Im having some problems creating new user from one of my controllers. I'm trying to add a new user to my MongoDB user collection like this. Authorities is defined as a Set of Role in the domain.
Role role = new Role(authority:"ROLE_USER")
User user = new User(username:params.username,email:params.email,password:params.password,enabled:params.enabled,
accountExpired:params.accountExpired,accountLocked:params.accountLocked,passwordExpired:params.passwordExpired,
authorities:[role])
if (user.validate()) {
user.save(flush:true)
} else {
user.errors.allErrors.each { println it }
}
The exact same code is able to create a user successfully from the bootstrap, but when i'm trying to do the same thing from a simple controller i'm getting this error:
2012-09-24 10:43:27,450 [http-8080-3] ERROR binding.GrailsDataBinder - Unable to auto-create type interface java.util.Set, class java.lang.InstantiationException thrown in constructor
a:662)
Looks like the problem is with data binding. You have to create User with authorities first and then add role using UserRole domain. Something like:
Role role = Role.findByAuthority("ROLE_USER")
User user = new User(username:params.username,email:params.email,password:params.password,enabled:params.enabled, accountExpired:params.accountExpired,accountLocked:params.accountLocked,passwordExpired:params.passwordExpired)
new UserRole(user: user, role: role).save(flush: flush, insert: true)
user.save(flush:true)
For more information how to create user with spring security, you may want to look at Spring Security UI
Related
I have implemented a custom UserStorageProvider with AbstractUserAdapter for Keycloak for retrieving users from external DB and login users with credentials stored in that DB. All works ok and the data is read only via Keycloak admin panel.
I wanted to add additional attributes to users from data stored in external DB, I would like to add this data to the token via Attribute Mapper, is there a way to do it? Or do II need to implement AbstractUserAdapterFederatedStorage? The problem with the later is that it is not read only and allows to edit the user data transferred to the keycloak user store.
It really depends on your implementation. If you have access to desired data for attributes and to the user, you can simply assign new attributes to him, i.e:
KeycloakSession session = // get session somewhere
RealmModel currentRealm = session.getContext().getRealm();
UserModel user = getUserSomehow(session, currentRealm);
user.setSingleAttribute("attributeName", "attributeValue");
...
private UserModel getUserSomehow(KeycloakSession session, RealmModel realm) {
return KeycloakModelUtils.findUserByNameOrEmail(context.getSession(), context.getRealm(), "<username>");
// or (cached model):
// return session.users().getUserById("<userId>", realm);
// or (Un-cached model):
// return session.userStorageManager().getUserById("<userId>", realm);
}
i am trying to give default role as Internal/Subscriber to all users.
i made changes in we made changes in file /_system/config/apimgt/applicationdata/tenant-conf.json and added role such as to Internal/creator,Internal/everyone,apimrole
"Name": "apim:subscribe",
"Roles": "admin,Internal/creator,Internal/everyone,apimrole,Internal/subscriber"
it gives me below error
org.wso2.carbon.apimgt.api.APIManagementException: Error while adding the subscriber
laxman#gmail.com#carbon.super#carbon.super
any help appreciated
New user creation takes place in the WSO2 API Manager in two ways.
Through the management console of the API Manager
Self signup
In 1st way you can assign roles when creating users.
For self signed-up users there already exists a handler to assign Internal/subscriber role to the new users who are having Internal/selfsignup role.
To assign role: Internal/subscriber to new users or existing role not assigned users we have below two options:
Option 1
If you wish to assign subscriber role to existing role not assigned users using Management Console, then you can go to roles listing page there:
There is an option: Assign Users in Actions column in role list relevant to Internal/subscriber role.
It will list all the users who have not assigned Internal/subscriber role and there are several options to select many users at once and assign the role.
Option 2
You can write a custom user operation event listener and add it as OSGI bundle.
In this case you can refer this WSO2 IS doc and write a event listener extending AbstractIdentityUserOperationEventListener.
This sample code worked for me:
public class SampleEventListener extends AbstractIdentityUserOperationEventListener {
private static final String EVENT_LISTENER_TYPE = "org.wso2.carbon.user.core.listener.UserOperationEventListener";
private static final String SUBSCRIBER_ROLE = "Internal/subscriber";
#Override
public boolean doPreAddUser(String userName, Object credential, String[] roleList, Map<String, String> claims,
String profile, UserStoreManager userStoreManager) throws UserStoreException {
List<String> roles = new ArrayList<>(Arrays.asList(roleList));
if (!roles.isEmpty() && !roles.contains(SUBSCRIBER_ROLE)) {
userStoreManager.updateRoleListOfUser(userName, new String[]{}, new String[] { SUBSCRIBER_ROLE });
}
return true;
}
This will add Internal/subscriber role to each newly adding user, if the user doesn't have that role in the process of adding new user.
Here it has mentioned multiple interfaces with which you can implement User Store Listeners.
For OSGI bundle creation and deployment process you can find this sample GitHub project. You can copy the built jar file to the directory <APIM_HOME>/repository/components/dropins/ by following the steps have been mentioned there. (Since WSO2 API Manager is also using WSO2 IS components you can follow the same steps mentioned in README with the API Manger as well)
You can go through this blog post to get complete idea about OSGI bundling.
I am not able to add a new user to the "confluence-users" group. I am able to add a new user to the database, and when I am trying to add him to the group, it says
"User [Anonymous] does not have the required privileges."
I guess, it needs admin privileges to add a user to group and how can I specify it while adding a user to group. I am using confluence 3.5 api and pls let me know how to achieve this.
My code looks like below..
UserAccessor userAccessor = (UserAccessor)ContainerManager.getInstance().getContainerContext().getComponent("userAccessor");
Group group = userAccessor.getGroup(UserAccessor.GROUP_CONFLUENCE_USERS);
DefaultUser defaultUser = new DefaultUser(username,fullname,email);
User newuser = userAccessor.createUser(defaultUser,Credential.unencrypted(password));
userAccessor.addMembership(group,newuser);
Try this:
UserManager userManager = (UserManager) ContainerManager.getComponent("userManager");
userManager.createUser(newUser, Credential.NONE);
groupManager.addMembership(group, user);
You'll need to inject the GroupManager in your class.
I have two tables : Users & Profiles. A user has one profile (1:1), a profile can be affected to many users, each profile has many modules, each module has many actions.
I'm sending this object from an asmx to a aspx page using a direct service call.
I got an error because of lazy loading ... so I disabled the lazy loading.
this.Configuration.LazyLoadingEnabled = false;
this works fine, I got my user, with the profile null.
To build the menu tree I have to retrieve the profile. I included It :
User user = new User();
using (cduContext db = new cduContext())
{
// get the user
string encryptedPassword = Encryption.Encrypt(password);
user = (from u in db.Users
where u.UserName.Equals(login) &&
u.Password.Equals(encryptedPassword)
select u).FirstOrDefault();
// Include the users profile
user = db.Users.Include("Profile").FirstOrDefault();
}
return user;
I got this error in the javascript call function :
A circular reference was detected while serializing an object of type 'CDU.Entities.Models.User'.
When I made a quick watch on the user object, in asmx ( before sending it ) , I found, that the profile has included the list of the users who had this pofile, each user has his profile loaded ... etc
Any idea please ?
Note, your code should look like this:
using (cduContext db = new cduContext())
{
// get the user
string encryptedPassword = Encryption.Encrypt(password);
var user = from u in db.Users
where u.UserName.Equals(login) &&
u.Password.Equals(encryptedPassword)
select u;
// Include the users profile
return user.Include("Profile").FirstOrDefault();
}
In your code, you were throwing away the first query by overwriting it with the second. And there was no valid reason to create a blank user.
To address your problem, you're going to have make a decision on what you don't want to serialize. In your case, you probably don't want to serialize Profile.Users
You don't mention what serializer you're using. I'm assuming you're using the DataContract serializer?
EDIT:
You would mark your Profile.Users object with the [IgnoreDataMember] Attribute.
I've created a grails app that uses spring security to allow a user to authenticate via facebook, and I can successfully print out the facebook username onto one of the views, so thus far I don't have any issues.
My problem lies when trying to bootstrap my application with some sample data for my given facebook user, so I don't have to enter it every time the application starts up.
This is how I'm trying to bootstrap my own facebook account, I have the following in Bootstrap.groovy :
def adminRole = new AppRole(authority: 'ROLE_ADMIN').save(flush: true)
def userRole = new AppRole(authority: 'ROLE_USER').save(flush: true)
def testUser = new AppUser(username: 'facebook_563645402', enabled: true,
password: 'my-hashed-pw-here',
surveys: [jamies])
testUser.save(flush: true)
AppUserAppRole.create testUser, adminRole, true
For the record, I've added a hasMany for the surveys field mentioned above onto AppUser.
When I fire up the app and try to connect, I get the following error :
URI
/web/j_spring_security_facebook_check
Class
grails.validation.ValidationException
Message
Validation Error(s) occurred during save(): - Field error in object 'web.AppUser' on field 'username': rejected value [facebook_563645402]; codes [web.AppUser.username.unique.error.web.AppUser.username,web.AppUser.username.unique.error.username,web.AppUser.username.unique.error.java.lang.String,web.AppUser.username.unique.error,appUser.username.unique.error.web.AppUser.username,appUser.username.unique.error.username,appUser.username.unique.error.java.lang.String,appUser.username.unique.error,web.AppUser.username.unique.web.AppUser.username,web.AppUser.username.unique.username,web.AppUser.username.unique.java.lang.String,web.AppUser.username.unique,appUser.username.unique.web.AppUser.username,appUser.username.unique.username,appUser.username.unique.java.lang.String,appUser.username.unique,unique.web.AppUser.username,unique.username,unique.java.lang.String,unique]; arguments [username,class web.AppUser,facebook_563645402]; default message [Property [{0}] of class [{1}] with value [{2}] must be unique]
Which appears to complain about the username not being unique.
If by trying to bootstrap some data breaks the unique constraints on the facebook username, how can I possibly ever pre define any data for a user?
A quick Googling brings up a few suggestions (link1, Grails spring security bootstrap, but so far they haven't helped, any ideas?
EDIT:
Delving deeper into the error that grails reports, I can see that the root of the above error is located in DefaultFacebookAuthDao, line 135, which mentions the following :
AppUserDomainClazz.withTransaction {
appUser.save(flush: true, failOnError: true)
}
So, by authenticating, spring security attempts to save a user domain object...
EDIT 2 :
This is my Bootstrap.groovy
def testUser = new AppUser(username: 'facebook_563645402', enabled: true,
password: 'my-hashed-pw', surveys: [new Survey(1)])
testUser.save()
def fbUser = new FacebookUser(uid: 563645402)
fbUser.save(flush: true)
Both FacebookUser and AppUser were generated via the spring security facebook quickstart, with the only change being to add static hasMany = [surveys: Survey] to AppUser.
It looks like the data has already been predefined, otherwise there wouldn't be a unique constraint violation. Just check for the existence of the data and only create it if needed:
def adminRole = AppRole.findOrSaveByAuthority('ROLE_ADMIN')
def userRole = AppRole.findOrSaveByAuthority('ROLE_USER')
String username = 'facebook_563645402'
if (!AppUser.findByUsername(username)) {
def testUser = new AppUser(username: username, enabled: true,
password: 'my-hashed-pw-here')
testUser.addToSurveys(jamies)
testUser.save()
AppUserAppRole.create testUser, adminRole, true
}
Spring Security Facebook tries to create a new user with same username (facebook_563645402). Because it cannot find it by uid.
As I see from you code, you just create an user, with filled username, but it's not a facebook user, and uid field isn't filled. So, the plugin cannot find any facebook user and tries to create a new one, using 'facebook_563645402' username by default.
There two ways: or change username for user created in Bootstrap (if it's not a facebook user), or create a Facebook User also (will be used for authentication).