Search in sources :

Example 41 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class ResourceTypeConfigurationImpl method containsName.

/**
     * {@inheritDoc}
     */
@Override
public boolean containsName(Subject subject, String realm, String name) throws EntitlementException {
    try {
        final ServiceConfig subOrgConfig = resourceTypeServiceConfig.getOrgConfig(subject, realm).getSubConfig(CONFIG_RESOURCE_TYPES);
        if (subOrgConfig == null) {
            return false;
        }
        final Set<String> configNames = subOrgConfig.getSubConfigNames();
        for (String configName : configNames) {
            if (name.equalsIgnoreCase(getAttribute(subOrgConfig.getSubConfig(configName).getAttributes(), CONFIG_NAME))) {
                return true;
            }
        }
    } catch (SMSException ex) {
        PrivilegeManager.debug.error("ResourceTypeConfiguration.containsName", ex);
        throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, ex, realm);
    } catch (SSOException ex) {
        PrivilegeManager.debug.error("ResourceTypeConfiguration.containsName", ex);
        throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, ex, realm);
    }
    return false;
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) ServiceConfig(com.sun.identity.sm.ServiceConfig) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException)

Example 42 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class ResourceTypeConfigurationImpl method isResourceTypeUsed.

/**
     * Looks in the realm for applications and policies that may reference the resource type.
     *
     * @param uuid
     *         the resource type uuid
     *
     * @return whether the resource type is referenced in the policy model for the realm
     *
     * @throws EntitlementException
     *         should an error occur looking up resource type references
     */
private boolean isResourceTypeUsed(Subject subject, String realm, String uuid) throws EntitlementException {
    SSOToken token = SubjectUtils.getSSOToken(subject);
    try {
        String filter = MessageFormat.format(REFERENCE_FILTER, uuid);
        @SuppressWarnings("unchecked") Set<String> dnEntries = SMSEntry.search(token, dnHelper.orgNameToDN(realm), filter, 0, 0, false, false);
        for (String dnEntry : dnEntries) {
            if (dnEntry.contains(EntitlementUtils.INDEXES_NAME)) {
                // A DN containing the entitlement index service indicates reference by a policy.
                return true;
            }
            if (dnEntry.contains(EntitlementUtils.SERVICE_NAME)) {
                // A DN containing the general entitlement service indicates reference by an application.
                return true;
            }
        }
        return false;
    } catch (SMSException smsE) {
        throw new EntitlementException(EntitlementException.INTERNAL_ERROR, smsE);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOToken(com.iplanet.sso.SSOToken) SMSException(com.sun.identity.sm.SMSException)

Example 43 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class ResourceTypeConfigurationImpl method getResourceTypesData.

@Override
public Map<String, Map<String, Set<String>>> getResourceTypesData(Subject subject, String realm) throws EntitlementException {
    final Map<String, Map<String, Set<String>>> configData = new HashMap<String, Map<String, Set<String>>>();
    try {
        final ServiceConfig subOrgConfig = resourceTypeServiceConfig.getOrgConfig(subject, realm).getSubConfig(CONFIG_RESOURCE_TYPES);
        if (subOrgConfig == null) {
            return configData;
        }
        final Set<String> uuids = subOrgConfig.getSubConfigNames();
        for (String uuid : uuids) {
            configData.put(uuid, subOrgConfig.getSubConfig(uuid).getAttributesForRead());
        }
    } catch (SMSException ex) {
        PrivilegeManager.debug.error("ResourceTypeConfiguration.getResourceTypesData", ex);
        throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, ex, realm);
    } catch (SSOException ex) {
        PrivilegeManager.debug.error("ResourceTypeConfiguration.getResourceTypesData", ex);
        throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, ex, realm);
    }
    return configData;
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) Set(java.util.Set) HashSet(java.util.HashSet) EntitlementUtils.getActionSet(org.forgerock.openam.entitlement.utils.EntitlementUtils.getActionSet) HashMap(java.util.HashMap) ServiceConfig(com.sun.identity.sm.ServiceConfig) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException) Map(java.util.Map) HashMap(java.util.HashMap) EntitlementUtils.resourceTypeFromMap(org.forgerock.openam.entitlement.utils.EntitlementUtils.resourceTypeFromMap)

Example 44 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class ApplicationV1Filter method filterUpdate.

/**
     * Update expects the application json to contain both actions and resources; these attributes are part of the old
     * json definition for an application. It also expects that the mentioned application exists with exactly one
     * resource type - no resource types or many resource types is not acceptable, else it is impossible to determine
     * which resource type applies to the set of actions and resources being passed as part of the application json.
     * <p/>
     * Changes to the actions and/or resources will be reflected in the applications associated resource type.
     *
     * @param context
     *         the filter chain context
     * @param request
     *         the update request
     * @param next
     *         a request handler representing the remainder of the filter chain
     */
@Override
public Promise<ResourceResponse, ResourceException> filterUpdate(final Context context, final UpdateRequest request, final RequestHandler next) {
    final JsonValue jsonValue = request.getContent();
    final Map<String, Boolean> actions = jsonValue.get(ACTIONS).asMap(Boolean.class);
    final Set<String> resources = jsonValue.get(RESOURCES).asSet(String.class);
    final String bodyRealm = jsonValue.get(REALM).asString();
    final String pathRealm = contextHelper.getRealm(context);
    if (actions == null) {
        return new BadRequestException("Invalid actions defined in request").asPromise();
    }
    if (resources == null) {
        return new BadRequestException("Invalid resources defined in request").asPromise();
    }
    if (!pathRealm.equals(bodyRealm)) {
        return resourceErrorHandler.handleError(context, request, new EntitlementException(EntitlementException.INVALID_APP_REALM, new String[] { bodyRealm, pathRealm })).asPromise();
    }
    final Subject callingSubject = contextHelper.getSubject(context);
    final String applicationName = request.getResourcePath();
    try {
        final ApplicationService applicationService = applicationServiceFactory.create(callingSubject, pathRealm);
        final Application application = applicationService.getApplication(applicationName);
        if (application == null) {
            return new NotFoundException("Unable to find application " + applicationName).asPromise();
        }
        if (application.getResourceTypeUuids().size() != 1) {
            return new BadRequestException("Cannot modify application with more than one " + "resource type using version 1.0 of this endpoint").asPromise();
        }
        // Retrieve the resource type from the applications single resource type.
        final String resourceTypeUuid = application.getResourceTypeUuids().iterator().next();
        ResourceType resourceType = resourceTypeService.getResourceType(callingSubject, pathRealm, resourceTypeUuid);
        boolean resourceTypeModified = false;
        if (!actions.equals(resourceType.getActions())) {
            resourceTypeModified = true;
            resourceType = resourceType.populatedBuilder().setActions(actions).build();
        }
        if (!resources.equals(resourceType.getPatterns())) {
            resourceTypeModified = true;
            resourceType = resourceType.populatedBuilder().setPatterns(resources).build();
        }
        if (resourceTypeModified) {
            resourceTypeService.updateResourceType(callingSubject, pathRealm, resourceType);
        }
        // Ensure the resource type UUID isn't lost.
        jsonValue.put(RESOURCE_TYPE_UUIDS, new HashSet<String>(Arrays.asList(resourceTypeUuid)));
    } catch (EntitlementException eE) {
        debug.error("Error filtering application update CREST request", eE);
        return resourceErrorHandler.handleError(context, request, eE).asPromise();
    }
    // Forward onto next handler.
    return applicationTransformer.transform(next.handleUpdate(context, request), context);
}
Also used : JsonValue(org.forgerock.json.JsonValue) NotFoundException(org.forgerock.json.resource.NotFoundException) ResourceType(org.forgerock.openam.entitlement.ResourceType) Subject(javax.security.auth.Subject) EntitlementException(com.sun.identity.entitlement.EntitlementException) BadRequestException(org.forgerock.json.resource.BadRequestException) Application(com.sun.identity.entitlement.Application) ApplicationService(org.forgerock.openam.entitlement.service.ApplicationService)

Example 45 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class ApplicationsResource method queryCollection.

/**
     * Queries for a collection of resources.
     *
     * @param context {@inheritDoc}
     * @param request {@inheritDoc}
     * @param handler {@inheritDoc}
     */
@Override
public Promise<QueryResponse, ResourceException> queryCollection(Context context, QueryRequest request, QueryResourceHandler handler) {
    //auth
    final Subject mySubject = getContextSubject(context);
    if (mySubject == null) {
        debug.error("ApplicationsResource :: UPDATE : Unknown Subject");
        return new BadRequestException().asPromise();
    }
    //select
    final String realm = getRealm(context);
    final String principalName = PrincipalRestUtils.getPrincipalNameFromSubject(mySubject);
    try {
        List<ResourceResponse> results = new ArrayList<>();
        final Set<String> appNames = query(request, mySubject, realm);
        for (String appName : appNames) {
            final Application application = appManager.getApplication(mySubject, realm, appName);
            if (application == null) {
                debug.warning("Unable to find application " + appName);
                continue;
            }
            ApplicationWrapper wrapper = createApplicationWrapper(application, appTypeManagerWrapper);
            results.add(newResourceResponse(wrapper.getName(), null, wrapper.toJsonValue()));
        }
        QueryResponsePresentation.enableDeprecatedRemainingQueryResponse(request);
        return QueryResponsePresentation.perform(handler, request, results);
    } catch (EntitlementException e) {
        if (debug.errorEnabled()) {
            debug.error("ApplicationsResource :: QUERY by " + principalName + ": Failed to query resource.", e);
        }
        return exceptionMappingHandler.handleError(context, request, e).asPromise();
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) ApplicationWrapper(org.forgerock.openam.entitlement.rest.wrappers.ApplicationWrapper) ResourceResponse(org.forgerock.json.resource.ResourceResponse) BadRequestException(org.forgerock.json.resource.BadRequestException) Application(com.sun.identity.entitlement.Application) Subject(javax.security.auth.Subject)

Aggregations

EntitlementException (com.sun.identity.entitlement.EntitlementException)221 Subject (javax.security.auth.Subject)68 HashSet (java.util.HashSet)58 SSOException (com.iplanet.sso.SSOException)51 Set (java.util.Set)50 SSOToken (com.iplanet.sso.SSOToken)47 SMSException (com.sun.identity.sm.SMSException)45 Application (com.sun.identity.entitlement.Application)37 Test (org.testng.annotations.Test)37 HashMap (java.util.HashMap)34 ResourceException (org.forgerock.json.resource.ResourceException)33 ResourceResponse (org.forgerock.json.resource.ResourceResponse)32 Privilege (com.sun.identity.entitlement.Privilege)22 JsonValue (org.forgerock.json.JsonValue)19 JSONException (org.json.JSONException)19 CLIException (com.sun.identity.cli.CLIException)18 ApplicationPrivilegeManager (com.sun.identity.entitlement.ApplicationPrivilegeManager)17 ServiceConfig (com.sun.identity.sm.ServiceConfig)17 ResourceType (org.forgerock.openam.entitlement.ResourceType)17 PolicyException (com.sun.identity.policy.PolicyException)16