use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.
the class ResourceTypeConfigurationImpl method containsName.
/**
* {@inheritDoc}
*/
@Override
public boolean containsName(Subject subject, String realm, String name) throws EntitlementException {
try {
final ServiceConfig subOrgConfig = resourceTypeServiceConfig.getOrgConfig(subject, realm).getSubConfig(CONFIG_RESOURCE_TYPES);
if (subOrgConfig == null) {
return false;
}
final Set<String> configNames = subOrgConfig.getSubConfigNames();
for (String configName : configNames) {
if (name.equalsIgnoreCase(getAttribute(subOrgConfig.getSubConfig(configName).getAttributes(), CONFIG_NAME))) {
return true;
}
}
} catch (SMSException ex) {
PrivilegeManager.debug.error("ResourceTypeConfiguration.containsName", ex);
throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, ex, realm);
} catch (SSOException ex) {
PrivilegeManager.debug.error("ResourceTypeConfiguration.containsName", ex);
throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, ex, realm);
}
return false;
}
use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.
the class ResourceTypeConfigurationImpl method isResourceTypeUsed.
/**
* Looks in the realm for applications and policies that may reference the resource type.
*
* @param uuid
* the resource type uuid
*
* @return whether the resource type is referenced in the policy model for the realm
*
* @throws EntitlementException
* should an error occur looking up resource type references
*/
private boolean isResourceTypeUsed(Subject subject, String realm, String uuid) throws EntitlementException {
SSOToken token = SubjectUtils.getSSOToken(subject);
try {
String filter = MessageFormat.format(REFERENCE_FILTER, uuid);
@SuppressWarnings("unchecked") Set<String> dnEntries = SMSEntry.search(token, dnHelper.orgNameToDN(realm), filter, 0, 0, false, false);
for (String dnEntry : dnEntries) {
if (dnEntry.contains(EntitlementUtils.INDEXES_NAME)) {
// A DN containing the entitlement index service indicates reference by a policy.
return true;
}
if (dnEntry.contains(EntitlementUtils.SERVICE_NAME)) {
// A DN containing the general entitlement service indicates reference by an application.
return true;
}
}
return false;
} catch (SMSException smsE) {
throw new EntitlementException(EntitlementException.INTERNAL_ERROR, smsE);
}
}
use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.
the class ResourceTypeConfigurationImpl method getResourceTypesData.
@Override
public Map<String, Map<String, Set<String>>> getResourceTypesData(Subject subject, String realm) throws EntitlementException {
final Map<String, Map<String, Set<String>>> configData = new HashMap<String, Map<String, Set<String>>>();
try {
final ServiceConfig subOrgConfig = resourceTypeServiceConfig.getOrgConfig(subject, realm).getSubConfig(CONFIG_RESOURCE_TYPES);
if (subOrgConfig == null) {
return configData;
}
final Set<String> uuids = subOrgConfig.getSubConfigNames();
for (String uuid : uuids) {
configData.put(uuid, subOrgConfig.getSubConfig(uuid).getAttributesForRead());
}
} catch (SMSException ex) {
PrivilegeManager.debug.error("ResourceTypeConfiguration.getResourceTypesData", ex);
throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, ex, realm);
} catch (SSOException ex) {
PrivilegeManager.debug.error("ResourceTypeConfiguration.getResourceTypesData", ex);
throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, ex, realm);
}
return configData;
}
use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.
the class ApplicationV1Filter method filterUpdate.
/**
* Update expects the application json to contain both actions and resources; these attributes are part of the old
* json definition for an application. It also expects that the mentioned application exists with exactly one
* resource type - no resource types or many resource types is not acceptable, else it is impossible to determine
* which resource type applies to the set of actions and resources being passed as part of the application json.
* <p/>
* Changes to the actions and/or resources will be reflected in the applications associated resource type.
*
* @param context
* the filter chain context
* @param request
* the update request
* @param next
* a request handler representing the remainder of the filter chain
*/
@Override
public Promise<ResourceResponse, ResourceException> filterUpdate(final Context context, final UpdateRequest request, final RequestHandler next) {
final JsonValue jsonValue = request.getContent();
final Map<String, Boolean> actions = jsonValue.get(ACTIONS).asMap(Boolean.class);
final Set<String> resources = jsonValue.get(RESOURCES).asSet(String.class);
final String bodyRealm = jsonValue.get(REALM).asString();
final String pathRealm = contextHelper.getRealm(context);
if (actions == null) {
return new BadRequestException("Invalid actions defined in request").asPromise();
}
if (resources == null) {
return new BadRequestException("Invalid resources defined in request").asPromise();
}
if (!pathRealm.equals(bodyRealm)) {
return resourceErrorHandler.handleError(context, request, new EntitlementException(EntitlementException.INVALID_APP_REALM, new String[] { bodyRealm, pathRealm })).asPromise();
}
final Subject callingSubject = contextHelper.getSubject(context);
final String applicationName = request.getResourcePath();
try {
final ApplicationService applicationService = applicationServiceFactory.create(callingSubject, pathRealm);
final Application application = applicationService.getApplication(applicationName);
if (application == null) {
return new NotFoundException("Unable to find application " + applicationName).asPromise();
}
if (application.getResourceTypeUuids().size() != 1) {
return new BadRequestException("Cannot modify application with more than one " + "resource type using version 1.0 of this endpoint").asPromise();
}
// Retrieve the resource type from the applications single resource type.
final String resourceTypeUuid = application.getResourceTypeUuids().iterator().next();
ResourceType resourceType = resourceTypeService.getResourceType(callingSubject, pathRealm, resourceTypeUuid);
boolean resourceTypeModified = false;
if (!actions.equals(resourceType.getActions())) {
resourceTypeModified = true;
resourceType = resourceType.populatedBuilder().setActions(actions).build();
}
if (!resources.equals(resourceType.getPatterns())) {
resourceTypeModified = true;
resourceType = resourceType.populatedBuilder().setPatterns(resources).build();
}
if (resourceTypeModified) {
resourceTypeService.updateResourceType(callingSubject, pathRealm, resourceType);
}
// Ensure the resource type UUID isn't lost.
jsonValue.put(RESOURCE_TYPE_UUIDS, new HashSet<String>(Arrays.asList(resourceTypeUuid)));
} catch (EntitlementException eE) {
debug.error("Error filtering application update CREST request", eE);
return resourceErrorHandler.handleError(context, request, eE).asPromise();
}
// Forward onto next handler.
return applicationTransformer.transform(next.handleUpdate(context, request), context);
}
use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.
the class ApplicationsResource method queryCollection.
/**
* Queries for a collection of resources.
*
* @param context {@inheritDoc}
* @param request {@inheritDoc}
* @param handler {@inheritDoc}
*/
@Override
public Promise<QueryResponse, ResourceException> queryCollection(Context context, QueryRequest request, QueryResourceHandler handler) {
//auth
final Subject mySubject = getContextSubject(context);
if (mySubject == null) {
debug.error("ApplicationsResource :: UPDATE : Unknown Subject");
return new BadRequestException().asPromise();
}
//select
final String realm = getRealm(context);
final String principalName = PrincipalRestUtils.getPrincipalNameFromSubject(mySubject);
try {
List<ResourceResponse> results = new ArrayList<>();
final Set<String> appNames = query(request, mySubject, realm);
for (String appName : appNames) {
final Application application = appManager.getApplication(mySubject, realm, appName);
if (application == null) {
debug.warning("Unable to find application " + appName);
continue;
}
ApplicationWrapper wrapper = createApplicationWrapper(application, appTypeManagerWrapper);
results.add(newResourceResponse(wrapper.getName(), null, wrapper.toJsonValue()));
}
QueryResponsePresentation.enableDeprecatedRemainingQueryResponse(request);
return QueryResponsePresentation.perform(handler, request, results);
} catch (EntitlementException e) {
if (debug.errorEnabled()) {
debug.error("ApplicationsResource :: QUERY by " + principalName + ": Failed to query resource.", e);
}
return exceptionMappingHandler.handleError(context, request, e).asPromise();
}
}
Aggregations