Example 1 with IdRepoDuplicateObjectException
use of com.sun.identity.idm.IdRepoDuplicateObjectException in project OpenAM by OpenRock.
the class IdentityServicesImpl method create.
/**
* Creates a new {@code AMIdentity} in the identity repository with the
* details specified in {@code identity}.
*
* @param identity The identity details.
* @param admin The admin token.
* @throws ResourceException If a problem occurs.
*/
public void create(IdentityDetails identity, SSOToken admin) throws ResourceException {
Reject.ifNull(identity, admin);
// Obtain identity details & verify
String idName = identity.getName();
String idType = identity.getType();
String realm = identity.getRealm();
if (StringUtils.isEmpty(idName)) {
// TODO: add a message to the exception
throw new BadRequestException("Identity name not provided");
}
if (StringUtils.isEmpty(idType)) {
idType = "user";
}
if (realm == null) {
realm = "/";
}
try {
// Obtain IdRepo to create validate IdType & operations
IdType objectIdType = getIdType(idType);
AMIdentityRepository repo = getRepo(admin, realm);
if (!isOperationSupported(repo, objectIdType, IdOperation.CREATE)) {
// TODO: add message to exception
throw new UnsupportedOperationException("Unsupported: Type: " + idType + " Operation: CREATE");
}
// Obtain creation attributes
Map<String, Set<String>> idAttrs = asMap(identity.getAttributes());
// Create the identity, special case of Agents to merge
// and validate the attributes
AMIdentity amIdentity;
if (isTypeAgent(objectIdType)) {
createAgent(idAttrs, objectIdType, idType, idName, realm, admin);
} else {
// Create other identites like User, Group, Role, etc.
amIdentity = repo.createIdentity(objectIdType, idName, idAttrs);
// Process roles, groups & memberships
if (IdType.USER.equals(objectIdType)) {
Set<String> roles = asSet(identity.getRoleList());
if (roles != null && !roles.isEmpty()) {
if (!isOperationSupported(repo, IdType.ROLE, IdOperation.EDIT)) {
// TODO: localize message
throw new UnsupportedOperationException("Unsupported: Type: " + IdType.ROLE + " Operation: EDIT");
}
for (String roleName : roles) {
AMIdentity role = fetchAMIdentity(repo, IdType.ROLE, roleName, false);
if (role != null) {
role.addMember(amIdentity);
role.store();
}
}
}
Set<String> groups = asSet(identity.getGroupList());
if (groups != null && !groups.isEmpty()) {
if (!isOperationSupported(repo, IdType.GROUP, IdOperation.EDIT)) {
// TODO: localize message
throw new UnsupportedOperationException("Unsupported: Type: " + IdType.GROUP + " Operation: EDIT");
}
for (String groupName : groups) {
AMIdentity group = fetchAMIdentity(repo, IdType.GROUP, groupName, false);
if (group != null) {
group.addMember(amIdentity);
group.store();
}
}
}
}
if (IdType.GROUP.equals(objectIdType) || IdType.ROLE.equals(objectIdType)) {
Set<String> members = asSet(identity.getMemberList());
if (members != null) {
if (IdType.GROUP.equals(objectIdType) && !isOperationSupported(repo, IdType.GROUP, IdOperation.EDIT)) {
throw new ForbiddenException("Token is not authorized");
}
if (IdType.ROLE.equals(objectIdType) && !isOperationSupported(repo, IdType.ROLE, IdOperation.EDIT)) {
throw new ForbiddenException("Token is not authorized");
}
for (String memberName : members) {
AMIdentity user = fetchAMIdentity(repo, IdType.USER, memberName, false);
if (user != null) {
amIdentity.addMember(user);
}
}
amIdentity.store();
}
}
}
} catch (IdRepoDuplicateObjectException ex) {
throw new ConflictException("Resource already exists", ex);
} catch (IdRepoException e) {
debug.error("IdentityServicesImpl:create", e);
if (IdRepoErrorCode.ACCESS_DENIED.equals(e.getErrorCode())) {
throw new ForbiddenException(e.getMessage());
} else if (e.getLdapErrorIntCode() == LDAPConstants.LDAP_CONSTRAINT_VIOLATION) {
debug.error(e.getMessage(), e);
throw new BadRequestException();
} else {
throw new NotFoundException(e.getMessage());
}
} catch (SSOException | SMSException | ConfigurationException | MalformedURLException | UnsupportedOperationException e) {
debug.error("IdentityServicesImpl:create", e);
throw new NotFoundException(e.getMessage());
} catch (ObjectNotFound e) {
debug.error("IdentityServicesImpl:create", e);
throw new NotFoundException(e.getMessage());
}
}
Also used :
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
MalformedURLException(java.net.MalformedURLException)
Set(java.util.Set)
HashSet(java.util.HashSet)
ConflictException(org.forgerock.json.resource.ConflictException)
SMSException(com.sun.identity.sm.SMSException)
IdRepoException(com.sun.identity.idm.IdRepoException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
SSOException(com.iplanet.sso.SSOException)
IdType(com.sun.identity.idm.IdType)
ConfigurationException(com.sun.identity.common.configuration.ConfigurationException)
ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound)
IdRepoDuplicateObjectException(com.sun.identity.idm.IdRepoDuplicateObjectException)
AMIdentity(com.sun.identity.idm.AMIdentity)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
BadRequestException(org.forgerock.json.resource.BadRequestException)
Aggregations
SSOException (com.iplanet.sso.SSOException)1
ConfigurationException (com.sun.identity.common.configuration.ConfigurationException)1
AMIdentity (com.sun.identity.idm.AMIdentity)1
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)1
IdRepoDuplicateObjectException (com.sun.identity.idm.IdRepoDuplicateObjectException)1
IdRepoException (com.sun.identity.idm.IdRepoException)1
IdType (com.sun.identity.idm.IdType)1
ObjectNotFound (com.sun.identity.idsvcs.ObjectNotFound)1
SMSException (com.sun.identity.sm.SMSException)1
MalformedURLException (java.net.MalformedURLException)1
HashSet (java.util.HashSet)1
Set (java.util.Set)1
BadRequestException (org.forgerock.json.resource.BadRequestException)1
ConflictException (org.forgerock.json.resource.ConflictException)1
ForbiddenException (org.forgerock.json.resource.ForbiddenException)1
NotFoundException (org.forgerock.json.resource.NotFoundException)1
