use of io.jans.scim.model.exception.SCIMException in project jans by JanssenProject.
the class GroupWebService method updateGroup.
/**
* This implementation differs from spec in the following aspects:
* - Passing a null value for an attribute, does not modify the attribute in the destination, however passing an
* empty array for a multivalued attribute does clear the attribute. Thus, to clear single-valued attribute, PATCH
* operation should be used
*/
@Path("{id}")
@PUT
@Consumes({ MEDIA_TYPE_SCIM_JSON, MediaType.APPLICATION_JSON })
@Produces({ MEDIA_TYPE_SCIM_JSON + UTF8_CHARSET_FRAGMENT, MediaType.APPLICATION_JSON + UTF8_CHARSET_FRAGMENT })
@HeaderParam("Accept")
@DefaultValue(MEDIA_TYPE_SCIM_JSON)
@ProtectedApi(scopes = { "https://jans.io/scim/groups.write" })
@RefAdjusted
public Response updateGroup(GroupResource group, @PathParam("id") String id, @QueryParam(QUERY_PARAM_ATTRIBUTES) String attrsList, @QueryParam(QUERY_PARAM_EXCLUDED_ATTRS) String excludedAttrsList) {
Response response;
try {
log.debug("Executing web service method. updateGroup");
// empty externalId, no place to store it in LDAP
group.setExternalId(null);
// Check if the ids match in case the group coming has one
if (group.getId() != null && !group.getId().equals(id))
throw new SCIMException("Parameter id does not match with id attribute of Group");
GluuGroup gluuGroup = groupService.getGroupByInum(id);
if (gluuGroup == null)
return notFoundResponse(id, groupResourceType);
response = externalConstraintsService.applyEntityCheck(gluuGroup, group, httpHeaders, uriInfo, HttpMethod.PUT, groupResourceType);
if (response != null)
return response;
executeValidation(group, true);
if (StringUtils.isNotEmpty(group.getDisplayName())) {
checkDisplayNameExistence(group.getDisplayName(), id);
}
boolean skipValidation = isMembersValidationSkipped();
boolean displayExcluded = isDisplayExcluded(skipValidation, attrsList, excludedAttrsList);
GroupResource updatedResource = scim2GroupService.updateGroup(gluuGroup, group, skipValidation, !displayExcluded, endpointUrl, usersUrl);
String json = resourceSerializer.serialize(updatedResource, attrsList, excludedAttrsList);
response = Response.ok(new URI(updatedResource.getMeta().getLocation())).entity(json).build();
} catch (DuplicateEntryException e) {
log.error(e.getMessage());
response = getErrorResponse(Response.Status.CONFLICT, ErrorScimType.UNIQUENESS, e.getMessage());
} catch (SCIMException e) {
log.error("Validation check at updateGroup returned: {}", e.getMessage());
response = getErrorResponse(Response.Status.BAD_REQUEST, ErrorScimType.INVALID_VALUE, e.getMessage());
} catch (InvalidAttributeValueException e) {
log.error(e.getMessage());
response = getErrorResponse(Response.Status.BAD_REQUEST, ErrorScimType.MUTABILITY, e.getMessage());
} catch (Exception e) {
log.error("Failure at updateGroup method", e);
response = getErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, "Unexpected error: " + e.getMessage());
}
return response;
}
use of io.jans.scim.model.exception.SCIMException in project jans by JanssenProject.
the class Scim2PatchService method applyPatchOperationWithValueFilter.
private BaseScimResource applyPatchOperationWithValueFilter(BaseScimResource resource, PatchOperation operation, String valSelFilter, String attribute, String subAttribute) throws SCIMException, InvalidAttributeValueException {
String path = operation.getPath();
ObjectMapper mapper = new ObjectMapper();
Class<? extends BaseScimResource> cls = resource.getClass();
Map<String, Object> resourceAsMap = mapper.convertValue(resource, new TypeReference<Map<String, Object>>() {
});
List<Map<String, Object>> list;
Attribute attrAnnot = IntrospectUtil.getFieldAnnotation(attribute, cls, Attribute.class);
if (attrAnnot != null) {
if (!attrAnnot.multiValueClass().equals(NullType.class) && attrAnnot.type().equals(AttributeDefinition.Type.COMPLEX)) {
Object colObject = resourceAsMap.get(attribute);
list = colObject == null ? null : new ArrayList<>((Collection<Map<String, Object>>) colObject);
} else {
throw new SCIMException(String.format("Attribute '%s' expected to be complex multi-valued", attribute));
}
} else {
throw new SCIMException(String.format("Attribute '%s' not recognized or expected to be complex multi-valued", attribute));
}
if (list == null) {
log.info("applyPatchOperationWithValueFilter. List of values for {} is empty. Operation has no effect", attribute);
} else {
try {
valSelFilter = FilterUtil.preprocess(valSelFilter, cls);
ParseTree parseTree = filterService.getParseTree(valSelFilter);
List<Integer> matchingIndexes = new ArrayList<>();
for (int i = 0; i < list.size(); i++) {
if (filterService.complexAttributeMatch(parseTree, list.get(i), attribute, cls)) {
// Important: add so that resulting list is reverse-ordered
matchingIndexes.add(0, i);
}
}
if (subAttribute.length() > 0 && matchingIndexes.size() > 0 && operation.getType().equals(PatchOperationType.REMOVE)) {
// per spec (section 3.5.2.2 RFC 7644) subAttribute must not be required or read-only
Attribute subAttrAnnot = IntrospectUtil.getFieldAnnotation(attribute + "." + subAttribute, cls, Attribute.class);
if (subAttrAnnot != null && (subAttrAnnot.mutability().equals(READ_ONLY) || subAttrAnnot.isRequired())) {
throw new InvalidAttributeValueException("Cannot remove read-only or required attribute " + attribute + "." + subAttribute);
}
}
/*
Here we differ from spec (see section 3.5.2.3/4 of RFC7644. If no record match is made, we are supposed to
return error 400 with scimType of noTarget. But this is clearly inconvenient
*/
log.info("There are {} entries matching the filter '{}'", matchingIndexes.size(), path);
for (Integer index : matchingIndexes) {
if (operation.getType().equals(PatchOperationType.REMOVE)) {
if (subAttribute.length() == 0) {
// Remove the whole item
// If intValue is not used, the remove(Object) method is called!
list.remove(index.intValue());
} else {
// remove subattribute only
list.get(index).remove(subAttribute);
}
} else {
applyPartialUpdate(attribute, subAttribute, list, index, operation.getValue(), cls);
}
}
log.trace("New {} list is:\n{}", attribute, mapper.writeValueAsString(list));
resourceAsMap.put(attribute, list.isEmpty() ? null : list);
resource = mapper.convertValue(resourceAsMap, cls);
} catch (InvalidAttributeValueException ei) {
throw ei;
} catch (Exception e) {
log.info("Error processing Patch operation with value selection path '{}'", path);
log.error(e.getMessage(), e);
throw new SCIMException(e.getMessage(), e);
}
}
return resource;
}
use of io.jans.scim.model.exception.SCIMException in project jans by JanssenProject.
the class UserWebService method createUser.
@POST
@Consumes({ MEDIA_TYPE_SCIM_JSON, MediaType.APPLICATION_JSON })
@Produces({ MEDIA_TYPE_SCIM_JSON + UTF8_CHARSET_FRAGMENT, MediaType.APPLICATION_JSON + UTF8_CHARSET_FRAGMENT })
@HeaderParam("Accept")
@DefaultValue(MEDIA_TYPE_SCIM_JSON)
@ProtectedApi(scopes = { "https://jans.io/scim/users.write" })
@RefAdjusted
public Response createUser(UserResource user, @QueryParam(QUERY_PARAM_ATTRIBUTES) String attrsList, @QueryParam(QUERY_PARAM_EXCLUDED_ATTRS) String excludedAttrsList) {
Response response;
try {
log.debug("Executing web service method. createUser");
executeValidation(user);
checkUidExistence(user.getUserName());
assignMetaInformation(user);
ScimResourceUtil.adjustPrimarySubAttributes(user);
ScimCustomPerson person = scim2UserService.preCreateUser(user);
response = externalConstraintsService.applyEntityCheck(person, user, httpHeaders, uriInfo, HttpMethod.POST, userResourceType);
if (response != null)
return response;
scim2UserService.createUser(person, user, endpointUrl);
String json = resourceSerializer.serialize(user, attrsList, excludedAttrsList);
response = Response.created(new URI(user.getMeta().getLocation())).entity(json).build();
} catch (DuplicateEntryException e) {
log.error(e.getMessage());
response = getErrorResponse(Response.Status.CONFLICT, ErrorScimType.UNIQUENESS, e.getMessage());
} catch (SCIMException e) {
log.error("Validation check at createUser returned: {}", e.getMessage());
response = getErrorResponse(Response.Status.BAD_REQUEST, ErrorScimType.INVALID_VALUE, e.getMessage());
} catch (Exception e) {
log.error("Failure at createUser method", e);
response = getErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, "Unexpected error: " + e.getMessage());
}
return response;
}
use of io.jans.scim.model.exception.SCIMException in project jans by JanssenProject.
the class UserWebService method updateUser.
/**
* This implementation differs from spec in the following aspects:
* - Passing a null value for an attribute, does not modify the attribute in the destination, however passing an
* empty array for a multivalued attribute does clear the attribute. Thus, to clear single-valued attribute, PATCH
* operation should be used
*/
@Path("{id}")
@PUT
@Consumes({ MEDIA_TYPE_SCIM_JSON, MediaType.APPLICATION_JSON })
@Produces({ MEDIA_TYPE_SCIM_JSON + UTF8_CHARSET_FRAGMENT, MediaType.APPLICATION_JSON + UTF8_CHARSET_FRAGMENT })
@HeaderParam("Accept")
@DefaultValue(MEDIA_TYPE_SCIM_JSON)
@ProtectedApi(scopes = { "https://jans.io/scim/users.write" })
@RefAdjusted
public Response updateUser(UserResource user, @PathParam("id") String id, @QueryParam(QUERY_PARAM_ATTRIBUTES) String attrsList, @QueryParam(QUERY_PARAM_EXCLUDED_ATTRS) String excludedAttrsList) {
Response response;
try {
log.debug("Executing web service method. updateUser");
// Check if the ids match in case the user coming has one
if (user.getId() != null && !user.getId().equals(id))
throw new SCIMException("Parameter id does not match with id attribute of User");
ScimCustomPerson person = userPersistenceHelper.getPersonByInum(id);
if (person == null)
return notFoundResponse(id, userResourceType);
response = externalConstraintsService.applyEntityCheck(person, user, httpHeaders, uriInfo, HttpMethod.PUT, userResourceType);
if (response != null)
return response;
executeValidation(user, true);
if (StringUtils.isNotEmpty(user.getUserName())) {
checkUidExistence(user.getUserName(), id);
}
ScimResourceUtil.adjustPrimarySubAttributes(user);
UserResource updatedResource = scim2UserService.updateUser(person, user, endpointUrl);
String json = resourceSerializer.serialize(updatedResource, attrsList, excludedAttrsList);
response = Response.ok(new URI(updatedResource.getMeta().getLocation())).entity(json).build();
} catch (DuplicateEntryException e) {
log.error(e.getMessage());
response = getErrorResponse(Response.Status.CONFLICT, ErrorScimType.UNIQUENESS, e.getMessage());
} catch (SCIMException e) {
log.error("Validation check at updateUser returned: {}", e.getMessage());
response = getErrorResponse(Response.Status.BAD_REQUEST, ErrorScimType.INVALID_VALUE, e.getMessage());
} catch (InvalidAttributeValueException e) {
log.error(e.getMessage());
response = getErrorResponse(Response.Status.BAD_REQUEST, ErrorScimType.MUTABILITY, e.getMessage());
} catch (Exception e) {
log.error("Failure at updateUser method", e);
response = getErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, "Unexpected error: " + e.getMessage());
}
return response;
}
use of io.jans.scim.model.exception.SCIMException in project jans by JanssenProject.
the class ScimFilterParserService method createFilter.
public Filter createFilter(String filter, Filter defaultFilter, Class<? extends BaseScimResource> clazz) throws SCIMException {
try {
Filter ldapFilter;
if (StringUtils.isEmpty(filter))
ldapFilter = defaultFilter;
else {
FilterListener filterListener = new FilterListener(clazz, ldapBackend);
walkTree(FilterUtil.preprocess(filter, clazz), filterListener);
ldapFilter = filterListener.getFilter();
if (ldapFilter == null)
throw new Exception("An error occurred when building LDAP filter: " + filterListener.getError());
}
return ldapFilter;
} catch (Exception e) {
throw new SCIMException(e.getMessage(), e);
}
}
Aggregations