use of javax.ws.rs.NotAllowedException in project com-liferay-apio-architect by liferay.
the class ExceptionSupplierUtilTest method testNotAllowedWithOneComponentPathDoesNotAddSlashes.
@Test
public void testNotAllowedWithOneComponentPathDoesNotAddSlashes() {
NotAllowedException notAllowedException = notAllowed(PUT, "a").get();
String expected = PUT.name() + " method is not allowed for path a";
assertThat(notAllowedException.getMessage(), is(expected));
}
use of javax.ws.rs.NotAllowedException in project com-liferay-apio-architect by liferay.
the class ExceptionSupplierUtil method notAllowed.
/**
* Returns a supplier of {@code NotAllowedException}.
*
* @param method the method that isn't allowed
* @param path the path in which the method isn't allowed. The path's
* components are joined using forward slashes {@code /}
* @return a supplier of {@code NotAllowedException}
*/
public static Supplier<NotAllowedException> notAllowed(Method method, String... path) {
String message = method.name() + " method is not allowed for path " + String.join("/", path);
Response response = Response.status(METHOD_NOT_ALLOWED).build();
return () -> new NotAllowedException(message, response);
}
use of javax.ws.rs.NotAllowedException in project openremote by openremote.
the class ManagerKeycloakIdentityProvider method createUpdateUser.
@Override
public User createUpdateUser(String realm, final User user, String passwordSecret) throws WebApplicationException {
return getRealms(realmsResource -> {
if (user.getUsername() == null) {
throw new BadRequestException("Attempt to create/update user but no username provided: User=" + user);
}
// Force lowercase username
user.setUsername(user.getUsername().toLowerCase(Locale.ROOT));
boolean isUpdate = false;
User existingUser = user.getId() != null ? getUser(realm, user.getId()) : getUserByUsername(realm, user.getUsername());
ClientRepresentation clientRepresentation;
UserRepresentation userRepresentation;
if (existingUser == null && user.isServiceAccount()) {
// Could be a service user
userRepresentation = withClientResource(realm, user.getUsername(), realmsResource, (clientRep, clientResource) -> {
UserRepresentation userRep = clientResource.getServiceAccountUser();
if (userRep == null) {
String msg = "Attempt to update/create service user but a regular client with same client ID as this username already exists: User=" + user;
LOG.info(msg);
throw new NotAllowedException(msg);
}
return userRep;
}, null);
if (userRepresentation != null) {
existingUser = convert(userRepresentation, User.class);
}
}
if (existingUser != null && user.getId() != null && !existingUser.getId().equals(user.getId())) {
String msg = "Attempt to update user but retrieved user ID doesn't match supplied so ignoring: User=" + user;
LOG.info(msg);
throw new BadRequestException(msg);
}
if (existingUser != null) {
isUpdate = true;
if (existingUser.isServiceAccount() != user.isServiceAccount()) {
String msg = "Attempt to update user service account flag not allowed: User=" + user;
LOG.info(msg);
throw new NotAllowedException(msg);
}
if (existingUser.isServiceAccount() && !existingUser.getUsername().equals(user.getUsername())) {
String msg = "Attempt to update username of service user not allowed: User=" + user;
LOG.info(msg);
throw new NotAllowedException(msg);
}
}
// For service users we don't actually create the user - keycloak does that when the client is created
if (isUpdate) {
// User only has a subset of user representation so overlay on actual user representation
UserResource userResource = realmsResource.realm(realm).users().get(existingUser.getId());
userRepresentation = userResource.toRepresentation();
userRepresentation.setFirstName(user.getFirstName());
userRepresentation.setLastName(user.getLastName());
userRepresentation.setEmail(user.getEmail());
userRepresentation.setEnabled(user.getEnabled());
userResource.update(userRepresentation);
} else {
if (user.isServiceAccount()) {
// Just create client with service account and user will be generated
clientRepresentation = new ClientRepresentation();
clientRepresentation.setStandardFlowEnabled(false);
clientRepresentation.setImplicitFlowEnabled(false);
clientRepresentation.setDirectAccessGrantsEnabled(false);
clientRepresentation.setServiceAccountsEnabled(true);
clientRepresentation.setClientAuthenticatorType("client-secret");
clientRepresentation.setClientId(user.getUsername());
clientRepresentation.setSecret(passwordSecret);
clientRepresentation = createUpdateClient(realm, clientRepresentation);
userRepresentation = realmsResource.realm(realm).clients().get(clientRepresentation.getId()).getServiceAccountUser();
userRepresentation.setEnabled(user.getEnabled());
realmsResource.realm(realm).users().get(userRepresentation.getId()).update(userRepresentation);
} else {
userRepresentation = convert(user, UserRepresentation.class);
RealmResource realmResource = realmsResource.realm(realm);
Response response = realmResource.users().create(userRepresentation);
String location = response.getHeaderString(Headers.LOCATION_STRING);
response.close();
if (!response.getStatusInfo().equals(Response.Status.CREATED) || TextUtil.isNullOrEmpty(location)) {
throw new BadRequestException("Failed to create user: User=" + user);
}
String[] locationArr = location.split("/");
String userId = locationArr.length > 0 ? locationArr[locationArr.length - 1] : null;
userRepresentation = realmResource.users().get(userId).toRepresentation();
}
}
if (passwordSecret != null || (!isUpdate && user.isServiceAccount())) {
if (user.isServiceAccount()) {
resetSecret(realm, userRepresentation.getId(), passwordSecret);
} else {
Credential credential = new Credential(passwordSecret, false);
resetPassword(realm, userRepresentation.getId(), credential);
}
}
if (user.getAttributes() != null) {
if (existingUser != null) {
// Populate attributes for persistence event
existingUser.setAttributes(getUserAttributes(realm, existingUser.getId()));
}
updateUserAttributes(realm, userRepresentation.getId(), user.getAttributes());
}
User updatedUser = convert(userRepresentation, User.class);
if (updatedUser != null) {
updatedUser.setRealm(realm);
if (updatedUser.isServiceAccount()) {
updatedUser.setSecret(passwordSecret);
}
if (existingUser != null) {
// Push realm ID into updated user
updatedUser.setRealmId(existingUser.getRealmId());
}
}
persistenceService.publishPersistenceEvent((isUpdate ? PersistenceEvent.Cause.UPDATE : PersistenceEvent.Cause.CREATE), updatedUser, existingUser, User.getPropertyFields());
return updatedUser;
});
}
use of javax.ws.rs.NotAllowedException in project graylog2-server by Graylog2.
the class AuthzRolesResource method delete.
@DELETE
@Path("{roleId}")
@AuditEvent(type = AuditEventTypes.ROLE_DELETE)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation("Delete a role")
public void delete(@ApiParam(name = "roleId") @PathParam("roleId") @NotBlank String roleId) {
checkPermission(RestPermissions.ROLES_EDIT);
final AuthzRoleDTO roleDTO = authzRolesService.get(roleId).orElseThrow(() -> new NotFoundException("Could not delete role with id: " + roleId));
if (roleDTO.readOnly()) {
throw new NotAllowedException("Cannot delete read only role with id: " + roleId);
}
authzRolesService.delete(roleId);
}
Aggregations