Search in sources :

Example 36 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class ResourceTypesResource method createInstance.

/**
     * Create {@link org.forgerock.openam.entitlement.ResourceType} in the system.
     *
     * The user's {@link org.forgerock.json.resource.SecurityContext} must indicate they are a user with
     * administrator-level access.
     *
     * @param context {@inheritDoc}
     * @param request {@inheritDoc}
     */
@Override
public Promise<ResourceResponse, ResourceException> createInstance(Context context, CreateRequest request) {
    if (METHOD_PUT.equalsIgnoreCase(context.asContext(HttpContext.class).getMethod())) {
        return getException(METHOD_NOT_ALLOWED).asPromise();
    }
    String principalName = "unknown";
    try {
        final Subject subject = getSubject(context);
        principalName = PrincipalRestUtils.getPrincipalNameFromSubject(subject);
        final JsonResourceType jsonWrapper = createJsonResourceType(request.getContent());
        if (StringUtils.isEmpty(jsonWrapper.getName())) {
            throw new EntitlementException(MISSING_RESOURCE_TYPE_NAME);
        }
        // Here we save the resource type and use that returned, since the resource type service
        // adds all manner of good stuff - creation dates, updated dates, etc. etc.  It is the resource type filled
        // out with this extra stuff that we put into the resource and the user gets to see.
        //
        final ResourceType savedResourceType = resourceTypeService.saveResourceType(subject, getRealm(context), jsonWrapper.getResourceType(true));
        if (logger.messageEnabled()) {
            logger.message("ResourceTypeResource :: CREATE by " + principalName + ": for Resource Type: " + savedResourceType.getName());
        }
        return newResultPromise(newResourceResponse(savedResourceType.getUUID(), null, new JsonResourceType(savedResourceType).toJsonValue()));
    } catch (EntitlementException e) {
        if (logger.errorEnabled()) {
            logger.error("ResourceTypeResource :: CREATE by " + principalName + ": Resource Type creation failed. ", e);
        }
        return exceptionMappingHandler.handleError(context, request, e).asPromise();
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) JsonResourceType(org.forgerock.openam.entitlement.rest.wrappers.JsonResourceType) JsonResourceType(org.forgerock.openam.entitlement.rest.wrappers.JsonResourceType) ResourceType(org.forgerock.openam.entitlement.ResourceType) Subject(javax.security.auth.Subject)

Example 37 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class ResourceTypesResource method readInstance.

/**
     * Reads the details of a single instance of an {@link org.forgerock.openam.entitlement.ResourceType} - the instance
     * referred to by the passed-in resourceId.
     *
     * The user's {@link org.forgerock.json.resource.SecurityContext} must indicate they are a user with
     * administrator-level access.
     *
     * @param context {@inheritDoc}
     * @param resourceId {@inheritDoc}
     * @param request {@inheritDoc}
     */
@Override
public Promise<ResourceResponse, ResourceException> readInstance(Context context, String resourceId, ReadRequest request) {
    String principalName = "unknown";
    try {
        Subject theSubject = getSubject(context);
        principalName = PrincipalRestUtils.getPrincipalNameFromSubject(theSubject);
        final String realm = getRealm(context);
        ResourceType resourceType = resourceTypeService.getResourceType(theSubject, realm, resourceId);
        if (resourceType == null) {
            throw new EntitlementException(NO_SUCH_RESOURCE_TYPE, resourceId, realm);
        }
        JsonResourceType wrapper = new JsonResourceType(resourceType);
        final ResourceResponse resource = newResourceResponse(resourceId, String.valueOf(System.currentTimeMillis()), JsonValue.json(wrapper.toJsonValue()));
        return newResultPromise(resource);
    } catch (EntitlementException ee) {
        if (logger.errorEnabled()) {
            logger.error("ResourceTypesResource :: READ by " + principalName + ": Could not jsonify class associated with defined Type: " + resourceId, ee);
        }
        return exceptionMappingHandler.handleError(context, request, ee).asPromise();
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) JsonResourceType(org.forgerock.openam.entitlement.rest.wrappers.JsonResourceType) Responses.newResourceResponse(org.forgerock.json.resource.Responses.newResourceResponse) ResourceResponse(org.forgerock.json.resource.ResourceResponse) JsonResourceType(org.forgerock.openam.entitlement.rest.wrappers.JsonResourceType) ResourceType(org.forgerock.openam.entitlement.ResourceType) Subject(javax.security.auth.Subject)

Example 38 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class ResourceTypesResource method queryCollection.

/**
     * Reads the details of all {@link org.forgerock.openam.entitlement.ResourceType}s in the system.
     *
     * The user's {@link org.forgerock.json.resource.SecurityContext} must indicate they are a user with
     * administrator-level access.
     *
     * @param context {@inheritDoc}
     * @param request {@inheritDoc}
     * @param handler {@inheritDoc}
     */
@Override
public Promise<QueryResponse, ResourceException> queryCollection(Context context, QueryRequest request, QueryResourceHandler handler) {
    String principalName = "unknown";
    String realm = getRealm(context);
    QueryFilter<JsonPointer> queryFilter = request.getQueryFilter();
    try {
        Subject subject = getSubject(context);
        principalName = PrincipalRestUtils.getPrincipalNameFromSubject(subject);
        Map<String, Map<String, Set<String>>> configData = resourceTypeService.getResourceTypesData(subject, realm);
        Set<String> filterResults;
        if (queryFilter == null) {
            filterResults = configData.keySet();
        } else {
            filterResults = queryFilter.accept(new DataQueryFilterVisitor(), configData);
        }
        List<ResourceResponse> results = new ArrayList<>();
        for (String uuid : filterResults) {
            ResourceType resourceType = resourceTypeService.getResourceType(subject, realm, uuid);
            results.add(newResourceResponse(resourceType.getUUID(), null, new JsonResourceType(resourceType).toJsonValue()));
        }
        QueryResponsePresentation.enableDeprecatedRemainingQueryResponse(request);
        return QueryResponsePresentation.perform(handler, request, results);
    } catch (EntitlementException ee) {
        if (logger.errorEnabled()) {
            logger.error("ResourceTypesResource :: QUERY by " + principalName + ": Caused EntitlementException: ", ee);
        }
        return exceptionMappingHandler.handleError(context, request, ee).asPromise();
    } catch (QueryException e) {
        return new BadRequestException(e.getL10NMessage(ServerContextUtils.getLocaleFromContext(context))).asPromise();
    }
}
Also used : JsonResourceType(org.forgerock.openam.entitlement.rest.wrappers.JsonResourceType) JsonResourceType(org.forgerock.openam.entitlement.rest.wrappers.JsonResourceType) ResourceType(org.forgerock.openam.entitlement.ResourceType) JsonPointer(org.forgerock.json.JsonPointer) Subject(javax.security.auth.Subject) EntitlementException(com.sun.identity.entitlement.EntitlementException) QueryException(org.forgerock.openam.rest.query.QueryException) Responses.newResourceResponse(org.forgerock.json.resource.Responses.newResourceResponse) ResourceResponse(org.forgerock.json.resource.ResourceResponse) BadRequestException(org.forgerock.json.resource.BadRequestException) DataQueryFilterVisitor(org.forgerock.openam.rest.query.DataQueryFilterVisitor)

Example 39 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class ResourceTypeConfigurationImpl method containsUUID.

/**
     * {@inheritDoc}
     */
@Override
public boolean containsUUID(Subject subject, String realm, String uuid) throws EntitlementException {
    final ServiceConfig resourceTypeConf;
    try {
        final ServiceConfig subOrgConfig = resourceTypeServiceConfig.getOrgConfig(subject, realm).getSubConfig(CONFIG_RESOURCE_TYPES);
        if (subOrgConfig == null) {
            return false;
        }
        resourceTypeConf = subOrgConfig.getSubConfig(uuid);
    } catch (SMSException ex) {
        PrivilegeManager.debug.error("ResourceTypeConfiguration.containsUUID", ex);
        throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, ex, realm);
    } catch (SSOException ex) {
        PrivilegeManager.debug.error("ResourceTypeConfiguration.containsUUID", ex);
        throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, ex, realm);
    }
    return resourceTypeConf != null && resourceTypeConf.exists();
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) ServiceConfig(com.sun.identity.sm.ServiceConfig) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException)

Example 40 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class ResourceTypeConfigurationImpl method getResourceTypes.

@Override
public Set<ResourceType> getResourceTypes(final QueryFilter<SmsAttribute> queryFilter, final Subject subject, final String realm) throws EntitlementException {
    final SSOToken token = SubjectUtils.getSSOToken(subject);
    final String dn = getResourceTypeBaseDN(realm);
    final Filter filter = queryFilter.accept(new SmsQueryFilterVisitor(), null);
    final Set<ResourceType> resourceTypes = new HashSet<ResourceType>();
    try {
        if (SMSEntry.checkIfEntryExists(dn, token)) {
            // Interaction with legacy service.
            @SuppressWarnings("unchecked") final Iterator<SMSDataEntry> iterator = (Iterator<SMSDataEntry>) SMSEntry.search(token, dn, filter.toString(), 0, 0, false, false, Collections.emptySet());
            while (iterator.hasNext()) {
                final SMSDataEntry entry = iterator.next();
                final String name = entry.getAttributeValue(CONFIG_NAME);
                // Extract the resource types UUID from the LDAP DN representation.
                final String uuid = LDAPUtils.getName(DN.valueOf(entry.getDN()));
                // Interaction with legacy service.
                @SuppressWarnings("unchecked") final Set<String> actionSet = entry.getAttributeValues(CONFIG_ACTIONS);
                final Map<String, Boolean> actions = getActions(actionSet);
                // Interaction with legacy service.
                @SuppressWarnings("unchecked") final Set<String> resources = entry.getAttributeValues(CONFIG_PATTERNS);
                final String description = entry.getAttributeValue(CONFIG_DESCRIPTION);
                final String createdBy = entry.getAttributeValue(CONFIG_CREATED_BY);
                final String creationDate = entry.getAttributeValue(CONFIG_CREATION_DATE);
                final String modifiedBy = entry.getAttributeValue(CONFIG_LAST_MODIFIED_BY);
                final String modifiedDate = entry.getAttributeValue(CONFIG_LAST_MODIFIED_DATE);
                final ResourceType resourceType = ResourceType.builder().setUUID(uuid).setName(name).setActions(actions).setPatterns(resources).setDescription(description).setCreatedBy(createdBy).setCreationDate(Long.parseLong(creationDate)).setLastModifiedBy(modifiedBy).setLastModifiedDate(Long.parseLong(modifiedDate)).build();
                resourceTypes.add(resourceType);
            }
        }
    } catch (SMSException smsE) {
        throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, realm, smsE);
    }
    return resourceTypes;
}
Also used : SSOToken(com.iplanet.sso.SSOToken) SMSDataEntry(com.sun.identity.sm.SMSDataEntry) SMSException(com.sun.identity.sm.SMSException) ResourceType(org.forgerock.openam.entitlement.ResourceType) EntitlementException(com.sun.identity.entitlement.EntitlementException) Filter(org.forgerock.opendj.ldap.Filter) QueryFilter(org.forgerock.util.query.QueryFilter) Iterator(java.util.Iterator) HashSet(java.util.HashSet)

Aggregations

EntitlementException (com.sun.identity.entitlement.EntitlementException)221 Subject (javax.security.auth.Subject)68 HashSet (java.util.HashSet)58 SSOException (com.iplanet.sso.SSOException)51 Set (java.util.Set)50 SSOToken (com.iplanet.sso.SSOToken)47 SMSException (com.sun.identity.sm.SMSException)45 Application (com.sun.identity.entitlement.Application)37 Test (org.testng.annotations.Test)37 HashMap (java.util.HashMap)34 ResourceException (org.forgerock.json.resource.ResourceException)33 ResourceResponse (org.forgerock.json.resource.ResourceResponse)32 Privilege (com.sun.identity.entitlement.Privilege)22 JsonValue (org.forgerock.json.JsonValue)19 JSONException (org.json.JSONException)19 CLIException (com.sun.identity.cli.CLIException)18 ApplicationPrivilegeManager (com.sun.identity.entitlement.ApplicationPrivilegeManager)17 ServiceConfig (com.sun.identity.sm.ServiceConfig)17 ResourceType (org.forgerock.openam.entitlement.ResourceType)17 PolicyException (com.sun.identity.policy.PolicyException)16