how to set Internal/Subscriber role as default role to all authenticated users in WSO2 Api manager?

Question

i am trying to give default role as Internal/Subscriber to all users. i made changes in we made changes in file /_system/config/apimgt/applicationdata/tenant-conf.json and added role such as to Internal/creator,Internal/everyone,apimrole "Name": "apim:subscribe", "Roles": "admin,Internal/creator,Internal/everyone,apimrole,Internal/subscriber" it gives me below error

org.wso2.carbon.apimgt.api.APIManagementException: Error while adding the subscriber 
[email protected]@[email protected]

any help appreciated

Answer 1

New user creation takes place in the WSO2 API Manager in two ways.

1. Through the management console of the API Manager
2. Self signup

In 1st way you can assign roles when creating users.

For self signed-up users there already exists a handler to assign Internal/subscriber role to the new users who are having Internal/selfsignup role.

To assign role: Internal/subscriber to new users or existing role not assigned users we have below two options:

Option 1

If you wish to assign subscriber role to existing role not assigned users using Management Console, then you can go to roles listing page there:

There is an option: Assign Users in Actions column in role list relevant to Internal/subscriber role.

It will list all the users who have not assigned Internal/subscriber role and there are several options to select many users at once and assign the role.

Option 2

You can write a custom user operation event listener and add it as OSGI bundle. In this case you can refer this WSO2 IS doc and write a event listener extending AbstractIdentityUserOperationEventListener.

This sample code worked for me:

public class SampleEventListener extends AbstractIdentityUserOperationEventListener {

private static final String EVENT_LISTENER_TYPE = "org.wso2.carbon.user.core.listener.UserOperationEventListener";
private static final String SUBSCRIBER_ROLE = "Internal/subscriber";

@Override
public boolean doPreAddUser(String userName, Object credential, String[] roleList, Map<String, String> claims,
                            String profile, UserStoreManager userStoreManager) throws UserStoreException {

    List<String> roles = new ArrayList<>(Arrays.asList(roleList));
    if (!roles.isEmpty() && !roles.contains(SUBSCRIBER_ROLE)) {
        userStoreManager.updateRoleListOfUser(userName, new String[]{}, new String[] { SUBSCRIBER_ROLE });
    }
    return true;
}

This will add Internal/subscriber role to each newly adding user, if the user doesn't have that role in the process of adding new user.

Here it has mentioned multiple interfaces with which you can implement User Store Listeners.

For OSGI bundle creation and deployment process you can find this sample GitHub project. You can copy the built jar file to the directory <APIM_HOME>/repository/components/dropins/ by following the steps have been mentioned there. (Since WSO2 API Manager is also using WSO2 IS components you can follow the same steps mentioned in README with the API Manger as well)

You can go through this blog post to get complete idea about OSGI bundling.