.admin.layout.template_jsp._jspx_meth_tiles_
>> 005finsertAttribute_005f7(template_jsp.java:690)
>> at org.apache.jsp.admin.layout.template_jsp._jspService(
>> template_jsp.java:380)
>> at org.apache.jasper.runtime.HttpJspBase.service(
>> HttpJspBase.java:70)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.apache.jasper.servlet.JspServletWrapper.service(
>> JspServletWrapper.java:439)
>> at org.apache.jasper.servlet.JspServlet.serviceJspFile(
>> JspServlet.java:395)
>> at org.apache.jasper.servlet.JspServlet.service(JspServlet.
>> java:339)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)
>> at org.wso2.carbon.ui.TilesJspServlet.service(
>> TilesJspServlet.java:80)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.
>> service(ContextPathServletAdaptor.java:37)
>> at org.eclipse.equinox.http.servlet.internal.
>> ServletRegistration.service(ServletRegistration.java:61)
>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.
>> processAlias(ProxyServlet.java:128)
>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.
>> service(ProxyServlet.java:68)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.
>> service(DelegationServlet.java:68)
>> at org.apache.catalina.core.ApplicationFilterChain.
>> internalDoFilter(ApplicationFilterChain.java:303)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
>> ApplicationFilterChain.java:208)
>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(
>> WsFilter.java:52)
>> at org.apache.catalina.core.ApplicationFilterChain.
>> internalDoFilter(ApplicationFilterChain.java:241)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
>> ApplicationFilterChain.java:208)
>> at org.apache.catalina.core.ApplicationDispatcher.invoke(
>> ApplicationDispatcher.java:747)
>> at org.apache.catalina.core.ApplicationDispatcher.processRequest(
>> ApplicationDispatcher.java:485)
>> at org.apache.catalina.core.ApplicationDispatcher.doForward(
>> ApplicationDispatcher.java:410)
>> at org.apache.catalina.core.ApplicationDispatcher.forward(
>> ApplicationDispatcher.java:337)
>> at org.eclipse.equinox.http.servlet.internal.
>> RequestDispatcherAdaptor.forward(RequestDispatcherAdaptor.java:30)
>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor$
>> RequestDispatcherAdaptor.forward(ContextPathServletAdaptor.java:362)
>> at org.apache.tiles.servlet.context.ServletTilesRequestContext.
>> forward(ServletTilesRequestContext.java:198)
>> at org.apache.tiles.servlet.context.ServletTilesRequestContext.
>> dispatch(ServletTilesRequestContext.java:185)
>> at org.apache.tiles.impl.BasicTilesContainer.render(
>> BasicTilesContainer.java:419)
>> at org.apache.tiles.impl.BasicTilesContainer.render(
>> BasicTilesContainer.java:370)
>> at org.wso2.carbon.ui.action.ActionHelper.render(
>> ActionHelper.java:52)
>> at org.wso2.carbon.ui.TilesJspServlet.service(
>> TilesJspServlet.java:101)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.
>> service(ContextPathServletAdaptor.java:37)
>> at org.eclipse.equinox.http.servlet.internal.
>> ServletRegistration.service(ServletRegistration.java:61)
>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.
>> processAlias(ProxyServlet.java:128)
>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.
>> service(ProxyServlet.java:68)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.
>> service(DelegationServlet.java:68)
>> at org.apache.catalina.core.ApplicationFilterChain.
>> internalDoFilter(ApplicationFilterChain.java:303)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
>> ApplicationFilterChain.java:208)
>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(
>> WsFilter.java:52)
>> at org.apache.catalina.core.ApplicationFilterChain.
>> internalDoFilter(ApplicationFilterChain.java:241)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
>> ApplicationFilterChain.java:208)
>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(
>> HttpHeaderSecurityFilter.java:120)
>> at org.apache.catalina.core.ApplicationFilterChain.
>> internalDoFilter(ApplicationFilterChain.java:241)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
>> ApplicationFilterChain.java:208)
>> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.
>> doFilter(CharacterSetFilter.java:61)
>> at org.apache.catalina.core.ApplicationFilterChain.
>> internalDoFilter(ApplicationFilterChain.java:241)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
>> ApplicationFilterChain.java:208)
>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(
>> HttpHeaderSecurityFilter.java:120)
>> at org.apache.catalina.core.ApplicationFilterChain.
>> internalDoFilter(ApplicationFilterChain.java:241)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
>> ApplicationFilterChain.java:208)
>> at org.apache.catalina.core.StandardWrapperValve.invoke(
>> StandardWrapperValve.java:218)
>> at org.apache.catalina.core.StandardContextValve.invoke(
>> StandardContextValve.java:122)
>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(
>> AuthenticatorBase.java:505)
>> at org.apache.catalina.core.StandardHostValve.invoke(
>> StandardHostValve.java:169)
>> at org.apache.catalina.valves.ErrorReportValve.invoke(
>> ErrorReportValve.java:103)
>> at org.wso2.carbon.identity.context.rewrite.valve.
>> TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:72)
>> at org.wso2.carbon.identity.authz.valve.
>> AuthorizationValve.invoke(AuthorizationValve.java:91)
>> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.
>> invoke(AuthenticationValve.java:60)
>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.
>> continueInvocation(CompositeValve.java:99)
>> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.
>> invoke(CarbonTomcatValve.java:47)
>> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(
>> TenantLazyLoaderValve.java:57)
>> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.
>> invokeValves(TomcatValveContainer.java:47)
>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(
>> CompositeValve.java:62)
>> at org.wso2.carbon.tomcat.ext.valves.
>> CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValv
>> e.java:159)
>> at org.apache.catalina.valves.AccessLogValve.invoke(
>> AccessLogValve.java:958)
>> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.
>> invoke(CarbonContextCreatorValve.java:57)
>> at org.apache.catalina.core.StandardEngineValve.invoke(
>> StandardEngineValve.java:116)
>> at org.apache.catalina.connector.CoyoteAdapter.service(
>> CoyoteAdapter.java:452)
>> at org.apache.coyote.http11.AbstractHttp11Processor.process(
>> AbstractHttp11Processor.java:1087)
>> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.
>> process(AbstractProtocol.java:637)
>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.
>> doRun(NioEndpoint.java:1756)
>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.
>> run(NioEndpoint.java:1715)
>> at java.util.concurrent.ThreadPoolExecutor.runWorker(
>> ThreadPoolExecutor.java:1142)
>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
>> ThreadPoolExecutor.java:617)
>> at org.apache.tomcat.util.threads.TaskThread$
>> WrappingRunnable.run(TaskThread.java:61)
>> at java.lang.Thread.run(Thread.java:745)
>> [2017-08-21 08:57:18,386] INFO {fr.icl.picsel20.user.store.CustomUserStoreManager}
>> - doListUsers()
>
>
>
> Regards,
>
> Thomas
>
> [1][image: Images intégrées 4]
>
>
> [2] [image: Images intégrées 2]
>
> 2017-08-21 6:19 GMT+02:00 Isura Karunaratne <isura@wso2.com>:
>
>> Hi Thomas,
>>
>> It is wrong to set tenantId as follows for carbon.super tenant. Super
>> tenant's tenantID is -1234. Can you attach full exception stacktrace.
>>
>> carbonContext.setTenantId(64302);
>>
>>
>> Thanks
>> Isura.
>>
>> On Fri, Aug 18, 2017 at 6:50 PM, Thomas LEGRAND <
>> thomas.legrand@versusmind.eu> wrote:
>>
>>> Hello there,
>>>
>>> I found the problem concerning the roles. The Identity Server calls the
>>> primary user store because the usernames in the list aren't prefixed with
>>> the domain of the secondary store (which is my custom user store).
>>> So I modified it and I enter into the method.
>>>
>>> Now, I have this weird exception I never encountered before:
>>>
>>> [2017-08-18 15:16:04,866] ERROR {org.wso2.carbon.user.core.common.AbstractUserStoreManager}
>>> - Error occurred while accessing Java Security Manager Privilege Block
>>> [2017-08-18 15:16:04,867] ERROR {org.wso2.carbon.user.mgt.UserRealmProxy}
>>> - org.wso2.carbon.user.core.UserStoreException: Error occurred while
>>> accessing Java Security Manager Privilege Block
>>> [2017-08-18 15:16:04,881] ERROR {org.wso2.carbon.user.mgt.ui.UserAdminClient}
>>> - Error occurred while accessing Java Security Manager Privilege Block
>>>
>>> Regards,
>>>
>>> Thomas
>>>
>>> 2017-08-18 14:35 GMT+02:00 Thomas LEGRAND <thomas.legrand@versusmind.eu>
>>> :
>>>
>>>> Hello Isura!
>>>>
>>>> I did override the methods except the doGetInternalRoleListOfUser
>>>> because the AbstractUserStoreManager already implements it.
>>>>
>>>> Here is my custom store manager in [1] and my "internal" class in [2].
>>>> In [3], you will have the user store properties managed by my user store.
>>>>
>>>> The goal of the test is to retrieve the roles of a user from the
>>>> secondary user store implemented by this code by using the interface of the
>>>> identity server. So you will have a "getRoleListOfUser()" which appears in
>>>> the logs.
>>>>
>>>> [1] CustomUserStoreManager.java
>>>> [2] CustomUserStoreManagerDSComponent.java
>>>> [3] CustomUserStoreProperties.java
>>>>
>>>> 2017-08-18 12:10 GMT+02:00 Isura Karunaratne <isura@wso2.com>:
>>>>
>>>>> Hi Thomas,
>>>>>
>>>>> Did you override doCheckExistingUser method in your custom user store
>>>>> manager? In order to view the roles list of the user, following methods
>>>>> should be overridden.
>>>>>
>>>>>
>>>>> -
>>>>>
>>>>> doCheckExistingUser
>>>>>
>>>>> -
>>>>>
>>>>> doGetExternalRoleListOfUser
>>>>>
>>>>> -
>>>>>
>>>>> doGetInternalRoleListOfUser
>>>>>
>>>>>
>>>>>
>>>>> If the issue still occurs after overriding the doCheckExistingUser
>>>>> method, please attach your sample code. So we can help you faster.
>>>>>
>>>>> Thanks
>>>>> Isura.
>>>>>
>>>>> On Fri, Aug 18, 2017 at 3:09 PM, Thomas LEGRAND <
>>>>> thomas.legrand@versusmind.eu> wrote:
>>>>>
>>>>>> Hello again!
>>>>>>
>>>>>> During my tests, I "reinstalled" a new Identity Server v5.3.0 where I
>>>>>> let the default configuration for the primary user store.
>>>>>> I configured my custom secondary user store which retrieves data from
>>>>>> a database. This custom user store is implemented by extending te
>>>>>> AbstractUserStoreManager class and I generated a OSGi bundle which I
>>>>>> dropped in the repository/components/dropins directory.
>>>>>>
>>>>>> So I can see my list of users coming from this user store when I
>>>>>> display it from the identity server. But, when I want to display the roles
>>>>>> of a suer, I noticed that the primary user store is called (in my case,
>>>>>> that was the default org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager
>>>>>> configured in the user-mgt.xml configuration file) to check if the user
>>>>>> existed and to retrieve its roles.
>>>>>>
>>>>>> Did I miss something in my implementation of the user store to have
>>>>>> the effect of the primary user store taking the lead to retrieve the roles
>>>>>> physically located on the secondary user store?
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Thomas
>>>>>>
>>>>>> 2017-08-17 11:22 GMT+02:00 Thomas LEGRAND <
>>>>>> thomas.legrand@versusmind.eu>:
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I really don't understand why my "external" roles don't appear in
>>>>>>> the list and why no role methods are called in my connector because, when I
>>>>>>> configure a LDAP one, I can see the roles retrieved from the LDAP are
>>>>>>> listed with the internal ones.
>>>>>>>
>>>>>>> I set the log level to DEBUG to see that the LDAP user store is
>>>>>>> calling the internal role retrieval method before checking if the user
>>>>>>> exists:
>>>>>>>
>>>>>>> [2017-08-17 11:18:00,647] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager}
>>>>>>> - Retrieving internal roles for user name : a.bresson and search filter *
>>>>>>> [2017-08-17 11:18:00,648] DEBUG {org.wso2.carbon.user.core.lda
>>>>>>> p.ReadOnlyLDAPUserStoreManager} - Searching for user a.bresson
>>>>>>>
>>>>>>> But in my case, the user check method isn't even called!
>>>>>>>
>>>>>>> If I continue with the logs, I can see that:
>>>>>>>
>>>>>>> [2017-08-17 11:18:00,653] DEBUG {org.wso2.carbon.user.core.lda
>>>>>>> p.ReadOnlyLDAPUserStoreManager} - Reading roles with the
>>>>>>> memberOfProperty Property: memberOf
>>>>>>>
>>>>>>> Following this source code [1], it seems that it executes the method
>>>>>>> to retrieve the external roles. On my side, in my own connector, that does
>>>>>>> not even go there because it doesn't even check if the user exists.
>>>>>>>
>>>>>>> What am I missing?
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>> Thomas
>>>>>>>
>>>>>>> [1] https://github.com/biliroy/carbon4-kernel/blob/master/co
>>>>>>> re/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/u
>>>>>>> ser/core/ldap/ReadOnlyLDAPUserStoreManager.java#L1724
>>>>>>>
>>>>>>> 2017-08-16 9:56 GMT+02:00 Thomas LEGRAND <
>>>>>>> thomas.legrand@versusmind.eu>:
>>>>>>>
>>>>>>>> Hello everybody,
>>>>>>>>
>>>>>>>> I am writing a custom user store for the Identity Server and I
>>>>>>>> successfully retrieved my list of users from my database. But when I try to
>>>>>>>> display the roles of a user by clicking on the "View Roles" button [1],
>>>>>>>> only the internal roles are displayed.
>>>>>>>> I implemented the methods doGetExternalRoleListOfUser(),
>>>>>>>> doGetDisplayNamesForInternalRole(), doGetSharedRoleListOfUser()
>>>>>>>> to log something on the INFO level but nothing happens.
>>>>>>>>
>>>>>>>> Can someone tell me which method to implement?
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>>
>>>>>>>> Thomas
>>>>>>>>
>>>>>>>> [1] [image: Images intégrées 1]
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Dev mailing list
>>>>>> Dev@wso2.org
>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> *Isura Dilhara Karunaratne*
>>>>> Associate Technical Lead | WSO2
>>>>> Email: isura@wso2.com
>>>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>>>> Blog : http://isurad.blogspot.com/
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>>
>> --
>>
>> *Isura Dilhara Karunaratne*
>> Associate Technical Lead | WSO2
>> Email: isura@wso2.com
>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>> Blog : http://isurad.blogspot.com/
>>
>>
>>
>>
>
--
*Isura Dilhara Karunaratne*
Associate Technical Lead | WSO2
Email: isura@wso2.com
Mob : +94 772 254 810
Blog : http://isurad.blogspot.com/
[Attachment #7 (text/html)]
<div dir="ltr">Hi Thomas,<div><br></div><div>Here you have extended the custom user \
store manager from AbstractUserStoreManger. In that case, you have to initialize the \
realmConfig,dataSource, hybridRoleManager and ext.<br></div><div><br></div><div>If \
your custom user store manager is JDBC extended version, you can do the customization \
easily by extending the \
JDBCUserStoreManager.</div><div><br></div><div><br></div><div>Here I have attached \
sample files.</div><div><br></div><div>Thanks</div><div>Isura. \
</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div \
class="gmail_quote">On Mon, Aug 21, 2017 at 12:33 PM, Thomas LEGRAND <span \
dir="ltr"><<a href="mailto:thomas.legrand@versusmind.eu" \
target="_blank">thomas.legrand@versusmind.eu</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Hello Isura,<div><br></div><div>As I said, I \
modified my custom user store to prefix the names of the users with the domain name. \
So I modified, the method doListUsers to have the \
following:</div><div><br></div><div><blockquote class="gmail_quote" style="margin:0px \
0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">@Override<br>public String[] doListUsers(String \
filter, int maxItemLimit) throws UserStoreException {<br><span \
style="white-space:pre-wrap"> </span>LOGGER.info("doListUsers()");<br><span \
style="white-space:pre-wrap"> </span>return new String[]{"CUSTOM/Lala", \
"CUSTOM/Toto", "CUSTOM/Titi", \
"CUSTOM/Jeje"};<br>}</blockquote><div><br></div><div>Of course, \
"CUSTOM" is the defined domain name I used to configure my user store on \
the IS.</div><div><br></div><div>So I can see list my names [1] but when I want to \
retrieve the roles via the "View roles" button in the list, I have the \
following stack trace and so, the popup in [2] which \
appears:</div><div><br></div><div><blockquote class="gmail_quote" style="margin:0px \
0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">[2017-08-21 \
08:57:16,158] INFO {fr.icl.picsel20.user.store.<wbr>CustomUserStoreManager} - \
getRoleListOfUser()<br>[2017-08-21 08:57:16,158] DEBUG \
{org.wso2.carbon.user.core.<wbr>common.<wbr>AbstractUserStoreManager} - Retrieving \
internal roles for user name : Jeje and search filter *<br>[2017-08-21 \
08:57:16,158] ERROR {org.wso2.carbon.user.core.<wbr>common.<wbr>AbstractUserStoreManager} \
- Error occurred while accessing Java Security Manager Privilege \
Block<br>[2017-08-21 08:57:16,158] ERROR \
{org.wso2.carbon.user.mgt.<wbr>UserRealmProxy} - \
org.wso2.carbon.user.core.<wbr>UserStoreException: Error occurred while accessing \
Java Security Manager Privilege Block<br>[2017-08-21 08:57:16,174] ERROR \
{org.wso2.carbon.user.mgt.ui.<wbr>UserAdminClient} - Error occurred while accessing \
Java Security Manager Privilege \
Block<br>org.wso2.carbon.user.mgt.stub.<wbr>UserAdminUserAdminException: \
UserAdminUserAdminException<br> at \
sun.reflect.<wbr>NativeConstructorAccessorImpl.<wbr>newInstance0(Native Method)<br> \
at sun.reflect.<wbr>NativeConstructorAccessorImpl.<wbr>newInstance(<wbr>NativeConstructorAccessorImpl.<wbr>java:62)<br> \
at sun.reflect.<wbr>DelegatingConstructorAccessorI<wbr>mpl.newInstance(<wbr>DelegatingConstructorAccessorI<wbr>mpl.java:45)<br> \
at java.lang.reflect.Constructor.<wbr>newInstance(Constructor.java:<wbr>423)<br> \
at java.lang.Class.newInstance(<wbr>Class.java:442)<br> at \
org.wso2.carbon.user.mgt.stub.<wbr>UserAdminStub.getRolesOfUser(<wbr>UserAdminStub.java:3054)<br> \
at org.wso2.carbon.user.mgt.ui.<wbr>UserAdminClient.<wbr>getRolesOfUser(<wbr>UserAdminClient.java:154)<br> \
at org.apache.jsp.user.view_<wbr>002droles_jsp._jspService(<wbr>view_002droles_jsp.java:263)<br> \
at org.apache.jasper.runtime.<wbr>HttpJspBase.service(<wbr>HttpJspBase.java:70)<br> \
at javax.servlet.http.<wbr>HttpServlet.service(<wbr>HttpServlet.java:731)<br> \
at org.apache.jasper.servlet.<wbr>JspServletWrapper.service(<wbr>JspServletWrapper.java:439)<br> \
at org.apache.jasper.servlet.<wbr>JspServlet.serviceJspFile(<wbr>JspServlet.java:395)<br> \
at org.apache.jasper.servlet.<wbr>JspServlet.service(JspServlet.<wbr>java:339)<br> \
at javax.servlet.http.<wbr>HttpServlet.service(<wbr>HttpServlet.java:731)<br> \
at org.wso2.carbon.ui.JspServlet.<wbr>service(JspServlet.java:155)<br> at \
org.wso2.carbon.ui.<wbr>TilesJspServlet.service(<wbr>TilesJspServlet.java:80)<br> \
at javax.servlet.http.<wbr>HttpServlet.service(<wbr>HttpServlet.java:731)<br> \
at org.eclipse.equinox.http.<wbr>helper.<wbr>ContextPathServletAdaptor.<wbr>service(<wbr>ContextPathServletAdaptor.<wbr>java:37)<br> \
at org.eclipse.equinox.http.<wbr>servlet.internal.<wbr>ServletRegistration.service(<wbr>ServletRegistration.java:61)<br> \
at org.eclipse.equinox.http.<wbr>servlet.internal.ProxyServlet.<wbr>processAlias(ProxyServlet.<wbr>java:128)<br> \
at org.eclipse.equinox.http.<wbr>servlet.internal.ProxyServlet.<wbr>service(ProxyServlet.java:68)<br> \
at javax.servlet.http.<wbr>HttpServlet.service(<wbr>HttpServlet.java:731)<br> \
at org.wso2.carbon.tomcat.ext.<wbr>servlet.DelegationServlet.<wbr>service(DelegationServlet.<wbr>java:68)<br> \
at org.apache.catalina.core.<wbr>ApplicationFilterChain.<wbr>internalDoFilter(<wbr>ApplicationFilterChain.java:<wbr>303)<br> \
at org.apache.catalina.core.<wbr>ApplicationFilterChain.<wbr>doFilter(<wbr>ApplicationFilterChain.java:<wbr>208)<br> \
at org.apache.catalina.core.<wbr>ApplicationDispatcher.invoke(<wbr>ApplicationDispatcher.java:<wbr>747)<br> \
at org.apache.catalina.core.<wbr>ApplicationDispatcher.<wbr>doInclude(<wbr>ApplicationDispatcher.java:<wbr>603)<br> \
at org.apache.catalina.core.<wbr>ApplicationDispatcher.include(<wbr>ApplicationDispatcher.java:<wbr>542)<br> \
at org.eclipse.equinox.http.<wbr>servlet.internal.<wbr>RequestDispatcherAdaptor.<wbr>include(<wbr>RequestDispatcherAdaptor.java:<wbr>37)<br> \
at org.eclipse.equinox.http.<wbr>helper.<wbr>ContextPathServletAdaptor$<wbr>RequestDispatcherAdaptor.<wbr>include(<wbr>ContextPathServletAdaptor.<wbr>java:369)<br> \
at org.apache.jasper.runtime.<wbr>JspRuntimeLibrary.include(<wbr>JspRuntimeLibrary.java:897)<br> \
at org.apache.jasper.runtime.<wbr>PageContextImpl.doInclude(<wbr>PageContextImpl.java:688)<br> \
at org.apache.jasper.runtime.<wbr>PageContextImpl.include(<wbr>PageContextImpl.java:682)<br> \
at sun.reflect.<wbr>GeneratedMethodAccessor90.<wbr>invoke(Unknown Source)<br> \
at sun.reflect.<wbr>DelegatingMethodAccessorImpl.<wbr>invoke(<wbr>DelegatingMethodAccessorImpl.<wbr>java:43)<br> \
at java.lang.reflect.Method.<wbr>invoke(Method.java:498)<br> at \
org.apache.tiles.jsp.context.<wbr>JspUtil.doInclude(JspUtil.<wbr>java:87)<br> \
at org.apache.tiles.jsp.context.<wbr>JspTilesRequestContext.<wbr>include(<wbr>JspTilesRequestContext.java:<wbr>88)<br> \
at org.apache.tiles.jsp.context.<wbr>JspTilesRequestContext.<wbr>dispatch(<wbr>JspTilesRequestContext.java:<wbr>82)<br> \
at org.apache.tiles.impl.<wbr>BasicTilesContainer.render(<wbr>BasicTilesContainer.java:465)<br> \
at org.apache.tiles.jsp.taglib.<wbr>InsertAttributeTag.render(<wbr>InsertAttributeTag.java:140)<br> \
at org.apache.tiles.jsp.taglib.<wbr>InsertAttributeTag.render(<wbr>InsertAttributeTag.java:117)<br> \
at org.apache.tiles.jsp.taglib.<wbr>RenderTagSupport.execute(<wbr>RenderTagSupport.java:171)<br> \
at org.apache.tiles.jsp.taglib.<wbr>RoleSecurityTagSupport.<wbr>doEndTag(<wbr>RoleSecurityTagSupport.java:<wbr>75)<br> \
at org.apache.tiles.jsp.taglib.<wbr>ContainerTagSupport.doEndTag(<wbr>ContainerTagSupport.java:80)<br> \
at org.apache.jsp.admin.layout.<wbr>template_jsp._jspx_meth_tiles_<wbr>005finsertAttribute_005f7(<wbr>template_jsp.java:690)<br> \
at org.apache.jsp.admin.layout.<wbr>template_jsp._jspService(<wbr>template_jsp.java:380)<br> \
at org.apache.jasper.runtime.<wbr>HttpJspBase.service(<wbr>HttpJspBase.java:70)<br> \
at javax.servlet.http.<wbr>HttpServlet.service(<wbr>HttpServlet.java:731)<br> \
at org.apache.jasper.servlet.<wbr>JspServletWrapper.service(<wbr>JspServletWrapper.java:439)<br> \
at org.apache.jasper.servlet.<wbr>JspServlet.serviceJspFile(<wbr>JspServlet.java:395)<br> \
at org.apache.jasper.servlet.<wbr>JspServlet.service(JspServlet.<wbr>java:339)<br> \
at javax.servlet.http.<wbr>HttpServlet.service(<wbr>HttpServlet.java:731)<br> \
at org.wso2.carbon.ui.JspServlet.<wbr>service(JspServlet.java:155)<br> at \
org.wso2.carbon.ui.<wbr>TilesJspServlet.service(<wbr>TilesJspServlet.java:80)<br> \
at javax.servlet.http.<wbr>HttpServlet.service(<wbr>HttpServlet.java:731)<br> \
at org.eclipse.equinox.http.<wbr>helper.<wbr>ContextPathServletAdaptor.<wbr>service(<wbr>ContextPathServletAdaptor.<wbr>java:37)<br> \
at org.eclipse.equinox.http.<wbr>servlet.internal.<wbr>ServletRegistration.service(<wbr>ServletRegistration.java:61)<br> \
at org.eclipse.equinox.http.<wbr>servlet.internal.ProxyServlet.<wbr>processAlias(ProxyServlet.<wbr>java:128)<br> \
at org.eclipse.equinox.http.<wbr>servlet.internal.ProxyServlet.<wbr>service(ProxyServlet.java:68)<br> \
at javax.servlet.http.<wbr>HttpServlet.service(<wbr>HttpServlet.java:731)<br> \
at org.wso2.carbon.tomcat.ext.<wbr>servlet.DelegationServlet.<wbr>service(DelegationServlet.<wbr>java:68)<br> \
at org.apache.catalina.core.<wbr>ApplicationFilterChain.<wbr>internalDoFilter(<wbr>ApplicationFilterChain.java:<wbr>303)<br> \
at org.apache.catalina.core.<wbr>ApplicationFilterChain.<wbr>doFilter(<wbr>ApplicationFilterChain.java:<wbr>208)<br> \
at org.apache.tomcat.websocket.<wbr>server.WsFilter.doFilter(<wbr>WsFilter.java:52)<br> \
at org.apache.catalina.core.<wbr>ApplicationFilterChain.<wbr>internalDoFilter(<wbr>ApplicationFilterChain.java:<wbr>241)<br> \
at org.apache.catalina.core.<wbr>ApplicationFilterChain.<wbr>doFilter(<wbr>ApplicationFilterChain.java:<wbr>208)<br> \
at org.apache.catalina.core.<wbr>ApplicationDispatcher.invoke(<wbr>ApplicationDispatcher.java:<wbr>747)<br> \
at org.apache.catalina.core.<wbr>ApplicationDispatcher.<wbr>processRequest(<wbr>ApplicationDispatcher.java:<wbr>485)<br> \
at org.apache.catalina.core.<wbr>ApplicationDispatcher.<wbr>doForward(<wbr>ApplicationDispatcher.java:<wbr>410)<br> \
at org.apache.catalina.core.<wbr>ApplicationDispatcher.forward(<wbr>ApplicationDispatcher.java:<wbr>337)<br> \
at org.eclipse.equinox.http.<wbr>servlet.internal.<wbr>RequestDispatcherAdaptor.<wbr>forward(<wbr>RequestDispatcherAdaptor.java:<wbr>30)<br> \
at org.eclipse.equinox.http.<wbr>helper.<wbr>ContextPathServletAdaptor$<wbr>RequestDispatcherAdaptor.<wbr>forward(<wbr>ContextPathServletAdaptor.<wbr>java:362)<br> \
at org.apache.tiles.servlet.<wbr>context.<wbr>ServletTilesRequestContext.<wbr>forward(<wbr>ServletTilesRequestContext.<wbr>java:198)<br> \
at org.apache.tiles.servlet.<wbr>context.<wbr>ServletTilesRequestContext.<wbr>dispatch(<wbr>ServletTilesRequestContext.<wbr>java:185)<br> \
at org.apache.tiles.impl.<wbr>BasicTilesContainer.render(<wbr>BasicTilesContainer.java:419)<br> \
at org.apache.tiles.impl.<wbr>BasicTilesContainer.render(<wbr>BasicTilesContainer.java:370)<br> \
at org.wso2.carbon.ui.action.<wbr>ActionHelper.render(<wbr>ActionHelper.java:52)<br> \
at org.wso2.carbon.ui.<wbr>TilesJspServlet.service(<wbr>TilesJspServlet.java:101)<br> \
at javax.servlet.http.<wbr>HttpServlet.service(<wbr>HttpServlet.java:731)<br> \
at org.eclipse.equinox.http.<wbr>helper.<wbr>ContextPathServletAdaptor.<wbr>service(<wbr>ContextPathServletAdaptor.<wbr>java:37)<br> \
at org.eclipse.equinox.http.<wbr>servlet.internal.<wbr>ServletRegistration.service(<wbr>ServletRegistration.java:61)<br> \
at org.eclipse.equinox.http.<wbr>servlet.internal.ProxyServlet.<wbr>processAlias(ProxyServlet.<wbr>java:128)<br> \
at org.eclipse.equinox.http.<wbr>servlet.internal.ProxyServlet.<wbr>service(ProxyServlet.java:68)<br> \
at javax.servlet.http.<wbr>HttpServlet.service(<wbr>HttpServlet.java:731)<br> \
at org.wso2.carbon.tomcat.ext.<wbr>servlet.DelegationServlet.<wbr>service(DelegationServlet.<wbr>java:68)<br> \
at org.apache.catalina.core.<wbr>ApplicationFilterChain.<wbr>internalDoFilter(<wbr>ApplicationFilterChain.java:<wbr>303)<br> \
at org.apache.catalina.core.<wbr>ApplicationFilterChain.<wbr>doFilter(<wbr>ApplicationFilterChain.java:<wbr>208)<br> \
at org.apache.tomcat.websocket.<wbr>server.WsFilter.doFilter(<wbr>WsFilter.java:52)<br> \
at org.apache.catalina.core.<wbr>ApplicationFilterChain.<wbr>internalDoFilter(<wbr>ApplicationFilterChain.java:<wbr>241)<br> \
at org.apache.catalina.core.<wbr>ApplicationFilterChain.<wbr>doFilter(<wbr>ApplicationFilterChain.java:<wbr>208)<br> \
at org.apache.catalina.filters.<wbr>HttpHeaderSecurityFilter.<wbr>doFilter(<wbr>HttpHeaderSecurityFilter.java:<wbr>120)<br> \
at org.apache.catalina.core.<wbr>ApplicationFilterChain.<wbr>internalDoFilter(<wbr>ApplicationFilterChain.java:<wbr>241)<br> \
at org.apache.catalina.core.<wbr>ApplicationFilterChain.<wbr>doFilter(<wbr>ApplicationFilterChain.java:<wbr>208)<br> \
at org.wso2.carbon.tomcat.ext.<wbr>filter.CharacterSetFilter.<wbr>doFilter(CharacterSetFilter.<wbr>java:61)<br> \
at org.apache.catalina.core.<wbr>ApplicationFilterChain.<wbr>internalDoFilter(<wbr>ApplicationFilterChain.java:<wbr>241)<br> \
at org.apache.catalina.core.<wbr>ApplicationFilterChain.<wbr>doFilter(<wbr>ApplicationFilterChain.java:<wbr>208)<br> \
at org.apache.catalina.filters.<wbr>HttpHeaderSecurityFilter.<wbr>doFilter(<wbr>HttpHeaderSecurityFilter.java:<wbr>120)<br> \
at org.apache.catalina.core.<wbr>ApplicationFilterChain.<wbr>internalDoFilter(<wbr>ApplicationFilterChain.java:<wbr>241)<br> \
at org.apache.catalina.core.<wbr>ApplicationFilterChain.<wbr>doFilter(<wbr>ApplicationFilterChain.java:<wbr>208)<br> \
at org.apache.catalina.core.<wbr>StandardWrapperValve.invoke(<wbr>StandardWrapperValve.java:218)<br> \
at org.apache.catalina.core.<wbr>StandardContextValve.invoke(<wbr>StandardContextValve.java:122)<br> \
at org.apache.catalina.<wbr>authenticator.<wbr>AuthenticatorBase.invoke(<wbr>AuthenticatorBase.java:505)<br> \
at org.apache.catalina.core.<wbr>StandardHostValve.invoke(<wbr>StandardHostValve.java:169)<br> \
at org.apache.catalina.valves.<wbr>ErrorReportValve.invoke(<wbr>ErrorReportValve.java:103)<br> \
at org.wso2.carbon.identity.<wbr>context.rewrite.valve.<wbr>TenantContextRewriteValve.<wbr>invoke(<wbr>TenantContextRewriteValve.<wbr>java:72)<br> \
at org.wso2.carbon.identity.<wbr>authz.valve.<wbr>AuthorizationValve.invoke(<wbr>AuthorizationValve.java:91)<br> \
at org.wso2.carbon.identity.auth.<wbr>valve.AuthenticationValve.<wbr>invoke(AuthenticationValve.<wbr>java:60)<br> \
at org.wso2.carbon.tomcat.ext.<wbr>valves.CompositeValve.<wbr>continueInvocation(<wbr>CompositeValve.java:99)<br> \
at org.wso2.carbon.tomcat.ext.<wbr>valves.CarbonTomcatValve$1.<wbr>invoke(CarbonTomcatValve.java:<wbr>47)<br> \
at org.wso2.carbon.webapp.mgt.<wbr>TenantLazyLoaderValve.invoke(<wbr>TenantLazyLoaderValve.java:57)<br> \
at org.wso2.carbon.tomcat.ext.<wbr>valves.TomcatValveContainer.<wbr>invokeValves(<wbr>TomcatValveContainer.java:47)<br> \
at org.wso2.carbon.tomcat.ext.<wbr>valves.CompositeValve.invoke(<wbr>CompositeValve.java:62)<br> \
at org.wso2.carbon.tomcat.ext.<wbr>valves.<wbr>CarbonStuckThreadDetectionValv<wbr>e.invoke(<wbr>CarbonStuckThreadDetectionValv<wbr>e.java:159)<br> \
at org.apache.catalina.valves.<wbr>AccessLogValve.invoke(<wbr>AccessLogValve.java:958)<br> \
at org.wso2.carbon.tomcat.ext.<wbr>valves.<wbr>CarbonContextCreatorValve.<wbr>invoke(<wbr>CarbonContextCreatorValve.<wbr>java:57)<br> \
at org.apache.catalina.core.<wbr>StandardEngineValve.invoke(<wbr>StandardEngineValve.java:116)<br> \
at org.apache.catalina.connector.<wbr>CoyoteAdapter.service(<wbr>CoyoteAdapter.java:452)<br> \
at org.apache.coyote.http11.<wbr>AbstractHttp11Processor.<wbr>process(<wbr>AbstractHttp11Processor.java:<wbr>1087)<br> \
at org.apache.coyote.<wbr>AbstractProtocol$<wbr>AbstractConnectionHandler.<wbr>process(AbstractProtocol.java:<wbr>637)<br> \
at <a href="http://org.apache.tomcat.util.net">org.apache.tomcat.util.net</a>.<wbr>NioEndpoint$SocketProcessor.<wbr>doRun(NioEndpoint.java:1756)<br> \
at <a href="http://org.apache.tomcat.util.net">org.apache.tomcat.util.net</a>.<wbr>NioEndpoint$SocketProcessor.<wbr>run(NioEndpoint.java:1715)<br> \
at java.util.concurrent.<wbr>ThreadPoolExecutor.runWorker(<wbr>ThreadPoolExecutor.java:1142)<br> \
at java.util.concurrent.<wbr>ThreadPoolExecutor$Worker.run(<wbr>ThreadPoolExecutor.java:617)<br> \
at org.apache.tomcat.util.<wbr>threads.TaskThread$<wbr>WrappingRunnable.run(<wbr>TaskThread.java:61)<br> \
at java.lang.Thread.run(Thread.<wbr>java:745)<br>[2017-08-21 08:57:18,386] INFO \
{fr.icl.picsel20.user.store.<wbr>CustomUserStoreManager} - \
doListUsers()</blockquote></div><div><br></div><div><br></div><div> \
Regards,</div></div><div><br></div><div>Thomas</div><div><br></div><div>[1]<img \
src="cid:ii_15e0399f0dd3084b" alt="Images intégrées 4" width="548" \
height="205"></div><div><br></div><div><br></div><div>[2] <img \
src="cid:ii_15e0398e98bee7cd" alt="Images intégrées 2" width="548" \
height="446"></div><div><div class="h5"><div class="gmail_extra"><br><div \
class="gmail_quote">2017-08-21 6:19 GMT+02:00 Isura Karunaratne <span \
dir="ltr"><<a href="mailto:isura@wso2.com" \
target="_blank">isura@wso2.com</a>></span>:<br><blockquote class="gmail_quote" \
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div \
dir="ltr">Hi Thomas,<div><br></div><div>It is wrong to set tenantId as follows for \
carbon.super tenant. Super tenant's tenantID is -1234. Can you attach full \
exception stacktrace.</div><div><br></div><div>carbonContext.setTenantId(6430<wbr>2);</div><div><br></div><div><br></div><div>Thanks</div><span \
class="m_-3229771116940914601HOEnZb"><font color="#888888"><div>Isura. \
</div></font></span></div><div class="m_-3229771116940914601HOEnZb"><div \
class="m_-3229771116940914601h5"><div class="gmail_extra"><br><div \
class="gmail_quote">On Fri, Aug 18, 2017 at 6:50 PM, Thomas LEGRAND <span \
dir="ltr"><<a href="mailto:thomas.legrand@versusmind.eu" \
target="_blank">thomas.legrand@versusmind.eu</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Hello \
there,<br><br></div>I found the problem concerning the roles. The Identity Server \
calls the primary user store because the usernames in the list aren't prefixed \
with the domain of the secondary store (which is my custom user store).<br>So I \
modified it and I enter into the method.<br><br></div>Now, I have this weird \
exception I never encountered before:<br><br>[2017-08-18 15:16:04,866] ERROR {<a \
href="http://org.wso2.carbon.user.core.com" \
target="_blank">org.wso2.carbon.user.core.com</a><wbr>mon.AbstractUserStoreManager} - \
Error occurred while accessing Java Security Manager Privilege Block<br>[2017-08-18 \
15:16:04,867] ERROR {org.wso2.carbon.user.mgt.User<wbr>RealmProxy} - \
org.wso2.carbon.user.core.User<wbr>StoreException: Error occurred while accessing \
Java Security Manager Privilege Block<br>[2017-08-18 15:16:04,881] ERROR \
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div><br></div></div>______________________________<wbr>_________________<br>
Dev mailing list<br>
<a href="mailto:Dev@wso2.org" target="_blank">Dev@wso2.org</a><br>
<a href="http://wso2.org/cgi-bin/mailman/listinfo/dev" rel="noreferrer" \
target="_blank">http://wso2.org/cgi-bin/mailma<wbr>n/listinfo/dev</a><br> \
<br></blockquote></div><span \
class="m_-3229771116940914601m_957189389957785812m_-5131489661589843124m_1706703802685153370HOEnZb"><font \
color="#888888"><br><br clear="all"><div><br></div>-- <br><div \
class="m_-3229771116940914601m_957189389957785812m_-5131489661589843124m_1706703802685153370m_6081541601001298703gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div><b>Isura Dilhara Karunaratne<br></b></div><font \
color="#666666"><font style="background-color:rgb(255,255,255)">Associate Technical \
Lead | WSO2</font></font></div><div><div dir="ltr" \
style="font-size:12.8px"><div><font color="#666666">Email: <a \
href="mailto:isura@wso2.com" target="_blank">isura@wso2.com</a></font></div><font \
color="#666666">Mob : <a href="tel:+94%2077%20225%204810" value="+94772254810" \
target="_blank">+94 772 254 810</a></font></div><div dir="ltr" \
style="font-size:12.8px"><font color="#666666">Blog : <a \
href="http://isurad.blogspot.com/" \
target="_blank">http://isurad.blogspot.com/</a></font></div><div dir="ltr" \
style="font-size:12.8px"><br></div><font \
color="#666666"><br></font></div><div><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</font></span></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div \
class="m_-3229771116940914601m_957189389957785812gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div><b>Isura Dilhara Karunaratne<br></b></div><font \
color="#666666"><font style="background-color:rgb(255,255,255)">Associate Technical \
Lead | WSO2</font></font></div><div><div dir="ltr" \
style="font-size:12.8px"><div><font color="#666666">Email: <a \
href="mailto:isura@wso2.com" target="_blank">isura@wso2.com</a></font></div><font \
color="#666666">Mob : <a href="tel:+94%2077%20225%204810" value="+94772254810" \
target="_blank">+94 772 254 810</a></font></div><div dir="ltr" \
style="font-size:12.8px"><font color="#666666">Blog : <a \
href="http://isurad.blogspot.com/" \
target="_blank">http://isurad.blogspot.com/</a></font></div><div dir="ltr" \
style="font-size:12.8px"><br></div><font \
color="#666666"><br></font></div><div><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
</div></div></blockquote></div><br></div></div></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div \
class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div><div><b>Isura Dilhara \
Karunaratne<br></b></div><font color="#666666"><font \
style="background-color:rgb(255,255,255)">Associate Technical Lead | \
WSO2</font></font></div><div><div dir="ltr" style="font-size:12.8px"><div><font \
color="#666666">Email: <a href="mailto:isura@wso2.com" \
target="_blank">isura@wso2.com</a></font></div><font color="#666666">Mob : +94 772 \
254 810</font></div><div dir="ltr" style="font-size:12.8px"><font \
color="#666666">Blog : <a href="http://isurad.blogspot.com/" \
target="_blank">http://isurad.blogspot.com/</a></font></div><div dir="ltr" \
style="font-size:12.8px"><br></div><font \
color="#666666"><br></font></div><div><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
--f403043ef6984acb4c0557cd19df--
["image.png" (image/png)]
["1.listOFUseR.png" (image/png)]
["2.displayRoles.png" (image/png)]
["CustomUserStoreManagerDSComponent.java" (text/x-java)]
package fr.icl.picsel20.user.store.internal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.BundleContext;
import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.mgt.userstore.CustomUserStoreManager;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.tracker.UserStoreManagerRegistry;
/**
* @scr.component name="user.store.mgt.dscomponent" immediate=true
*/
public class CustomUserStoreManagerDSComponent {
private static Log LOGGER = (Log) LogFactory.getLog(CustomUserStoreManagerDSComponent.class);
protected void activate(ComponentContext ctxt) throws Exception {
PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
// carbonContext.setTenantId(64302);
// carbonContext.setTenantDomain("carbon.super");
BundleContext bundleContext = ctxt.getBundleContext();
CustomUserStoreManager userStoreManager = new CustomUserStoreManager();
bundleContext.registerService(UserStoreManager.class.getName(), userStoreManager, null);
UserStoreManagerRegistry.init(bundleContext);
LOGGER.info("Custom user store manager activated");
}
protected void deactivate(ComponentContext ctxt) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Custom User Store Manager is deactivated ");
}
}
}
["CustomUserStoreManager.java" (text/x-java)]
package fr.icl.picsel20.user.store;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.user.api.Properties;
import org.wso2.carbon.user.api.Property;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.claim.ClaimManager;
import org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager;
import org.wso2.carbon.user.core.profile.ProfileConfigurationManager;
import org.wso2.carbon.user.core.tenant.Tenant;
import java.util.HashMap;
import java.util.Map;
public class CustomUserStoreManager extends JDBCUserStoreManager {
private static Log LOGGER = LogFactory.getLog(CustomUserStoreManager.class);
public CustomUserStoreManager() {
}
public CustomUserStoreManager(RealmConfiguration realmConfig, Map<String, Object> \
properties,
ClaimManager claimManager, ProfileConfigurationManager profileManager,
UserRealm realm,
Integer tenantId) throws UserStoreException {
super(realmConfig, properties, claimManager, profileManager, realm, tenantId);
}
@Override
public boolean isSharedGroupEnabled() {
return true;
}
@Override
public boolean doAuthenticate(String userName, Object credential) throws \
UserStoreException { if (StringUtils.isEmpty(userName)) {
return false;
}
return true;
}
public String[] getAllProfileNames() throws UserStoreException {
return new String[] { UserCoreConstants.DEFAULT_PROFILE };
}
public String[] getProfileNames(String userName) throws UserStoreException {
return new String[] { UserCoreConstants.DEFAULT_PROFILE };
}
@Override
public Map<String, String> getUserPropertyValues(String arg0, String[] arg1, String \
arg2) throws UserStoreException {
LOGGER.info("getUserPropertyValues()");
return new HashMap<>();
}
@Override
public boolean doCheckExistingRole(String roleName) throws UserStoreException {
LOGGER.info("doCheckExistingRole()");
return StringUtils.isEmpty(getRoleByName(roleName));
}
// @Override
public boolean doCheckExistingUser(String arg0) throws UserStoreException {
// TODO: add user to cache
LOGGER.info("doCheckExistingUser()");
return true;
}
public String[] doListUsers(String filter, int maxItemLimit) throws \
UserStoreException { LOGGER.info("doListUsers()");
return new String[]{"CUSTOM/Lala", "CUSTOM/Toto", "CUSTOM/Titi", "CUSTOM/Jeje"};
}
@Override
protected String[] doGetDisplayNamesForInternalRole(String[] userNames) throws \
UserStoreException { LOGGER.info("doGetDisplayNamesForInternalRole()");
return userNames;
}
public void doAddRole(String roleName, String[] userList, boolean shared) throws \
UserStoreException { throw new UserStoreException("User store is operating in read \
only mode. Cannot write into the user store."); }
public void doUpdateRoleName(String roleName, String newRoleName) throws \
UserStoreException { throw new UserStoreException("User store is operating in read \
only mode. Cannot write into the user store."); }
public boolean isBulkImportSupported() {
return false;
}
public boolean isMultipleProfilesAllowed() {
return false;
}
public void doDeleteRole(String roleName) throws UserStoreException {
throw new UserStoreException("User store is operating in read only mode. Cannot \
write into the user store."); }
@Override
public String[] doGetRoleNames(String filter, int maxItemLimit) throws \
UserStoreException { LOGGER.info("doGetRoleNames(): " + readGroupsEnabled);
return new String[] {"Role 1", "Role 2", "Role 3"};
}
@Override
protected String[] doGetSharedRoleNames(String arg0, String arg1, int arg2) throws \
UserStoreException { LOGGER.info("doGetSharedRoleNames()");
return new String[] {};
}
@Override
public String[] doGetUserListOfRole(String roleName, String filter) throws \
UserStoreException { LOGGER.info("doGetUserListOfRole()");
return new String[] {};
}
@Override
public String[] doGetExternalRoleListOfUser(String username, String filter) throws \
UserStoreException { LOGGER.info("doGetExternalRoleListOfUser()");
if ("Lala".equals(username)) {
return new String[]{"Role 1"};
} else {
return new String[] {"Role 2"};
}
}
@Override
protected String[] doGetSharedRoleListOfUser(String userName, String tenantDomain, \
String filter) throws UserStoreException {
LOGGER.info("doGetSharedRoleListOfUser()");
return doGetExternalRoleListOfUser(userName, filter);
}
public boolean isReadOnly() throws UserStoreException {
return true;
}
@Override
public String[] getUserListFromProperties(String arg0, String arg1, String arg2) \
throws UserStoreException { LOGGER.info("getUserListFromProperties()");
throw new UserStoreException("Invalid operation");
}
@Override
public boolean doCheckIsUserInRole(String userName, String roleName) throws \
UserStoreException { LOGGER.info("doCheckIsUserInRole()");
return true;
}
@Override
public String[] getRoleListOfUser(String arg0) throws UserStoreException {
LOGGER.info("getRoleListOfUser()");
return super.getRoleListOfUser(arg0);
}
@Override
public Properties getDefaultUserStoreProperties() {
Properties properties = new Properties();
properties.setMandatoryProperties(CustomUserStoreProperties.MANDATORY_PROPERTIES
.toArray(new Property[CustomUserStoreProperties.MANDATORY_PROPERTIES.size()]));
properties.setOptionalProperties(CustomUserStoreProperties.OPTIONAL_PROPERTIES
.toArray(new Property[CustomUserStoreProperties.OPTIONAL_PROPERTIES.size()]));
properties.setAdvancedProperties(CustomUserStoreProperties.ADVANCED_PROPERTIES
.toArray(new Property[CustomUserStoreProperties.ADVANCED_PROPERTIES.size()]));
return properties;
}
private String getRoleByName(String name) throws UserStoreException {
LOGGER.info("getRoleByName()");
return "";
}
@Override
public Map<String, String> getProperties(Tenant arg0) throws UserStoreException {
return this.realmConfig.getUserStoreProperties();
}
@Override
public RealmConfiguration getRealmConfiguration() {
return this.realmConfig;
}
@Override
public int getTenantId() throws UserStoreException {
return this.tenantId;
}
@Override
public int getTenantId(String username) throws UserStoreException {
throw new UserStoreException("Invalid operation");
}
@Override
public int getUserId(String username) throws UserStoreException {
throw new UserStoreException("Invalid operation");
}
@Override
public void addRememberMe(String arg0, String arg1) throws \
org.wso2.carbon.user.api.UserStoreException { throw new UserStoreException("Invalid \
operation"); }
@Override
public Map<String, String> getProperties(org.wso2.carbon.user.api.Tenant tenant)
throws org.wso2.carbon.user.api.UserStoreException {
return getProperties((Tenant) tenant);
}
@Override
public boolean isValidRememberMeToken(String arg0, String arg1) throws \
org.wso2.carbon.user.api.UserStoreException { throw new UserStoreException("Invalid \
operation"); }
// @Override
// public RoleContext createRoleContext(String arg0) throws UserStoreException {
// throw new UserStoreException("User store is operating in read only mode. Cannot \
write into the user store."); // }
@Override
public void doAddUser(String arg0, Object arg1, String[] arg2, Map<String, String> \
arg3, String arg4, boolean arg5) throws UserStoreException {
throw new UserStoreException("User store is operating in read only mode. Cannot \
write into the user store."); }
@Override
public void doDeleteUser(String arg0) throws UserStoreException {
throw new UserStoreException("User store is operating in read only mode. Cannot \
write into the user store."); }
@Override
public void doDeleteUserClaimValue(String arg0, String arg1, String arg2) throws \
UserStoreException { throw new UserStoreException("User store is operating in read \
only mode. Cannot write into the user store."); }
@Override
public void doDeleteUserClaimValues(String arg0, String[] arg1, String arg2) throws \
UserStoreException { throw new UserStoreException("User store is operating in read \
only mode. Cannot write into the user store."); }
@Override
public void doSetUserClaimValue(String arg0, String arg1, String arg2, String arg3) \
throws UserStoreException { throw new UserStoreException("User store is operating in \
read only mode. Cannot write into the user store."); }
@Override
public void doSetUserClaimValues(String arg0, Map<String, String> arg1, String arg2) \
throws UserStoreException { throw new UserStoreException("User store is operating in \
read only mode. Cannot write into the user store."); }
@Override
public void doUpdateCredential(String arg0, Object arg1, Object arg2) throws \
UserStoreException { throw new UserStoreException("User store is operating in read \
only mode. Cannot write into the user store.");
}
@Override
public void doUpdateCredentialByAdmin(String arg0, Object arg1) throws \
UserStoreException { throw new UserStoreException("User store is operating in read \
only mode. Cannot write into the user store."); }
@Override
public void doUpdateRoleListOfUser(String arg0, String[] arg1, String[] arg2) throws \
UserStoreException { throw new UserStoreException("User store is operating in read \
only mode. Cannot write into the user store."); }
@Override
public void doUpdateUserListOfRole(String arg0, String[] arg1, String[] arg2) throws \
UserStoreException { throw new UserStoreException("User store is operating in read \
only mode. Cannot write into the user store."); }
//
}
["CustomUserStoreProperties.java" (text/x-java)]
package fr.icl.picsel20.user.store;
import java.util.ArrayList;
import org.wso2.carbon.user.api.Property;
import org.wso2.carbon.user.core.UserStoreConfigConstants;
public class CustomUserStoreProperties {
public static final ArrayList<Property> MANDATORY_PROPERTIES = new \
ArrayList<Property>(); public static final ArrayList<Property> OPTIONAL_PROPERTIES = \
new ArrayList<Property>(); public static final ArrayList<Property> \
ADVANCED_PROPERTIES = new ArrayList<Property>();
static {
setMandatoryProperty("Empty", "", "Empty");
setProperty(UserStoreConfigConstants.disabled, "false", \
UserStoreConfigConstants.disabledDescription);
setProperty("ReadOnly", "true",
"Indicates whether the user store of this realm operates in the user read only \
mode or not"); setProperty(UserStoreConfigConstants.SCIMEnabled, "false", \
UserStoreConfigConstants.SCIMEnabledDescription);
// NOTE: If no advanced properties are set, a NPE occurs when trying to modify
// the settings of the user store via the UI...
setAdvancedProperty(UserStoreConfigConstants.readGroups, "true",
"Enable to read external roles provided by the user store");
}
private static void setProperty(String name, String value, String description) {
Property property = new Property(name, value, description, null);
OPTIONAL_PROPERTIES.add(property);
}
private static void setMandatoryProperty(String name, String value, String \
description) { Property property = new Property(name, value, description, null);
MANDATORY_PROPERTIES.add(property);
}
private static void setAdvancedProperty(String name, String value, String \
description) { Property property = new Property(name, value, description, null);
ADVANCED_PROPERTIES.add(property);
}
}
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic