Fix proposal for applicationMgt list with slow userstore wso2#2114

mxm-tr · Nov 24, 2022 · 92671da · 92671da
1 parent b26f147
commit 92671da
Show file tree

Hide file tree

Showing 2 changed files with 101 additions and 31 deletions.
diff --git a/...main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementAdminService.java b/...main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementAdminService.java
@@ -45,7 +45,7 @@
 import java.util.regex.Pattern;
 
 /**
- * Application management admin service
+ * Application management admin service.
  */
 public class ApplicationManagementAdminService extends AbstractAdmin {
 
@@ -111,7 +111,7 @@ public ServiceProvider createApplicationWithTemplate(ServiceProvider serviceProv
     }
 
     /**
-     * Get Service provider information for given application name
+     * Get Service provider information for given application name.
      *
      * @param applicationName Application name
      * @return service provider
@@ -135,7 +135,7 @@ public ServiceProvider getApplication(String applicationName) throws IdentityApp
     }
 
     /**
-     * Get all basic application information
+     * Get all basic application information.
      *
      * @return Application Basic information array
      * @throws org.wso2.carbon.identity.application.common.IdentityApplicationManagementException
@@ -181,7 +181,7 @@ public ApplicationBasicInfo[] getApplicationBasicInfo(String filter)
     }
 
     /**
-     * Get all basic application information with paginated manner
+     * Get all basic application information with paginated manner.
      *
      * @return Application Basic information array
      * @throws org.wso2.carbon.identity.application.common.IdentityApplicationManagementException
@@ -347,7 +347,7 @@ public int getCountOfApplications(String filter) throws IdentityApplicationManag
     }
 
     /**
-     * Update application
+     * Update application.
      *
      * @param serviceProvider Service provider
      * @throws org.wso2.carbon.identity.application.common.IdentityApplicationManagementException
@@ -373,7 +373,7 @@ public void updateApplication(ServiceProvider serviceProvider) throws IdentityAp
     }
 
     /**
-     * Delete Application
+     * Delete Application.
      *
      * @param applicationName Application name
      * @throws org.wso2.carbon.identity.application.common.IdentityApplicationManagementException
@@ -395,7 +395,7 @@ public void deleteApplication(String applicationName) throws IdentityApplication
     }
 
     /**
-     * Get identity provider by identity provider name
+     * Get identity provider by identity provider name.
      *
      * @param federatedIdPName Federated identity provider name
      * @return Identity provider
@@ -415,7 +415,7 @@ public IdentityProvider getIdentityProvider(String federatedIdPName) throws Iden
     }
 
     /**
-     * Get all identity providers
+     * Get all identity providers.
      *
      * @return Identity providers array
      * @throws org.wso2.carbon.identity.application.common.IdentityApplicationManagementException
@@ -434,7 +434,7 @@ public IdentityProvider[] getAllIdentityProviders() throws IdentityApplicationMa
     }
 
     /**
-     * Get all local authenticators
+     * Get all local authenticators.
      *
      * @return local authenticators array
      * @throws org.wso2.carbon.identity.application.common.IdentityApplicationManagementException
@@ -454,7 +454,7 @@ public LocalAuthenticatorConfig[] getAllLocalAuthenticators() throws IdentityApp
     }
 
     /**
-     * Get all request path authenticator config
+     * Get all request path authenticator config.
      *
      * @return Request path authenticator config array
      * @throws org.wso2.carbon.identity.application.common.IdentityApplicationManagementException
@@ -475,7 +475,7 @@ public RequestPathAuthenticatorConfig[] getAllRequestPathAuthenticators()
     }
 
     /**
-     * Get all local claim uris
+     * Get all local claim uris.
      *
      * @return claim uri array
      * @throws org.wso2.carbon.identity.application.common.IdentityApplicationManagementException
@@ -494,7 +494,7 @@ public String[] getAllLocalClaimUris() throws IdentityApplicationManagementExcep
     }
 
     /**
-     * Retrieve the set of authentication templates configured from file system in JSON format
+     * Retrieve the set of authentication templates configured from file system in JSON format.
      *
      * @return Authentication templates.
      */
@@ -739,18 +739,8 @@ private void generateCustomInboundAuthenticatorConfigs() {
     private ArrayList<ApplicationBasicInfo> getAuthorizedApplicationBasicInfo(
             ApplicationBasicInfo[] applicationBasicInfos, String userName)
             throws IdentityApplicationManagementException {
-
-        ArrayList<ApplicationBasicInfo> appInfo = new ArrayList<>();
-        for (ApplicationBasicInfo applicationBasicInfo : applicationBasicInfos) {
-            if (ApplicationMgtUtil.isUserAuthorized(applicationBasicInfo.getApplicationName(), userName)) {
-                appInfo.add(applicationBasicInfo);
-                if (log.isDebugEnabled()) {
-                    log.debug("Retrieving basic information of application: " +
-                            applicationBasicInfo.getApplicationName() + "username: " + userName);
-                }
-            }
-        }
-        return appInfo;
+
+        return ApplicationMgtUtil.filterApplicationsForUser(applicationBasicInfos, userName);
     }
 
     /**

diff --git a/...cation.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtUtil.java b/...cation.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtUtil.java
@@ -29,6 +29,7 @@
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.context.RegistryType;
 import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
+import org.wso2.carbon.identity.application.common.model.ApplicationBasicInfo;
 import org.wso2.carbon.identity.application.common.model.ApplicationPermission;
 import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
 import org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig;
@@ -117,6 +118,85 @@ public static boolean isUserAuthorized(String applicationName, String username,
         return true;
     }
 
+
+    /**
+     * @param applicationInfos
+     * @param username
+     * @return a filtered list of ApplicationBasicInfo
+     * @throws IdentityApplicationManagementException
+     */
+    public static ArrayList<ApplicationBasicInfo> filterApplicationsForUser(
+        ApplicationBasicInfo[] applicationInfos, String username
+        )
+            throws IdentityApplicationManagementException {
+
+        // Initialize list to return
+        ArrayList<ApplicationBasicInfo> authorizedAppInfo = new ArrayList<ApplicationBasicInfo>();
+
+        // Check whether roles validation is enabled
+        // If we do not validate the roles, return the whole list of applications
+        boolean validateRoles = validateRoles();
+        if (!validateRoles) {
+            if (log.isDebugEnabled()) {
+                log.debug(String.format("Validating user with application roles is disabled. Therefore, " +
+                        "user: %s will be authorized for all applications", username));
+            }
+
+            // return new ArrayList<ApplicationBasicInfo>(applicationInfos);
+            return new ArrayList<ApplicationBasicInfo>(
+                (List<ApplicationBasicInfo>) Arrays.asList(applicationInfos));
+
+        }
+
+        // Get user store
+        try {
+            UserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm()
+                            .getUserStoreManager();
+
+            // List roles from user store
+            String[] userRoles = userStoreManager.getRoleListOfUser(username);
+
+            // For each app, check whether the user the corresponding application role
+            for (ApplicationBasicInfo applicationBasicInfo : applicationInfos) {
+
+                String applicationName = applicationBasicInfo.getApplicationName();
+
+                String applicationRoleName = getAppRoleName(applicationName);
+
+                try {
+                    if (log.isDebugEnabled()) {
+                        log.debug(
+                            "Checking whether user has role : " + applicationRoleName
+                            + " by retrieving role list of " + "user : " + username);
+                    }
+
+                    if (userStoreManager instanceof AbstractUserStoreManager) {
+                        if (((AbstractUserStoreManager) userStoreManager).isUserInRole(username, applicationRoleName)) {
+                            authorizedAppInfo.add(applicationBasicInfo);
+                        }
+                    }
+
+                    for (String userRole : userRoles) {
+                        if (applicationRoleName.equals(userRole)) {
+                            authorizedAppInfo.add(applicationBasicInfo);
+                        }
+                    }
+
+                } catch (UserStoreException e) {
+                    throw new IdentityApplicationManagementException("Error while checking authorization for user: " +
+                            username + " for application: " + applicationName, e);
+                }
+
+            }
+
+        } catch (UserStoreException e) {
+            throw new IdentityApplicationManagementException("Error getting roles for user: " +
+                    username, e);
+        }
+        return authorizedAppInfo;        
+    }
+
+
     /**
      * @param applicationName
      * @param username
@@ -247,7 +327,7 @@ private static String getAppRoleName(String applicationName) {
     }
 
     /**
-     * Delete the role of the app
+     * Delete the role of the app.
      *
      * @param applicationName
      * @throws IdentityApplicationManagementException
@@ -391,7 +471,7 @@ public static void storePermissions(String applicationName, String username,
     }
 
     /**
-     * Updates the permissions of the application
+     * Updates the permissions of the application.
      *
      * @param applicationName
      * @param permissions
@@ -470,7 +550,7 @@ private static void addPermission(String applicationNode, ApplicationPermission[
     }
 
     /**
-     * Loads the permissions of the application
+     * Loads the permissions of the application.
      *
      * @param applicationName
      * @return
@@ -550,7 +630,7 @@ private static void permissionPath(Registry tenantGovReg, String permissionPath,
     }
 
     /**
-     * Delete the resource
+     * Delete the resource.
      *
      * @param applicationName
      * @throws IdentityApplicationManagementException
@@ -595,7 +675,7 @@ public static String getApplicationPermissionPath() {
     }
 
     /**
-     * Validate application name according to the regex
+     * Validate application name according to the regex.
      *
      * @return validated or not
      */
@@ -621,7 +701,7 @@ public static String getSPValidatorRegex() {
     }
 
     /**
-     * Get Property values
+     * Get Property values.
      *
      * @param tenantDomain  Tenant domain
      * @param spIssuer      SP Issuer
@@ -710,7 +790,7 @@ public static boolean isValidApplicationOwner(ServiceProvider serviceProvider)
     }
 
     /**
-     * Get Service provider name from XML configuration file
+     * Get Service provider name from XML configuration file.
      *
      * @param spFileStream
      * @param tenantDomain