Example 1 with IdentityServicesImpl
use of com.sun.identity.idsvcs.opensso.IdentityServicesImpl in project OpenAM by OpenRock.
the class IdentityResourceV3 method patchInstance.
/**
* Patch the user's password and only the password. No other value may be patched. The old value of the
* password does not have to be known. Admin only. The only patch operation supported is "replace", i.e. not
* "add" or "move", etc.
*
* @param context The context
* @param resourceId The username we're patching
* @param request The patch request
*/
@Override
public Promise<ResourceResponse, ResourceException> patchInstance(final Context context, final String resourceId, final PatchRequest request) {
if (!objectType.equals(IdentityRestUtils.USER_TYPE)) {
return new BadRequestException("Cannot patch object type " + objectType).asPromise();
}
RealmContext realmContext = context.asContext(RealmContext.class);
final String realm = realmContext.getResolvedRealm();
try {
if (!isAdmin(context)) {
return new ForbiddenException("Only admin can patch user values").asPromise();
}
SSOToken ssoToken = getSSOToken(RestUtils.getToken().getTokenID().toString());
IdentityServicesImpl identityServices = getIdentityServices();
IdentityDetails identityDetails = identityServices.read(resourceId, getIdentityServicesAttributes(realm, objectType), ssoToken);
Attribute[] existingAttributes = identityDetails.getAttributes();
Map<String, Set<String>> existingAttributeMap = attributesToMap(existingAttributes);
Map<String, Set<String>> newAttributeMap = new HashMap<>();
if (existingAttributeMap.containsKey(IdentityRestUtils.UNIVERSAL_ID)) {
Set<String> values = existingAttributeMap.get(IdentityRestUtils.UNIVERSAL_ID);
if (isNotEmpty(values) && !isUserActive(values.iterator().next())) {
return new ForbiddenException("User " + resourceId + " is not active: Request is forbidden").asPromise();
}
}
boolean updateNeeded = false;
for (PatchOperation patchOperation : request.getPatchOperations()) {
switch(patchOperation.getOperation()) {
case PatchOperation.OPERATION_REPLACE:
{
String name = getFieldName(patchOperation.getField());
if (!patchableAttributes.contains(name)) {
return new BadRequestException("For the object type " + IdentityRestUtils.USER_TYPE + ", field \"" + name + "\" cannot be altered by PATCH").asPromise();
}
JsonValue value = patchOperation.getValue();
newAttributeMap.put(name, identityAttributeJsonToSet(value));
updateNeeded = true;
break;
}
default:
return new BadRequestException("PATCH of " + IdentityRestUtils.USER_TYPE + " does not support operation " + patchOperation.getOperation()).asPromise();
}
}
if (updateNeeded) {
identityDetails.setAttributes(mapToAttributes(newAttributeMap));
identityServices.update(identityDetails, ssoToken);
// re-read the altered identity details from the repo.
identityDetails = identityServices.read(resourceId, getIdentityServicesAttributes(realm, objectType), ssoToken);
}
return newResultPromise(newResourceResponse("result", "1", identityDetailsToJsonValue(identityDetails)));
} catch (final ObjectNotFound notFound) {
logger.error("IdentityResourceV3.patchInstance cannot find resource " + resourceId, notFound);
return new NotFoundException("Resource cannot be found.", notFound).asPromise();
} catch (final TokenExpired tokenExpired) {
logger.error("IdentityResourceV3.patchInstance, token expired", tokenExpired);
return new PermanentException(401, "Unauthorized", null).asPromise();
} catch (final AccessDenied accessDenied) {
logger.error("IdentityResourceV3.patchInstance, access denied", accessDenied);
return new ForbiddenException(accessDenied.getMessage(), accessDenied).asPromise();
} catch (final GeneralFailure generalFailure) {
logger.error("IdentityResourceV3.patchInstance, general failure " + generalFailure.getMessage());
return new BadRequestException(generalFailure.getMessage(), generalFailure).asPromise();
} catch (ForbiddenException fex) {
logger.warning("IdentityResourceV3.patchInstance, insufficient privileges.", fex);
return fex.asPromise();
} catch (NotFoundException notFound) {
logger.warning("IdentityResourceV3.patchInstance " + resourceId + " not found", notFound);
return new NotFoundException("Resource " + resourceId + " cannot be found.", notFound).asPromise();
} catch (ResourceException resourceException) {
logger.warning("IdentityResourceV3.patchInstance caught ResourceException", resourceException);
return resourceException.asPromise();
} catch (Exception exception) {
logger.error("IdentityResourceV3.patchInstance caught exception", exception);
return new InternalServerErrorException(exception.getMessage(), exception).asPromise();
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
HashSet(java.util.HashSet)
Attribute(com.sun.identity.idsvcs.Attribute)
HashMap(java.util.HashMap)
NotFoundException(org.forgerock.json.resource.NotFoundException)
IdentityServicesImpl(com.sun.identity.idsvcs.opensso.IdentityServicesImpl)
ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound)
PermanentException(org.forgerock.json.resource.PermanentException)
PatchOperation(org.forgerock.json.resource.PatchOperation)
TokenExpired(com.sun.identity.idsvcs.TokenExpired)
ResourceException(org.forgerock.json.resource.ResourceException)
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
RealmContext(org.forgerock.openam.rest.RealmContext)
JsonValue(org.forgerock.json.JsonValue)
AccessDenied(com.sun.identity.idsvcs.AccessDenied)
PermanentException(org.forgerock.json.resource.PermanentException)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
BadRequestException(org.forgerock.json.resource.BadRequestException)
ResourceException(org.forgerock.json.resource.ResourceException)
GeneralFailure(com.sun.identity.idsvcs.GeneralFailure)
BadRequestException(org.forgerock.json.resource.BadRequestException)
IdentityDetails(com.sun.identity.idsvcs.IdentityDetails)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
Example 2 with IdentityServicesImpl
use of com.sun.identity.idsvcs.opensso.IdentityServicesImpl in project OpenAM by OpenRock.
the class IdentityResourceV3 method queryCollection.
/*******************************************************************************************************************
* {@inheritDoc}
*/
public Promise<QueryResponse, ResourceException> queryCollection(final Context context, final QueryRequest request, final QueryResourceHandler handler) {
RealmContext realmContext = context.asContext(RealmContext.class);
final String realm = realmContext.getResolvedRealm();
try {
SSOToken admin = getSSOToken(RestUtils.getToken().getTokenID().toString());
IdentityServicesImpl identityServices = getIdentityServices();
List<IdentityDetails> userDetails = null;
// If the user specified _queryFilter, then (convert and) use that, otherwise look for _queryID
// and if that isn't there either, pretend the user gave a _queryID of "*"
//
QueryFilter<JsonPointer> queryFilter = request.getQueryFilter();
if (queryFilter != null) {
CrestQuery crestQuery = new CrestQuery(queryFilter);
userDetails = identityServices.searchIdentityDetails(crestQuery, getIdentityServicesAttributes(realm, objectType), admin);
} else {
String queryId = request.getQueryId();
if (queryId == null || queryId.isEmpty()) {
queryId = "*";
}
CrestQuery crestQuery = new CrestQuery(queryId);
userDetails = identityServices.searchIdentityDetails(crestQuery, getIdentityServicesAttributes(realm, objectType), admin);
}
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
logger.message("IdentityResourceV3.queryCollection :: QUERY performed on realm " + realm + " by " + principalName);
for (IdentityDetails userDetail : userDetails) {
ResourceResponse resource;
resource = newResourceResponse(userDetail.getName(), "0", identityResourceV2.addRoleInformation(context, userDetail.getName(), identityDetailsToJsonValue(userDetail)));
handler.handleResource(resource);
}
} catch (ResourceException resourceException) {
logger.warning("IdentityResourceV3.queryCollection caught ResourceException", resourceException);
return resourceException.asPromise();
} catch (Exception exception) {
logger.error("IdentityResourceV3.queryCollection caught exception", exception);
return new InternalServerErrorException(exception.getMessage(), exception).asPromise();
}
return newResultPromise(newQueryResponse());
}
Also used :
CrestQuery(org.forgerock.openam.utils.CrestQuery)
SSOToken(com.iplanet.sso.SSOToken)
RealmContext(org.forgerock.openam.rest.RealmContext)
JsonPointer(org.forgerock.json.JsonPointer)
PermanentException(org.forgerock.json.resource.PermanentException)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
BadRequestException(org.forgerock.json.resource.BadRequestException)
ResourceException(org.forgerock.json.resource.ResourceException)
IdentityServicesImpl(com.sun.identity.idsvcs.opensso.IdentityServicesImpl)
Responses.newResourceResponse(org.forgerock.json.resource.Responses.newResourceResponse)
ResourceResponse(org.forgerock.json.resource.ResourceResponse)
IdentityDetails(com.sun.identity.idsvcs.IdentityDetails)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
ResourceException(org.forgerock.json.resource.ResourceException)
Aggregations
SSOToken (com.iplanet.sso.SSOToken)2
IdentityDetails (com.sun.identity.idsvcs.IdentityDetails)2
IdentityServicesImpl (com.sun.identity.idsvcs.opensso.IdentityServicesImpl)2
BadRequestException (org.forgerock.json.resource.BadRequestException)2
ForbiddenException (org.forgerock.json.resource.ForbiddenException)2
InternalServerErrorException (org.forgerock.json.resource.InternalServerErrorException)2
NotFoundException (org.forgerock.json.resource.NotFoundException)2
PermanentException (org.forgerock.json.resource.PermanentException)2
ResourceException (org.forgerock.json.resource.ResourceException)2
RealmContext (org.forgerock.openam.rest.RealmContext)2
AccessDenied (com.sun.identity.idsvcs.AccessDenied)1
Attribute (com.sun.identity.idsvcs.Attribute)1
GeneralFailure (com.sun.identity.idsvcs.GeneralFailure)1
ObjectNotFound (com.sun.identity.idsvcs.ObjectNotFound)1
TokenExpired (com.sun.identity.idsvcs.TokenExpired)1
HashMap (java.util.HashMap)1
HashSet (java.util.HashSet)1
Set (java.util.Set)1
JsonPointer (org.forgerock.json.JsonPointer)1
JsonValue (org.forgerock.json.JsonValue)1
