Example 1 with NeedMoreCredentials
use of com.sun.identity.idsvcs.NeedMoreCredentials in project OpenAM by OpenRock.
the class IdentityResourceV1 method readInstance.
/**
* {@inheritDoc}
*/
@Override
public Promise<ResourceResponse, ResourceException> readInstance(final Context context, final String resourceId, final ReadRequest request) {
RealmContext realmContext = context.asContext(RealmContext.class);
final String realm = realmContext.getResolvedRealm();
IdentityDetails dtls;
try {
SSOToken admin = getSSOToken(getCookieFromServerContext(context));
dtls = identityServices.read(resourceId, getIdentityServicesAttributes(realm), admin);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
debug.message("IdentityResource.readInstance :: READ of resourceId={} in realm={} performed by " + "principalName={}", resourceId, realm, principalName);
return newResultPromise(buildResourceResponse(resourceId, context, dtls));
} catch (final NeedMoreCredentials needMoreCredentials) {
debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={} : User does not have enough " + "privileges.", resourceId, needMoreCredentials);
return new ForbiddenException("User does not have enough privileges.", needMoreCredentials).asPromise();
} catch (final ObjectNotFound objectNotFound) {
debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={} : Resource cannot be found.", resourceId, objectNotFound);
return new NotFoundException("Resource cannot be found.", objectNotFound).asPromise();
} catch (final TokenExpired tokenExpired) {
debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={} : Unauthorized", resourceId, tokenExpired);
return new PermanentException(401, "Unauthorized", null).asPromise();
} catch (final AccessDenied accessDenied) {
debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={} : Access denied", resourceId, accessDenied);
return new ForbiddenException(accessDenied.getMessage(), accessDenied).asPromise();
} catch (final GeneralFailure generalFailure) {
debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={}", resourceId, generalFailure);
return new BadRequestException(generalFailure.getMessage(), generalFailure).asPromise();
} catch (final Exception e) {
debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={}", resourceId, e);
return new NotFoundException(e.getMessage(), e).asPromise();
}
}
Also used :
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
IdentityRestUtils.getSSOToken(org.forgerock.openam.core.rest.IdentityRestUtils.getSSOToken)
SSOToken(com.iplanet.sso.SSOToken)
NeedMoreCredentials(com.sun.identity.idsvcs.NeedMoreCredentials)
RealmContext(org.forgerock.openam.rest.RealmContext)
NotFoundException(org.forgerock.json.resource.NotFoundException)
ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException)
AccessDenied(com.sun.identity.idsvcs.AccessDenied)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
DeleteFailedException(org.forgerock.openam.cts.exceptions.DeleteFailedException)
SSOException(com.iplanet.sso.SSOException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
NotSupportedException(org.forgerock.json.resource.NotSupportedException)
BadRequestException(org.forgerock.json.resource.BadRequestException)
MessagingException(javax.mail.MessagingException)
ConflictException(org.forgerock.json.resource.ConflictException)
PermanentException(org.forgerock.json.resource.PermanentException)
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException)
IdRepoException(com.sun.identity.idm.IdRepoException)
SMSException(com.sun.identity.sm.SMSException)
ResourceException(org.forgerock.json.resource.ResourceException)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound)
PermanentException(org.forgerock.json.resource.PermanentException)
GeneralFailure(com.sun.identity.idsvcs.GeneralFailure)
IdentityRestUtils.jsonValueToIdentityDetails(org.forgerock.openam.core.rest.IdentityRestUtils.jsonValueToIdentityDetails)
IdentityDetails(com.sun.identity.idsvcs.IdentityDetails)
BadRequestException(org.forgerock.json.resource.BadRequestException)
TokenExpired(com.sun.identity.idsvcs.TokenExpired)
Example 2 with NeedMoreCredentials
use of com.sun.identity.idsvcs.NeedMoreCredentials in project OpenAM by OpenRock.
the class IdentityResourceV1 method updateInstance.
@Override
public Promise<ResourceResponse, ResourceException> updateInstance(final Context context, final String resourceId, final UpdateRequest request) {
RealmContext realmContext = context.asContext(RealmContext.class);
final String realm = realmContext.getResolvedRealm();
final JsonValue jsonValue = request.getContent();
final String rev = request.getRevision();
IdentityDetails dtls, newDtls;
ResourceResponse resource;
try {
SSOToken admin = getSSOToken(getCookieFromServerContext(context));
// Retrieve details about user to be updated
dtls = identityServices.read(resourceId, getIdentityServicesAttributes(realm), admin);
//be removed from the IdentityDetails object.
if (!isAdmin(context)) {
for (String attrName : jsonValue.keys()) {
if ("userpassword".equalsIgnoreCase(attrName)) {
String newPassword = jsonValue.get(attrName).asString();
if (!StringUtils.isBlank(newPassword)) {
String oldPassword = RestUtils.getMimeHeaderValue(context, OLD_PASSWORD);
if (StringUtils.isBlank(oldPassword)) {
throw new BadRequestException("The old password is missing from the request");
}
//This is an end-user trying to change the password, so let's change the password by
//verifying that the provided old password is correct. We also remove the password from the
//list of attributes to prevent the administrative password reset via the update call.
jsonValue.remove(attrName);
IdentityRestUtils.changePassword(context, realm, resourceId, oldPassword, newPassword);
}
break;
}
}
}
newDtls = jsonValueToIdentityDetails(objectType, jsonValue, realm);
if (newDtls.getName() != null && !resourceId.equalsIgnoreCase(newDtls.getName())) {
throw new BadRequestException("id in path does not match id in request body");
}
newDtls.setName(resourceId);
// update resource with new details
identityServices.update(newDtls, admin);
// read updated identity back to client
IdentityDetails checkIdent = identityServices.read(dtls.getName(), getIdentityServicesAttributes(realm), admin);
// handle updated resource
resource = newResourceResponse(resourceId, "0", identityDetailsToJsonValue(checkIdent));
return newResultPromise(resource);
} catch (final ObjectNotFound onf) {
debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Could not find the " + "resource", resourceId, onf);
return new NotFoundException("Could not find the resource [ " + resourceId + " ] to update", onf).asPromise();
} catch (final NeedMoreCredentials needMoreCredentials) {
debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Token is not authorized", resourceId, needMoreCredentials);
return new ForbiddenException("Token is not authorized", needMoreCredentials).asPromise();
} catch (final TokenExpired tokenExpired) {
debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Unauthorized", resourceId, tokenExpired);
return new PermanentException(401, "Unauthorized", null).asPromise();
} catch (final AccessDenied accessDenied) {
debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Access denied", resourceId, accessDenied);
return new ForbiddenException(accessDenied.getMessage(), accessDenied).asPromise();
} catch (final GeneralFailure generalFailure) {
debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={}", resourceId, generalFailure);
return new BadRequestException(generalFailure.getMessage(), generalFailure).asPromise();
} catch (NotFoundException e) {
debug.warning("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Could not find the " + "resource", resourceId, e);
return new NotFoundException("Could not find the resource [ " + resourceId + " ] to update", e).asPromise();
} catch (ResourceException re) {
debug.warning("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} ", resourceId, re);
return re.asPromise();
} catch (SSOException ssoe) {
debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={}", resourceId, ssoe);
return new ForbiddenException(ssoe).asPromise();
} catch (final Exception e) {
debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={}", resourceId, e);
return new NotFoundException(e).asPromise();
}
}
Also used :
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
IdentityRestUtils.getSSOToken(org.forgerock.openam.core.rest.IdentityRestUtils.getSSOToken)
SSOToken(com.iplanet.sso.SSOToken)
NeedMoreCredentials(com.sun.identity.idsvcs.NeedMoreCredentials)
RealmContext(org.forgerock.openam.rest.RealmContext)
IdentityRestUtils.identityDetailsToJsonValue(org.forgerock.openam.core.rest.IdentityRestUtils.identityDetailsToJsonValue)
JsonValue(org.forgerock.json.JsonValue)
NotFoundException(org.forgerock.json.resource.NotFoundException)
ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException)
SSOException(com.iplanet.sso.SSOException)
AccessDenied(com.sun.identity.idsvcs.AccessDenied)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
DeleteFailedException(org.forgerock.openam.cts.exceptions.DeleteFailedException)
SSOException(com.iplanet.sso.SSOException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
NotSupportedException(org.forgerock.json.resource.NotSupportedException)
BadRequestException(org.forgerock.json.resource.BadRequestException)
MessagingException(javax.mail.MessagingException)
ConflictException(org.forgerock.json.resource.ConflictException)
PermanentException(org.forgerock.json.resource.PermanentException)
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException)
IdRepoException(com.sun.identity.idm.IdRepoException)
SMSException(com.sun.identity.sm.SMSException)
ResourceException(org.forgerock.json.resource.ResourceException)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
ResourceResponse(org.forgerock.json.resource.ResourceResponse)
ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound)
PermanentException(org.forgerock.json.resource.PermanentException)
GeneralFailure(com.sun.identity.idsvcs.GeneralFailure)
IdentityRestUtils.jsonValueToIdentityDetails(org.forgerock.openam.core.rest.IdentityRestUtils.jsonValueToIdentityDetails)
IdentityDetails(com.sun.identity.idsvcs.IdentityDetails)
BadRequestException(org.forgerock.json.resource.BadRequestException)
TokenExpired(com.sun.identity.idsvcs.TokenExpired)
ResourceException(org.forgerock.json.resource.ResourceException)
Example 3 with NeedMoreCredentials
use of com.sun.identity.idsvcs.NeedMoreCredentials in project OpenAM by OpenRock.
the class IdentityResourceV2 method updateInstance.
/**
* {@inheritDoc}
*/
@Override
public Promise<ResourceResponse, ResourceException> updateInstance(final Context context, final String resourceId, final UpdateRequest request) {
RealmContext realmContext = context.asContext(RealmContext.class);
final String realm = realmContext.getResolvedRealm();
final JsonValue jVal = request.getContent();
final String rev = request.getRevision();
IdentityDetails dtls, newDtls;
ResourceResponse resource;
try {
SSOToken token = getSSOToken(getCookieFromServerContext(context));
// Retrieve details about user to be updated
dtls = identityServices.read(resourceId, getIdentityServicesAttributes(realm, objectType), token);
// Continue modifying the identity if read success
boolean isUpdatingHisOwnPassword = SystemProperties.getAsBoolean(Constants.CASE_SENSITIVE_UUID) ? token.getProperty(ISAuthConstants.USER_ID).equals(resourceId) : token.getProperty(ISAuthConstants.USER_ID).equalsIgnoreCase(resourceId);
// If the user wants to modify his password, he should use a different action.
if (isUpdatingHisOwnPassword) {
for (String key : jVal.keys()) {
if (USER_PASSWORD.equalsIgnoreCase(key)) {
return new BadRequestException("Cannot update user password via PUT. " + "Use POST with _action=changePassword or _action=forgotPassword.").asPromise();
}
}
}
newDtls = jsonValueToIdentityDetails(objectType, jVal, realm);
if (newDtls.getAttributes() == null || newDtls.getAttributes().length < 1) {
throw new BadRequestException("Illegal arguments: One or more required arguments is null or empty");
}
if (newDtls.getName() != null && !resourceId.equalsIgnoreCase(newDtls.getName())) {
throw new BadRequestException("id in path does not match id in request body");
}
newDtls.setName(resourceId);
UserAttributeInfo userAttributeInfo = configHandler.getConfig(realm, UserAttributeInfoBuilder.class);
// Handle attribute change when password is required
// Get restSecurity for this realm
RestSecurity restSecurity = restSecurityProvider.get(realm);
// Make sure user is not admin and check to see if we are requiring a password to change any attributes
Set<String> protectedUserAttributes = new HashSet<>();
protectedUserAttributes.addAll(restSecurity.getProtectedUserAttributes());
protectedUserAttributes.addAll(userAttributeInfo.getProtectedUpdateAttributes());
if (!protectedUserAttributes.isEmpty() && !isAdmin(context)) {
boolean hasReauthenticated = false;
for (String protectedAttr : protectedUserAttributes) {
JsonValue jValAttr = jVal.get(protectedAttr);
if (!jValAttr.isNull()) {
// If attribute is not available set newAttr variable to empty string for use in comparison
String newAttr = (jValAttr.isString()) ? jValAttr.asString() : "";
// Get the value of current attribute
String currentAttr = "";
Map<String, Set<String>> attrs = asMap(dtls.getAttributes());
for (Map.Entry<String, Set<String>> attribute : attrs.entrySet()) {
String attributeName = attribute.getKey();
if (protectedAttr.equalsIgnoreCase(attributeName)) {
currentAttr = attribute.getValue().iterator().next();
}
}
// Compare newAttr and currentAttr
if (!currentAttr.equals(newAttr) && !hasReauthenticated) {
// check header to make sure that password is there then check to see if it's correct
String strCurrentPass = RestUtils.getMimeHeaderValue(context, CURRENT_PASSWORD);
if (strCurrentPass != null && !strCurrentPass.isEmpty() && checkValidPassword(resourceId, strCurrentPass.toCharArray(), realm)) {
//set a boolean value so we know reauth has been done
hasReauthenticated = true;
//continue will allow attribute(s) change(s)
} else {
throw new BadRequestException("Must provide a valid confirmation password to change " + "protected attribute (" + protectedAttr + ") from '" + currentAttr + "' to '" + newAttr + "'");
}
}
}
}
}
// update resource with new details
identityServices.update(newDtls, token);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
debug.message("IdentityResource.updateInstance :: UPDATE of resourceId={} in realm={} performed " + "by principalName={}", resourceId, realm, principalName);
// read updated identity back to client
IdentityDetails checkIdent = identityServices.read(dtls.getName(), getIdentityServicesAttributes(realm, objectType), token);
return newResultPromise(this.identityResourceV1.buildResourceResponse(resourceId, context, checkIdent));
} catch (final ObjectNotFound onf) {
debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Could not find the " + "resource", resourceId, onf);
return new NotFoundException("Could not find the resource [ " + resourceId + " ] to update", onf).asPromise();
} catch (final NeedMoreCredentials needMoreCredentials) {
debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Token is not authorized", resourceId, needMoreCredentials);
return new ForbiddenException("Token is not authorized", needMoreCredentials).asPromise();
} catch (final TokenExpired tokenExpired) {
debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Unauthorized", resourceId, tokenExpired);
return new PermanentException(401, "Unauthorized", null).asPromise();
} catch (final AccessDenied accessDenied) {
debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Access denied", resourceId, accessDenied);
return new ForbiddenException(accessDenied.getMessage(), accessDenied).asPromise();
} catch (final GeneralFailure generalFailure) {
debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={}", resourceId, generalFailure);
return new BadRequestException(generalFailure.getMessage(), generalFailure).asPromise();
} catch (BadRequestException bre) {
debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={}", resourceId, bre);
return bre.asPromise();
} catch (NotFoundException e) {
debug.warning("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Could not find the " + "resource", resourceId, e);
return new NotFoundException("Could not find the resource [ " + resourceId + " ] to update", e).asPromise();
} catch (ResourceException re) {
debug.warning("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} ", resourceId, re);
return re.asPromise();
} catch (final Exception e) {
debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={}", resourceId, e);
return new NotFoundException(e.getMessage(), e).asPromise();
}
}
Also used :
UserAttributeInfo(org.forgerock.openam.core.rest.UserAttributeInfo)
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
HashSet(java.util.HashSet)
NotFoundException(org.forgerock.json.resource.NotFoundException)
ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException)
ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound)
PermanentException(org.forgerock.json.resource.PermanentException)
RestSecurity(org.forgerock.openam.services.RestSecurity)
TokenExpired(com.sun.identity.idsvcs.TokenExpired)
ResourceException(org.forgerock.json.resource.ResourceException)
HashSet(java.util.HashSet)
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
NeedMoreCredentials(com.sun.identity.idsvcs.NeedMoreCredentials)
RealmContext(org.forgerock.openam.rest.RealmContext)
JsonValue(org.forgerock.json.JsonValue)
AccessDenied(com.sun.identity.idsvcs.AccessDenied)
MessagingException(javax.mail.MessagingException)
ConflictException(org.forgerock.json.resource.ConflictException)
PermanentException(org.forgerock.json.resource.PermanentException)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
DeleteFailedException(org.forgerock.openam.cts.exceptions.DeleteFailedException)
SSOException(com.iplanet.sso.SSOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException)
NotSupportedException(org.forgerock.json.resource.NotSupportedException)
BadRequestException(org.forgerock.json.resource.BadRequestException)
IdRepoException(com.sun.identity.idm.IdRepoException)
SMSException(com.sun.identity.sm.SMSException)
ResourceException(org.forgerock.json.resource.ResourceException)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
Responses.newResourceResponse(org.forgerock.json.resource.Responses.newResourceResponse)
ResourceResponse(org.forgerock.json.resource.ResourceResponse)
GeneralFailure(com.sun.identity.idsvcs.GeneralFailure)
IdentityDetails(com.sun.identity.idsvcs.IdentityDetails)
BadRequestException(org.forgerock.json.resource.BadRequestException)
Map(java.util.Map)
IdentityServicesImpl.asMap(com.sun.identity.idsvcs.opensso.IdentityServicesImpl.asMap)
LinkedHashMap(java.util.LinkedHashMap)
Example 4 with NeedMoreCredentials
use of com.sun.identity.idsvcs.NeedMoreCredentials in project OpenAM by OpenRock.
the class IdentityResourceV1 method attemptResourceCreation.
private Promise<IdentityDetails, ResourceException> attemptResourceCreation(String realm, SSOToken admin, IdentityDetails identity, String resourceId) {
try {
identityServices.create(identity, admin);
IdentityDetails dtls = identityServices.read(resourceId, getIdentityServicesAttributes(realm), admin);
if (debug.messageEnabled()) {
debug.message("IdentityResource.createInstance() :: Created resourceId={} in realm={} by AdminID={}", resourceId, realm, admin.getTokenID());
}
return newResultPromise(dtls);
} catch (final ObjectNotFound notFound) {
debug.error("IdentityResource.createInstance() :: Cannot READ resourceId={} : Resource cannot be found.", resourceId, notFound);
return new NotFoundException("Resource not found.", notFound).asPromise();
} catch (final TokenExpired tokenExpired) {
debug.error("IdentityResource.createInstance() :: Cannot CREATE resourceId={} : Unauthorized", resourceId, tokenExpired);
return new PermanentException(401, "Unauthorized", null).asPromise();
} catch (final NeedMoreCredentials needMoreCredentials) {
debug.error("IdentityResource.createInstance() :: Cannot CREATE resourceId={} : Token is not authorized", resourceId, needMoreCredentials);
return new ForbiddenException("Token is not authorized", needMoreCredentials).asPromise();
} catch (ResourceException re) {
debug.warning("IdentityResource.createInstance() :: Cannot CREATE resourceId={}", resourceId, re);
return re.asPromise();
} catch (final Exception e) {
debug.error("IdentityResource.createInstance() :: Cannot CREATE resourceId={}", resourceId, e);
return new NotFoundException(e.getMessage(), e).asPromise();
}
}
Also used :
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
NeedMoreCredentials(com.sun.identity.idsvcs.NeedMoreCredentials)
ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound)
PermanentException(org.forgerock.json.resource.PermanentException)
IdentityRestUtils.jsonValueToIdentityDetails(org.forgerock.openam.core.rest.IdentityRestUtils.jsonValueToIdentityDetails)
IdentityDetails(com.sun.identity.idsvcs.IdentityDetails)
NotFoundException(org.forgerock.json.resource.NotFoundException)
ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException)
TokenExpired(com.sun.identity.idsvcs.TokenExpired)
ResourceException(org.forgerock.json.resource.ResourceException)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
DeleteFailedException(org.forgerock.openam.cts.exceptions.DeleteFailedException)
SSOException(com.iplanet.sso.SSOException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
NotSupportedException(org.forgerock.json.resource.NotSupportedException)
BadRequestException(org.forgerock.json.resource.BadRequestException)
MessagingException(javax.mail.MessagingException)
ConflictException(org.forgerock.json.resource.ConflictException)
PermanentException(org.forgerock.json.resource.PermanentException)
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException)
IdRepoException(com.sun.identity.idm.IdRepoException)
SMSException(com.sun.identity.sm.SMSException)
ResourceException(org.forgerock.json.resource.ResourceException)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
Example 5 with NeedMoreCredentials
use of com.sun.identity.idsvcs.NeedMoreCredentials in project OpenAM by OpenRock.
the class IdentityResourceV1 method deleteInstance.
/**
* {@inheritDoc}
*/
@Override
public Promise<ResourceResponse, ResourceException> deleteInstance(final Context context, final String resourceId, final DeleteRequest request) {
RealmContext realmContext = context.asContext(RealmContext.class);
final String realm = realmContext.getResolvedRealm();
JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
ResourceResponse resource;
IdentityDetails dtls;
try {
SSOToken admin = getSSOToken(getCookieFromServerContext(context));
// read to see if resource is available to user
dtls = identityServices.read(resourceId, getIdentityServicesAttributes(realm), admin);
// delete the resource
identityServices.delete(dtls, admin);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
debug.message("IdentityResource.deleteInstance :: DELETE of resourceId={} in realm={} performed by " + "principalName={}", resourceId, realm, principalName);
result.put("success", "true");
resource = newResourceResponse(resourceId, "0", result);
return newResultPromise(resource);
} catch (final NeedMoreCredentials ex) {
debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : User does not have enough" + " privileges.", resourceId, ex);
return new ForbiddenException(resourceId, ex).asPromise();
} catch (final ObjectNotFound notFound) {
debug.error("IdentityResource.deleteInstance() :: Cannot DELETE {} : Resource cannot be found.", resourceId, notFound);
return new NotFoundException("Resource cannot be found.", notFound).asPromise();
} catch (final TokenExpired tokenExpired) {
debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : Unauthorized", resourceId, tokenExpired);
return new PermanentException(401, "Unauthorized", null).asPromise();
} catch (final AccessDenied accessDenied) {
debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : Access denied", resourceId, accessDenied);
return new ForbiddenException(accessDenied).asPromise();
} catch (final GeneralFailure generalFailure) {
debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : general failure", resourceId, generalFailure);
return new BadRequestException(generalFailure.getMessage(), generalFailure).asPromise();
} catch (ForbiddenException ex) {
debug.warning("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={}: User does not have " + "enough privileges.", resourceId, ex);
return new ForbiddenException(resourceId, ex).asPromise();
} catch (NotFoundException notFound) {
debug.warning("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : Resource cannot be found", resourceId, notFound);
return new NotFoundException("Resource cannot be found.", notFound).asPromise();
} catch (ResourceException re) {
debug.warning("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : resource failure", resourceId, re);
result.put("success", "false");
resource = newResourceResponse(resourceId, "0", result);
return newResultPromise(resource);
} catch (Exception e) {
debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={}", resourceId, e);
result.put("success", "false");
resource = newResourceResponse(resourceId, "0", result);
return newResultPromise(resource);
}
}
Also used :
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
IdentityRestUtils.getSSOToken(org.forgerock.openam.core.rest.IdentityRestUtils.getSSOToken)
SSOToken(com.iplanet.sso.SSOToken)
NeedMoreCredentials(com.sun.identity.idsvcs.NeedMoreCredentials)
RealmContext(org.forgerock.openam.rest.RealmContext)
IdentityRestUtils.identityDetailsToJsonValue(org.forgerock.openam.core.rest.IdentityRestUtils.identityDetailsToJsonValue)
JsonValue(org.forgerock.json.JsonValue)
NotFoundException(org.forgerock.json.resource.NotFoundException)
ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException)
AccessDenied(com.sun.identity.idsvcs.AccessDenied)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
DeleteFailedException(org.forgerock.openam.cts.exceptions.DeleteFailedException)
SSOException(com.iplanet.sso.SSOException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
NotSupportedException(org.forgerock.json.resource.NotSupportedException)
BadRequestException(org.forgerock.json.resource.BadRequestException)
MessagingException(javax.mail.MessagingException)
ConflictException(org.forgerock.json.resource.ConflictException)
PermanentException(org.forgerock.json.resource.PermanentException)
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException)
IdRepoException(com.sun.identity.idm.IdRepoException)
SMSException(com.sun.identity.sm.SMSException)
ResourceException(org.forgerock.json.resource.ResourceException)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
ResourceResponse(org.forgerock.json.resource.ResourceResponse)
ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound)
PermanentException(org.forgerock.json.resource.PermanentException)
GeneralFailure(com.sun.identity.idsvcs.GeneralFailure)
IdentityRestUtils.jsonValueToIdentityDetails(org.forgerock.openam.core.rest.IdentityRestUtils.jsonValueToIdentityDetails)
IdentityDetails(com.sun.identity.idsvcs.IdentityDetails)
BadRequestException(org.forgerock.json.resource.BadRequestException)
TokenExpired(com.sun.identity.idsvcs.TokenExpired)
ResourceException(org.forgerock.json.resource.ResourceException)
Aggregations
SSOException (com.iplanet.sso.SSOException)6
IdRepoException (com.sun.identity.idm.IdRepoException)6
IdentityDetails (com.sun.identity.idsvcs.IdentityDetails)6
NeedMoreCredentials (com.sun.identity.idsvcs.NeedMoreCredentials)6
ObjectNotFound (com.sun.identity.idsvcs.ObjectNotFound)6
TokenExpired (com.sun.identity.idsvcs.TokenExpired)6
SMSException (com.sun.identity.sm.SMSException)6
ServiceNotFoundException (com.sun.identity.sm.ServiceNotFoundException)6
UnsupportedEncodingException (java.io.UnsupportedEncodingException)6
MessagingException (javax.mail.MessagingException)6
BadRequestException (org.forgerock.json.resource.BadRequestException)6
ConflictException (org.forgerock.json.resource.ConflictException)6
ForbiddenException (org.forgerock.json.resource.ForbiddenException)6
InternalServerErrorException (org.forgerock.json.resource.InternalServerErrorException)6
NotFoundException (org.forgerock.json.resource.NotFoundException)6
NotSupportedException (org.forgerock.json.resource.NotSupportedException)6
PermanentException (org.forgerock.json.resource.PermanentException)6
ResourceException (org.forgerock.json.resource.ResourceException)6
CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)6
DeleteFailedException (org.forgerock.openam.cts.exceptions.DeleteFailedException)6
