Search in sources :

Example 6 with SCIMException

use of io.jans.scim.model.exception.SCIMException in project jans by JanssenProject.

the class GroupWebService method updateGroup.

/**
 * This implementation differs from spec in the following aspects:
 * - Passing a null value for an attribute, does not modify the attribute in the destination, however passing an
 * empty array for a multivalued attribute does clear the attribute. Thus, to clear single-valued attribute, PATCH
 * operation should be used
 */
@Path("{id}")
@PUT
@Consumes({ MEDIA_TYPE_SCIM_JSON, MediaType.APPLICATION_JSON })
@Produces({ MEDIA_TYPE_SCIM_JSON + UTF8_CHARSET_FRAGMENT, MediaType.APPLICATION_JSON + UTF8_CHARSET_FRAGMENT })
@HeaderParam("Accept")
@DefaultValue(MEDIA_TYPE_SCIM_JSON)
@ProtectedApi(scopes = { "https://jans.io/scim/groups.write" })
@RefAdjusted
public Response updateGroup(GroupResource group, @PathParam("id") String id, @QueryParam(QUERY_PARAM_ATTRIBUTES) String attrsList, @QueryParam(QUERY_PARAM_EXCLUDED_ATTRS) String excludedAttrsList) {
    Response response;
    try {
        log.debug("Executing web service method. updateGroup");
        // empty externalId, no place to store it in LDAP
        group.setExternalId(null);
        // Check if the ids match in case the group coming has one
        if (group.getId() != null && !group.getId().equals(id))
            throw new SCIMException("Parameter id does not match with id attribute of Group");
        GluuGroup gluuGroup = groupService.getGroupByInum(id);
        if (gluuGroup == null)
            return notFoundResponse(id, groupResourceType);
        response = externalConstraintsService.applyEntityCheck(gluuGroup, group, httpHeaders, uriInfo, HttpMethod.PUT, groupResourceType);
        if (response != null)
            return response;
        executeValidation(group, true);
        if (StringUtils.isNotEmpty(group.getDisplayName())) {
            checkDisplayNameExistence(group.getDisplayName(), id);
        }
        boolean skipValidation = isMembersValidationSkipped();
        boolean displayExcluded = isDisplayExcluded(skipValidation, attrsList, excludedAttrsList);
        GroupResource updatedResource = scim2GroupService.updateGroup(gluuGroup, group, skipValidation, !displayExcluded, endpointUrl, usersUrl);
        String json = resourceSerializer.serialize(updatedResource, attrsList, excludedAttrsList);
        response = Response.ok(new URI(updatedResource.getMeta().getLocation())).entity(json).build();
    } catch (DuplicateEntryException e) {
        log.error(e.getMessage());
        response = getErrorResponse(Response.Status.CONFLICT, ErrorScimType.UNIQUENESS, e.getMessage());
    } catch (SCIMException e) {
        log.error("Validation check at updateGroup returned: {}", e.getMessage());
        response = getErrorResponse(Response.Status.BAD_REQUEST, ErrorScimType.INVALID_VALUE, e.getMessage());
    } catch (InvalidAttributeValueException e) {
        log.error(e.getMessage());
        response = getErrorResponse(Response.Status.BAD_REQUEST, ErrorScimType.MUTABILITY, e.getMessage());
    } catch (Exception e) {
        log.error("Failure at updateGroup method", e);
        response = getErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, "Unexpected error: " + e.getMessage());
    }
    return response;
}
Also used : Response(javax.ws.rs.core.Response) SCIMException(io.jans.scim.model.exception.SCIMException) DuplicateEntryException(io.jans.orm.exception.operation.DuplicateEntryException) GluuGroup(io.jans.scim.model.GluuGroup) URI(java.net.URI) InvalidAttributeValueException(javax.management.InvalidAttributeValueException) GroupResource(io.jans.scim.model.scim2.group.GroupResource) URISyntaxException(java.net.URISyntaxException) SCIMException(io.jans.scim.model.exception.SCIMException) DuplicateEntryException(io.jans.orm.exception.operation.DuplicateEntryException) InvalidAttributeValueException(javax.management.InvalidAttributeValueException) Path(javax.ws.rs.Path) DefaultValue(javax.ws.rs.DefaultValue) HeaderParam(javax.ws.rs.HeaderParam) RefAdjusted(io.jans.scim.service.scim2.interceptor.RefAdjusted) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) ProtectedApi(io.jans.scim.service.filter.ProtectedApi) PUT(javax.ws.rs.PUT)

Example 7 with SCIMException

use of io.jans.scim.model.exception.SCIMException in project jans by JanssenProject.

the class Scim2PatchService method applyPatchOperationWithValueFilter.

private BaseScimResource applyPatchOperationWithValueFilter(BaseScimResource resource, PatchOperation operation, String valSelFilter, String attribute, String subAttribute) throws SCIMException, InvalidAttributeValueException {
    String path = operation.getPath();
    ObjectMapper mapper = new ObjectMapper();
    Class<? extends BaseScimResource> cls = resource.getClass();
    Map<String, Object> resourceAsMap = mapper.convertValue(resource, new TypeReference<Map<String, Object>>() {
    });
    List<Map<String, Object>> list;
    Attribute attrAnnot = IntrospectUtil.getFieldAnnotation(attribute, cls, Attribute.class);
    if (attrAnnot != null) {
        if (!attrAnnot.multiValueClass().equals(NullType.class) && attrAnnot.type().equals(AttributeDefinition.Type.COMPLEX)) {
            Object colObject = resourceAsMap.get(attribute);
            list = colObject == null ? null : new ArrayList<>((Collection<Map<String, Object>>) colObject);
        } else {
            throw new SCIMException(String.format("Attribute '%s' expected to be complex multi-valued", attribute));
        }
    } else {
        throw new SCIMException(String.format("Attribute '%s' not recognized or expected to be complex multi-valued", attribute));
    }
    if (list == null) {
        log.info("applyPatchOperationWithValueFilter. List of values for {} is empty. Operation has no effect", attribute);
    } else {
        try {
            valSelFilter = FilterUtil.preprocess(valSelFilter, cls);
            ParseTree parseTree = filterService.getParseTree(valSelFilter);
            List<Integer> matchingIndexes = new ArrayList<>();
            for (int i = 0; i < list.size(); i++) {
                if (filterService.complexAttributeMatch(parseTree, list.get(i), attribute, cls)) {
                    // Important: add so that resulting list is reverse-ordered
                    matchingIndexes.add(0, i);
                }
            }
            if (subAttribute.length() > 0 && matchingIndexes.size() > 0 && operation.getType().equals(PatchOperationType.REMOVE)) {
                // per spec (section 3.5.2.2 RFC 7644) subAttribute must not be required or read-only
                Attribute subAttrAnnot = IntrospectUtil.getFieldAnnotation(attribute + "." + subAttribute, cls, Attribute.class);
                if (subAttrAnnot != null && (subAttrAnnot.mutability().equals(READ_ONLY) || subAttrAnnot.isRequired())) {
                    throw new InvalidAttributeValueException("Cannot remove read-only or required attribute " + attribute + "." + subAttribute);
                }
            }
            /*
                Here we differ from spec (see section 3.5.2.3/4 of RFC7644. If no record match is made, we are supposed to
                return error 400 with scimType of noTarget. But this is clearly inconvenient
                */
            log.info("There are {} entries matching the filter '{}'", matchingIndexes.size(), path);
            for (Integer index : matchingIndexes) {
                if (operation.getType().equals(PatchOperationType.REMOVE)) {
                    if (subAttribute.length() == 0) {
                        // Remove the whole item
                        // If intValue is not used, the remove(Object) method is called!
                        list.remove(index.intValue());
                    } else {
                        // remove subattribute only
                        list.get(index).remove(subAttribute);
                    }
                } else {
                    applyPartialUpdate(attribute, subAttribute, list, index, operation.getValue(), cls);
                }
            }
            log.trace("New {} list is:\n{}", attribute, mapper.writeValueAsString(list));
            resourceAsMap.put(attribute, list.isEmpty() ? null : list);
            resource = mapper.convertValue(resourceAsMap, cls);
        } catch (InvalidAttributeValueException ei) {
            throw ei;
        } catch (Exception e) {
            log.info("Error processing Patch operation with value selection path '{}'", path);
            log.error(e.getMessage(), e);
            throw new SCIMException(e.getMessage(), e);
        }
    }
    return resource;
}
Also used : Attribute(io.jans.scim.model.scim2.annotations.Attribute) ArrayList(java.util.ArrayList) InvalidAttributeValueException(javax.management.InvalidAttributeValueException) SCIMException(io.jans.scim.model.exception.SCIMException) InvalidAttributeValueException(javax.management.InvalidAttributeValueException) SCIMException(io.jans.scim.model.exception.SCIMException) HashMap(java.util.HashMap) Map(java.util.Map) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) ParseTree(org.antlr.v4.runtime.tree.ParseTree)

Example 8 with SCIMException

use of io.jans.scim.model.exception.SCIMException in project jans by JanssenProject.

the class UserWebService method createUser.

@POST
@Consumes({ MEDIA_TYPE_SCIM_JSON, MediaType.APPLICATION_JSON })
@Produces({ MEDIA_TYPE_SCIM_JSON + UTF8_CHARSET_FRAGMENT, MediaType.APPLICATION_JSON + UTF8_CHARSET_FRAGMENT })
@HeaderParam("Accept")
@DefaultValue(MEDIA_TYPE_SCIM_JSON)
@ProtectedApi(scopes = { "https://jans.io/scim/users.write" })
@RefAdjusted
public Response createUser(UserResource user, @QueryParam(QUERY_PARAM_ATTRIBUTES) String attrsList, @QueryParam(QUERY_PARAM_EXCLUDED_ATTRS) String excludedAttrsList) {
    Response response;
    try {
        log.debug("Executing web service method. createUser");
        executeValidation(user);
        checkUidExistence(user.getUserName());
        assignMetaInformation(user);
        ScimResourceUtil.adjustPrimarySubAttributes(user);
        ScimCustomPerson person = scim2UserService.preCreateUser(user);
        response = externalConstraintsService.applyEntityCheck(person, user, httpHeaders, uriInfo, HttpMethod.POST, userResourceType);
        if (response != null)
            return response;
        scim2UserService.createUser(person, user, endpointUrl);
        String json = resourceSerializer.serialize(user, attrsList, excludedAttrsList);
        response = Response.created(new URI(user.getMeta().getLocation())).entity(json).build();
    } catch (DuplicateEntryException e) {
        log.error(e.getMessage());
        response = getErrorResponse(Response.Status.CONFLICT, ErrorScimType.UNIQUENESS, e.getMessage());
    } catch (SCIMException e) {
        log.error("Validation check at createUser returned: {}", e.getMessage());
        response = getErrorResponse(Response.Status.BAD_REQUEST, ErrorScimType.INVALID_VALUE, e.getMessage());
    } catch (Exception e) {
        log.error("Failure at createUser method", e);
        response = getErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, "Unexpected error: " + e.getMessage());
    }
    return response;
}
Also used : Response(javax.ws.rs.core.Response) SCIMException(io.jans.scim.model.exception.SCIMException) ScimCustomPerson(io.jans.scim.model.scim.ScimCustomPerson) DuplicateEntryException(io.jans.orm.exception.operation.DuplicateEntryException) URI(java.net.URI) URISyntaxException(java.net.URISyntaxException) SCIMException(io.jans.scim.model.exception.SCIMException) DuplicateEntryException(io.jans.orm.exception.operation.DuplicateEntryException) InvalidAttributeValueException(javax.management.InvalidAttributeValueException) DefaultValue(javax.ws.rs.DefaultValue) HeaderParam(javax.ws.rs.HeaderParam) RefAdjusted(io.jans.scim.service.scim2.interceptor.RefAdjusted) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) ProtectedApi(io.jans.scim.service.filter.ProtectedApi)

Example 9 with SCIMException

use of io.jans.scim.model.exception.SCIMException in project jans by JanssenProject.

the class UserWebService method updateUser.

/**
 * This implementation differs from spec in the following aspects:
 * - Passing a null value for an attribute, does not modify the attribute in the destination, however passing an
 * empty array for a multivalued attribute does clear the attribute. Thus, to clear single-valued attribute, PATCH
 * operation should be used
 */
@Path("{id}")
@PUT
@Consumes({ MEDIA_TYPE_SCIM_JSON, MediaType.APPLICATION_JSON })
@Produces({ MEDIA_TYPE_SCIM_JSON + UTF8_CHARSET_FRAGMENT, MediaType.APPLICATION_JSON + UTF8_CHARSET_FRAGMENT })
@HeaderParam("Accept")
@DefaultValue(MEDIA_TYPE_SCIM_JSON)
@ProtectedApi(scopes = { "https://jans.io/scim/users.write" })
@RefAdjusted
public Response updateUser(UserResource user, @PathParam("id") String id, @QueryParam(QUERY_PARAM_ATTRIBUTES) String attrsList, @QueryParam(QUERY_PARAM_EXCLUDED_ATTRS) String excludedAttrsList) {
    Response response;
    try {
        log.debug("Executing web service method. updateUser");
        // Check if the ids match in case the user coming has one
        if (user.getId() != null && !user.getId().equals(id))
            throw new SCIMException("Parameter id does not match with id attribute of User");
        ScimCustomPerson person = userPersistenceHelper.getPersonByInum(id);
        if (person == null)
            return notFoundResponse(id, userResourceType);
        response = externalConstraintsService.applyEntityCheck(person, user, httpHeaders, uriInfo, HttpMethod.PUT, userResourceType);
        if (response != null)
            return response;
        executeValidation(user, true);
        if (StringUtils.isNotEmpty(user.getUserName())) {
            checkUidExistence(user.getUserName(), id);
        }
        ScimResourceUtil.adjustPrimarySubAttributes(user);
        UserResource updatedResource = scim2UserService.updateUser(person, user, endpointUrl);
        String json = resourceSerializer.serialize(updatedResource, attrsList, excludedAttrsList);
        response = Response.ok(new URI(updatedResource.getMeta().getLocation())).entity(json).build();
    } catch (DuplicateEntryException e) {
        log.error(e.getMessage());
        response = getErrorResponse(Response.Status.CONFLICT, ErrorScimType.UNIQUENESS, e.getMessage());
    } catch (SCIMException e) {
        log.error("Validation check at updateUser returned: {}", e.getMessage());
        response = getErrorResponse(Response.Status.BAD_REQUEST, ErrorScimType.INVALID_VALUE, e.getMessage());
    } catch (InvalidAttributeValueException e) {
        log.error(e.getMessage());
        response = getErrorResponse(Response.Status.BAD_REQUEST, ErrorScimType.MUTABILITY, e.getMessage());
    } catch (Exception e) {
        log.error("Failure at updateUser method", e);
        response = getErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, "Unexpected error: " + e.getMessage());
    }
    return response;
}
Also used : Response(javax.ws.rs.core.Response) SCIMException(io.jans.scim.model.exception.SCIMException) ScimCustomPerson(io.jans.scim.model.scim.ScimCustomPerson) UserResource(io.jans.scim.model.scim2.user.UserResource) DuplicateEntryException(io.jans.orm.exception.operation.DuplicateEntryException) URI(java.net.URI) InvalidAttributeValueException(javax.management.InvalidAttributeValueException) URISyntaxException(java.net.URISyntaxException) SCIMException(io.jans.scim.model.exception.SCIMException) DuplicateEntryException(io.jans.orm.exception.operation.DuplicateEntryException) InvalidAttributeValueException(javax.management.InvalidAttributeValueException) Path(javax.ws.rs.Path) DefaultValue(javax.ws.rs.DefaultValue) HeaderParam(javax.ws.rs.HeaderParam) RefAdjusted(io.jans.scim.service.scim2.interceptor.RefAdjusted) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) ProtectedApi(io.jans.scim.service.filter.ProtectedApi) PUT(javax.ws.rs.PUT)

Example 10 with SCIMException

use of io.jans.scim.model.exception.SCIMException in project jans by JanssenProject.

the class ScimFilterParserService method createFilter.

public Filter createFilter(String filter, Filter defaultFilter, Class<? extends BaseScimResource> clazz) throws SCIMException {
    try {
        Filter ldapFilter;
        if (StringUtils.isEmpty(filter))
            ldapFilter = defaultFilter;
        else {
            FilterListener filterListener = new FilterListener(clazz, ldapBackend);
            walkTree(FilterUtil.preprocess(filter, clazz), filterListener);
            ldapFilter = filterListener.getFilter();
            if (ldapFilter == null)
                throw new Exception("An error occurred when building LDAP filter: " + filterListener.getError());
        }
        return ldapFilter;
    } catch (Exception e) {
        throw new SCIMException(e.getMessage(), e);
    }
}
Also used : SCIMException(io.jans.scim.model.exception.SCIMException) Filter(io.jans.orm.search.filter.Filter) SCIMException(io.jans.scim.model.exception.SCIMException)

Aggregations

SCIMException (io.jans.scim.model.exception.SCIMException)21 InvalidAttributeValueException (javax.management.InvalidAttributeValueException)13 URI (java.net.URI)12 URISyntaxException (java.net.URISyntaxException)12 Response (javax.ws.rs.core.Response)12 DuplicateEntryException (io.jans.orm.exception.operation.DuplicateEntryException)8 ProtectedApi (io.jans.scim.service.filter.ProtectedApi)8 RefAdjusted (io.jans.scim.service.scim2.interceptor.RefAdjusted)8 Consumes (javax.ws.rs.Consumes)8 DefaultValue (javax.ws.rs.DefaultValue)8 HeaderParam (javax.ws.rs.HeaderParam)8 Produces (javax.ws.rs.Produces)8 Path (javax.ws.rs.Path)6 BaseScimResource (io.jans.scim.model.scim2.BaseScimResource)5 PUT (javax.ws.rs.PUT)5 SearchRequest (io.jans.scim.model.scim2.SearchRequest)4 GluuGroup (io.jans.scim.model.GluuGroup)3 ScimCustomPerson (io.jans.scim.model.scim.ScimCustomPerson)3 Attribute (io.jans.scim.model.scim2.annotations.Attribute)3 Extension (io.jans.scim.model.scim2.extensions.Extension)3