Search in sources :

Example 36 with JsonValue

use of org.forgerock.json.JsonValue in project OpenAM by OpenRock.

the class UmaPolicyServiceImplDelegationTest method aliceShouldBeAbleToUpdatePolicyForResource.

@Test
public void aliceShouldBeAbleToUpdatePolicyForResource() throws Exception {
    //Given
    userIsLoggedIn("alice", "REALM");
    accessingUriForUser("alice");
    String resourceSetId = registerResourceSet("alice");
    createPolicyFor("bob", resourceSetId, "SCOPE_A", "SCOPE_B");
    JsonValue policy = policyToUpdate(resourceSetId);
    Context context = getContext();
    //When
    Promise<UmaPolicy, ResourceException> promise = policyService.updatePolicy(context, resourceSetId, policy);
    //Then
    assertThat(promise).succeeded();
}
Also used : ClientContext(org.forgerock.services.context.ClientContext) RealmContext(org.forgerock.openam.rest.RealmContext) SubjectContext(org.forgerock.openam.rest.resource.SubjectContext) SSOTokenContext(org.forgerock.openam.rest.resource.SSOTokenContext) Context(org.forgerock.services.context.Context) JsonValue(org.forgerock.json.JsonValue) ResourceException(org.forgerock.json.resource.ResourceException) Matchers.anyString(org.mockito.Matchers.anyString) UmaPolicy(org.forgerock.openam.uma.UmaPolicy) Test(org.testng.annotations.Test) UmaPolicyServiceImplTest(org.forgerock.openam.uma.rest.UmaPolicyServiceImplTest)

Example 37 with JsonValue

use of org.forgerock.json.JsonValue in project OpenAM by OpenRock.

the class UmaPolicyServiceImplDelegationTest method policyToUpdate.

private JsonValue policyToUpdate(String resourceSetId) {
    mockPolicyResourceDelegateForUpdatedPolicy();
    JsonValue umaPolicy = createUmaPolicyForResourceSet(resourceSetId);
    umaPolicy.remove(new JsonPointer("/permissions/0/scopes/1"));
    return umaPolicy;
}
Also used : JsonValue(org.forgerock.json.JsonValue) JsonPointer(org.forgerock.json.JsonPointer)

Example 38 with JsonValue

use of org.forgerock.json.JsonValue in project OpenAM by OpenRock.

the class OpenAMOpenIdConnectClientRegistrationService method createRegistration.

/**
     * {@inheritDoc}
     */
public JsonValue createRegistration(String accessToken, String deploymentUrl, OAuth2Request request) throws InvalidRedirectUri, InvalidClientMetadata, ServerException, UnsupportedResponseTypeException, AccessDeniedException, NotFoundException, InvalidPostLogoutRedirectUri {
    final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    if (!providerSettings.isOpenDynamicClientRegistrationAllowed()) {
        if (!tokenVerifier.verify(request).isValid()) {
            throw new AccessDeniedException("Access Token not valid");
        }
    }
    final JsonValue input = request.getBody();
    //check input to ensure it is valid
    Set<String> inputKeys = input.keys();
    for (String key : inputKeys) {
        OAuth2Constants.ShortClientAttributeNames keyName = fromString(key);
        if (keyName == null) {
            logger.warn("Unknown input given. Key: " + key);
        }
    }
    //create client given input
    ClientBuilder clientBuilder = new ClientBuilder();
    try {
        boolean jwks = false;
        if (input.get(JWKS.getType()).asString() != null) {
            jwks = true;
            try {
                JsonValueBuilder.toJsonValue(input.get(JWKS.getType()).asString());
            } catch (JsonException e) {
                throw new InvalidClientMetadata("jwks must be valid JSON.");
            }
            clientBuilder.setJwks(input.get(JWKS.getType()).asString());
            clientBuilder.setPublicKeySelector(Client.PublicKeySelector.JWKS.getType());
        }
        if (input.get(JWKS_URI.getType()).asString() != null) {
            if (jwks) {
                //allowed to set either jwks or jwks_uri but not both
                throw new InvalidClientMetadata("Must define either jwks or jwks_uri, not both.");
            }
            jwks = true;
            try {
                new URL(input.get(JWKS_URI.getType()).asString());
            } catch (MalformedURLException e) {
                throw new InvalidClientMetadata("jwks_uri must be a valid URL.");
            }
            clientBuilder.setJwksUri(input.get(JWKS_URI.getType()).asString());
            clientBuilder.setPublicKeySelector(Client.PublicKeySelector.JWKS_URI.getType());
        }
        //not spec-defined, this is OpenAM proprietary
        if (input.get(X509.getType()).asString() != null) {
            clientBuilder.setX509(input.get(X509.getType()).asString());
        }
        //drop to this if neither other are set
        if (!jwks) {
            clientBuilder.setPublicKeySelector(Client.PublicKeySelector.X509.getType());
        }
        if (input.get(TOKEN_ENDPOINT_AUTH_METHOD.getType()).asString() != null) {
            if (Client.TokenEndpointAuthMethod.fromString(input.get(TOKEN_ENDPOINT_AUTH_METHOD.getType()).asString()) == null) {
                logger.error("Invalid token_endpoint_auth_method requested.");
                throw new InvalidClientMetadata("Invalid token_endpoint_auth_method requested.");
            }
            clientBuilder.setTokenEndpointAuthMethod(input.get(TOKEN_ENDPOINT_AUTH_METHOD.getType()).asString());
        } else {
            clientBuilder.setTokenEndpointAuthMethod(Client.TokenEndpointAuthMethod.CLIENT_SECRET_BASIC.getType());
        }
        if (input.get(CLIENT_ID.getType()).asString() != null) {
            clientBuilder.setClientID(input.get(CLIENT_ID.getType()).asString());
        } else {
            clientBuilder.setClientID(UUID.randomUUID().toString());
        }
        if (input.get(CLIENT_SECRET.getType()).asString() != null) {
            clientBuilder.setClientSecret(input.get(CLIENT_SECRET.getType()).asString());
        } else {
            clientBuilder.setClientSecret(UUID.randomUUID().toString());
        }
        if (input.get(CLIENT_TYPE.getType()).asString() != null) {
            if (Client.ClientType.fromString(input.get(CLIENT_TYPE.getType()).asString()) != null) {
                clientBuilder.setClientType(input.get(CLIENT_TYPE.getType()).asString());
            } else {
                logger.error("Invalid client_type requested.");
                throw new InvalidClientMetadata("Invalid client_type requested");
            }
        } else {
            clientBuilder.setClientType(Client.ClientType.CONFIDENTIAL.getType());
        }
        if (input.get(DEFAULT_MAX_AGE.getType()).asLong() != null) {
            clientBuilder.setDefaultMaxAge(input.get(DEFAULT_MAX_AGE.getType()).asLong());
            clientBuilder.setDefaultMaxAgeEnabled(true);
        } else {
            clientBuilder.setDefaultMaxAge(Client.MIN_DEFAULT_MAX_AGE);
            clientBuilder.setDefaultMaxAgeEnabled(false);
        }
        List<String> redirectUris = new ArrayList<String>();
        if (input.get(REDIRECT_URIS.getType()).asList() != null) {
            redirectUris = input.get(REDIRECT_URIS.getType()).asList(String.class);
            boolean isValidUris = true;
            for (String redirectUri : redirectUris) {
                try {
                    urlValidator.validate(redirectUri);
                } catch (ValidationException e) {
                    isValidUris = false;
                    logger.error("The redirectUri: " + redirectUri + " is invalid.");
                }
            }
            if (!isValidUris) {
                throw new InvalidRedirectUri();
            }
            clientBuilder.setRedirectionURIs(redirectUris);
        }
        if (input.get(SECTOR_IDENTIFIER_URI.getType()).asString() != null) {
            try {
                URL sectorIdentifier = new URL(input.get(SECTOR_IDENTIFIER_URI.getType()).asString());
                List<String> response = mapper.readValue(sectorIdentifier, List.class);
                if (!response.containsAll(redirectUris)) {
                    logger.error("Request_uris not included in sector_identifier_uri.");
                    throw new InvalidClientMetadata();
                }
            } catch (Exception e) {
                logger.error("Invalid sector_identifier_uri requested.");
                throw new InvalidClientMetadata("Invalid sector_identifier_uri requested.");
            }
            clientBuilder.setSectorIdentifierUri(input.get(SECTOR_IDENTIFIER_URI.getType()).asString());
        }
        List<String> scopes = input.get(SCOPES.getType()).asList(String.class);
        if (scopes != null && !scopes.isEmpty()) {
            if (!containsAllCaseInsensitive(providerSettings.getSupportedScopes(), scopes)) {
                logger.error("Invalid scopes requested.");
                throw new InvalidClientMetadata("Invalid scopes requested");
            }
        } else {
            //if nothing requested, fall back to provider defaults
            scopes = new ArrayList<String>();
            scopes.addAll(providerSettings.getDefaultScopes());
        }
        //regardless, we add openid
        if (!scopes.contains(OPENID)) {
            scopes = new ArrayList<String>(scopes);
            scopes.add(OPENID);
        }
        clientBuilder.setAllowedGrantScopes(scopes);
        List<String> defaultScopes = input.get(DEFAULT_SCOPES.getType()).asList(String.class);
        if (defaultScopes != null) {
            if (containsAllCaseInsensitive(providerSettings.getSupportedScopes(), defaultScopes)) {
                clientBuilder.setDefaultGrantScopes(defaultScopes);
            } else {
                throw new InvalidClientMetadata("Invalid default scopes requested.");
            }
        }
        List<String> clientNames = new ArrayList<String>();
        Set<String> keys = input.keys();
        for (String key : keys) {
            if (key.equals(CLIENT_NAME.getType())) {
                clientNames.add(input.get(key).asString());
            } else if (key.startsWith(CLIENT_NAME.getType())) {
                try {
                    Locale locale = new Locale(key.substring(CLIENT_NAME.getType().length() + 1));
                    clientNames.add(locale.toString() + "|" + input.get(key).asString());
                } catch (Exception e) {
                    logger.error("Invalid locale for client_name.");
                    throw new InvalidClientMetadata("Invalid locale for client_name.");
                }
            }
        }
        if (clientNames != null) {
            clientBuilder.setClientName(clientNames);
        }
        if (input.get(CLIENT_DESCRIPTION.getType()).asList() != null) {
            clientBuilder.setDisplayDescription(input.get(CLIENT_DESCRIPTION.getType()).asList(String.class));
        }
        if (input.get(SUBJECT_TYPE.getType()).asString() != null) {
            if (providerSettings.getSupportedSubjectTypes().contains(input.get(SUBJECT_TYPE.getType()).asString())) {
                clientBuilder.setSubjectType(input.get(SUBJECT_TYPE.getType()).asString());
            } else {
                logger.error("Invalid subject_type requested.");
                throw new InvalidClientMetadata("Invalid subject_type requested");
            }
        } else {
            clientBuilder.setSubjectType(Client.SubjectType.PUBLIC.getType());
        }
        if (input.get(ID_TOKEN_SIGNED_RESPONSE_ALG.getType()).asString() != null) {
            if (containsCaseInsensitive(providerSettings.getSupportedIDTokenSigningAlgorithms(), input.get(ID_TOKEN_SIGNED_RESPONSE_ALG.getType()).asString())) {
                clientBuilder.setIdTokenSignedResponseAlgorithm(input.get(ID_TOKEN_SIGNED_RESPONSE_ALG.getType()).asString());
            } else {
                logger.error("Unsupported id_token_response_signed_alg requested.");
                throw new InvalidClientMetadata("Unsupported id_token_response_signed_alg requested.");
            }
        } else {
            clientBuilder.setIdTokenSignedResponseAlgorithm(ID_TOKEN_SIGNED_RESPONSE_ALG_DEFAULT);
        }
        if (input.get(POST_LOGOUT_REDIRECT_URIS.getType()).asList() != null) {
            List<String> logoutRedirectUris = input.get(POST_LOGOUT_REDIRECT_URIS.getType()).asList(String.class);
            boolean isValidUris = true;
            for (String logoutRedirectUri : logoutRedirectUris) {
                try {
                    urlValidator.validate(logoutRedirectUri);
                } catch (ValidationException e) {
                    isValidUris = false;
                    logger.error("The post_logout_redirect_uris: {} is invalid.", logoutRedirectUri);
                }
            }
            if (!isValidUris) {
                throw new InvalidPostLogoutRedirectUri();
            }
            clientBuilder.setPostLogoutRedirectionURIs(logoutRedirectUris);
        }
        if (input.get(REGISTRATION_ACCESS_TOKEN.getType()).asString() != null) {
            clientBuilder.setAccessToken(input.get(REGISTRATION_ACCESS_TOKEN.getType()).asString());
        } else {
            clientBuilder.setAccessToken(accessToken);
        }
        if (input.get(CLIENT_SESSION_URI.getType()).asString() != null) {
            clientBuilder.setClientSessionURI(input.get(CLIENT_SESSION_URI.getType()).asString());
        }
        if (input.get(APPLICATION_TYPE.getType()).asString() != null) {
            if (Client.ApplicationType.fromString(input.get(APPLICATION_TYPE.getType()).asString()) != null) {
                clientBuilder.setApplicationType(Client.ApplicationType.WEB.getType());
            } else {
                logger.error("Invalid application_type requested.");
                throw new InvalidClientMetadata("Invalid application_type requested.");
            }
        } else {
            clientBuilder.setApplicationType(DEFAULT_APPLICATION_TYPE);
        }
        if (input.get(DISPLAY_NAME.getType()).asList() != null) {
            clientBuilder.setDisplayName(input.get(DISPLAY_NAME.getType()).asList(String.class));
        }
        if (input.get(RESPONSE_TYPES.getType()).asList() != null) {
            final List<String> clientResponseTypeList = input.get(RESPONSE_TYPES.getType()).asList(String.class);
            final List<String> typeList = new ArrayList<String>();
            for (String responseType : clientResponseTypeList) {
                typeList.addAll(Arrays.asList(responseType.split(" ")));
            }
            if (containsAllCaseInsensitive(providerSettings.getAllowedResponseTypes().keySet(), typeList)) {
                clientBuilder.setResponseTypes(clientResponseTypeList);
            } else {
                logger.error("Invalid response_types requested.");
                throw new InvalidClientMetadata("Invalid response_types requested.");
            }
        } else {
            List<String> defaultResponseTypes = new ArrayList<String>();
            defaultResponseTypes.add("code");
            clientBuilder.setResponseTypes(defaultResponseTypes);
        }
        if (input.get(AUTHORIZATION_CODE_LIFE_TIME.getType()).asLong() != null) {
            clientBuilder.setAuthorizationCodeLifeTime(input.get(AUTHORIZATION_CODE_LIFE_TIME.getType()).asLong());
        } else {
            clientBuilder.setAuthorizationCodeLifeTime(0L);
        }
        if (input.get(ACCESS_TOKEN_LIFE_TIME.getType()).asLong() != null) {
            clientBuilder.setAccessTokenLifeTime(input.get(ACCESS_TOKEN_LIFE_TIME.getType()).asLong());
        } else {
            clientBuilder.setAccessTokenLifeTime(0L);
        }
        if (input.get(REFRESH_TOKEN_LIFE_TIME.getType()).asLong() != null) {
            clientBuilder.setRefreshTokenLifeTime(input.get(REFRESH_TOKEN_LIFE_TIME.getType()).asLong());
        } else {
            clientBuilder.setRefreshTokenLifeTime(0L);
        }
        if (input.get(JWT_TOKEN_LIFE_TIME.getType()).asLong() != null) {
            clientBuilder.setJwtTokenLifeTime(input.get(JWT_TOKEN_LIFE_TIME.getType()).asLong());
        } else {
            clientBuilder.setJwtTokenLifeTime(0L);
        }
        if (input.get(CONTACTS.getType()).asList() != null) {
            clientBuilder.setContacts(input.get(CONTACTS.getType()).asList(String.class));
        }
    } catch (JsonValueException e) {
        logger.error("Unable to build client.", e);
        throw new InvalidClientMetadata();
    }
    Client client = clientBuilder.createClient();
    // See OPENAM-3604 and http://openid.net/specs/openid-connect-registration-1_0.html#ClientRegistration
    if (providerSettings.isRegistrationAccessTokenGenerationEnabled() && !client.hasAccessToken()) {
        client.setAccessToken(createRegistrationAccessToken(client, request));
    }
    clientDAO.create(client, request);
    // have some visibility on who is registering clients.
    if (logger.isInfoEnabled()) {
        logger.info("Registered OpenID Connect client: " + client.getClientID() + ", name=" + client.getClientName() + ", type=" + client.getClientType());
    }
    Map<String, Object> response = client.asMap();
    response = convertClientReadResponseFormat(response);
    response.put(REGISTRATION_CLIENT_URI, deploymentUrl + "/oauth2/connect/register?client_id=" + client.getClientID());
    response.put(EXPIRES_AT, 0);
    return new JsonValue(response);
}
Also used : JsonException(org.forgerock.json.JsonException) Locale(java.util.Locale) AccessDeniedException(org.forgerock.oauth2.core.exceptions.AccessDeniedException) MalformedURLException(java.net.MalformedURLException) ValidationException(com.sun.identity.shared.validation.ValidationException) ArrayList(java.util.ArrayList) URL(java.net.URL) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings) Client(org.forgerock.openidconnect.Client) InvalidRedirectUri(org.forgerock.openidconnect.exceptions.InvalidRedirectUri) JsonValueException(org.forgerock.json.JsonValueException) ClientBuilder(org.forgerock.openidconnect.ClientBuilder) ShortClientAttributeNames(org.forgerock.oauth2.core.OAuth2Constants.ShortClientAttributeNames) JsonValue(org.forgerock.json.JsonValue) ValidationException(com.sun.identity.shared.validation.ValidationException) MalformedURLException(java.net.MalformedURLException) InvalidTokenException(org.forgerock.oauth2.core.exceptions.InvalidTokenException) JsonException(org.forgerock.json.JsonException) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException) JsonValueException(org.forgerock.json.JsonValueException) InvalidRequestException(org.forgerock.oauth2.core.exceptions.InvalidRequestException) UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException) UnsupportedResponseTypeException(org.forgerock.oauth2.core.exceptions.UnsupportedResponseTypeException) AccessDeniedException(org.forgerock.oauth2.core.exceptions.AccessDeniedException) InvalidPostLogoutRedirectUri(org.forgerock.openidconnect.exceptions.InvalidPostLogoutRedirectUri) OAuth2Constants(org.forgerock.oauth2.core.OAuth2Constants) InvalidClientMetadata(org.forgerock.openidconnect.exceptions.InvalidClientMetadata)

Example 39 with JsonValue

use of org.forgerock.json.JsonValue in project OpenAM by OpenRock.

the class OpenAMOpenIdConnectClientRegistrationService method getRegistration.

/**
     * {@inheritDoc}
     */
public JsonValue getRegistration(String clientId, String accessToken, OAuth2Request request) throws InvalidRequestException, InvalidClientMetadata, InvalidTokenException {
    if (clientId != null) {
        final Client client;
        try {
            client = clientDAO.read(clientId, request);
        } catch (UnauthorizedClientException e) {
            logger.error("ConnectClientRegistration.Validate(): Unable to create client", e);
            throw new InvalidClientMetadata();
        }
        if (!client.getAccessToken().equals(accessToken)) {
            //client access token doesn't match the access token supplied in the request
            logger.error("ConnectClientRegistration.getClient(): Invalid accessToken");
            throw new InvalidTokenException();
        }
        //remove the client fields that don't need to be reported.
        client.remove(REGISTRATION_ACCESS_TOKEN.getType());
        final JsonValue response = new JsonValue(convertClientReadResponseFormat(client.asMap()));
        response.put(EXPIRES_AT, 0);
        return response;
    } else {
        logger.error("ConnectClientRegistration.readRequest(): No client id sent");
        throw new InvalidRequestException();
    }
}
Also used : InvalidTokenException(org.forgerock.oauth2.core.exceptions.InvalidTokenException) UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException) JsonValue(org.forgerock.json.JsonValue) InvalidRequestException(org.forgerock.oauth2.core.exceptions.InvalidRequestException) Client(org.forgerock.openidconnect.Client) InvalidClientMetadata(org.forgerock.openidconnect.exceptions.InvalidClientMetadata)

Example 40 with JsonValue

use of org.forgerock.json.JsonValue in project OpenAM by OpenRock.

the class ClientResource method createInstance.

public Promise<ResourceResponse, ResourceException> createInstance(Context context, CreateRequest createRequest) {
    String principal = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
    Map<String, String> responseVal = new HashMap<String, String>();
    try {
        if (serviceSchema == null || serviceSchemaManager == null) {
            if (debug.errorEnabled()) {
                debug.error("ClientResource :: CREATE by " + principal + ": No serviceSchema available.");
            }
            throw new PermanentException(ResourceException.INTERNAL_ERROR, "", null);
        }
        Map<String, ArrayList<String>> client = (Map<String, ArrayList<String>>) createRequest.getContent().getObject();
        String realm = null;
        if (client == null || client.isEmpty()) {
            if (debug.errorEnabled()) {
                debug.error("ClientResource :: CREATE by " + principal + ": No client definition.");
            }
            throw new PermanentException(ResourceException.BAD_REQUEST, "Missing client definition", null);
        }
        //check for id
        String id = createRequest.getNewResourceId();
        if (client.containsKey(OAuth2Constants.OAuth2Client.CLIENT_ID)) {
            ArrayList<String> idList = client.remove(OAuth2Constants.OAuth2Client.CLIENT_ID);
            if (idList != null && !idList.isEmpty()) {
                id = idList.iterator().next();
            }
        }
        if (id == null || id.isEmpty()) {
            debug.error("ClientResource :: CREATE by " + principal + ": No client ID.");
            throw new PermanentException(ResourceException.BAD_REQUEST, "Missing client id", null);
        }
        //get realm
        if (client.containsKey(OAuth2Constants.OAuth2Client.REALM)) {
            ArrayList<String> realmList = client.remove(OAuth2Constants.OAuth2Client.REALM);
            if (realmList != null && !realmList.isEmpty()) {
                realm = realmList.iterator().next();
            }
        }
        //check for required parameters
        if (!client.containsKey(OAuth2Constants.OAuth2Client.USERPASSWORD) || client.get(OAuth2Constants.OAuth2Client.USERPASSWORD).iterator().next().isEmpty()) {
            if (debug.errorEnabled()) {
                debug.error("ClientResource :: CREATE by " + principal + ": " + "Resource ID: " + id + ": No user password.");
            }
            throw new PermanentException(ResourceException.BAD_REQUEST, "Missing user password", null);
        }
        if (client.containsKey(OAuth2Constants.OAuth2Client.CLIENT_TYPE)) {
            String type = client.get(OAuth2Constants.OAuth2Client.CLIENT_TYPE).iterator().next();
            if (!(type.equals("Confidential") || type.equals("Public"))) {
                debug.error("ClientResource :: CREATE by " + principal + ": " + "Resource ID: " + id + ": No client type.");
                throw new PermanentException(ResourceException.BAD_REQUEST, "Missing client type", null);
            }
        } else {
            debug.error("ClientResource :: CREATE by" + principal + ": " + "Resource ID: " + id + ": No client type.");
            throw new PermanentException(ResourceException.BAD_REQUEST, "Missing client type", null);
        }
        Map<String, Set<String>> attrs = new HashMap<String, Set<String>>();
        for (Map.Entry mapEntry : client.entrySet()) {
            List<String> list = (ArrayList) mapEntry.getValue();
            Set<String> set = new HashSet<String>();
            if (isSingle((String) mapEntry.getKey())) {
                set.add((String) ((ArrayList) mapEntry.getValue()).get(0));
            } else {
                for (int i = 0; i < list.size(); i++) {
                    set.add("[" + i + "]=" + list.get(i));
                }
            }
            attrs.put((String) mapEntry.getKey(), set);
        }
        Set<String> temp = new HashSet<String>();
        temp.add("OAuth2Client");
        attrs.put("AgentType", temp);
        temp = new HashSet<String>();
        temp.add("Active");
        attrs.put("sunIdentityServerDeviceStatus", temp);
        manager.createIdentity(realm, id, attrs);
        responseVal.put("success", "true");
        JsonValue response = new JsonValue(responseVal);
        ResourceResponse resource = newResourceResponse("results", String.valueOf(System.currentTimeMillis()), response);
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "CREATED_CLIENT", responseVal.toString() };
            auditLogger.logAccessMessage("CREATED_CLIENT", obs, null);
        }
        return newResultPromise(resource);
    } catch (IdRepoException e) {
        responseVal.put("success", "false");
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "FAILED_CREATE_CLIENT", responseVal.toString() };
            auditLogger.logErrorMessage("FAILED_CREATE_CLIENT", obs, null);
        }
        if (debug.errorEnabled()) {
            debug.error("ClientResource :: CREATE by " + principal + ": Unable to create client due to " + "IdRepo exception.", e);
        }
        return new InternalServerErrorException("Unable to create client", e).asPromise();
    } catch (SSOException e) {
        responseVal.put("success", "false");
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "FAILED_CREATE_CLIENT", responseVal.toString() };
            auditLogger.logErrorMessage("FAILED_CREATE_CLIENT", obs, null);
        }
        if (debug.errorEnabled()) {
            debug.error("ClientResource :: CREATE by " + principal + ": Unable to create client due to " + "SSO exception.", e);
        }
        return new InternalServerErrorException("Unable to create client", e).asPromise();
    } catch (PermanentException e) {
        responseVal.put("success", "false");
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "FAILED_CREATE_CLIENT", responseVal.toString() };
            auditLogger.logErrorMessage("FAILED_CREATE_CLIENT", obs, null);
        }
        if (debug.errorEnabled()) {
            debug.error("ClientResource :: CREATE by " + principal + ": Unable to create client due to exception.", e);
        }
        return e.asPromise();
    } catch (org.forgerock.json.resource.BadRequestException e) {
        responseVal.put("success", "false");
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "FAILED_CREATE_CLIENT", responseVal.toString() };
            auditLogger.logErrorMessage("FAILED_CREATE_CLIENT", obs, null);
        }
        debug.error("ClientResource :: CREATE : Unable to create client due to Bad Request.", e);
        return e.asPromise();
    }
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) SSOException(com.iplanet.sso.SSOException) PermanentException(org.forgerock.json.resource.PermanentException) HashSet(java.util.HashSet) JsonValue(org.forgerock.json.JsonValue) IdRepoException(com.sun.identity.idm.IdRepoException) Responses.newResourceResponse(org.forgerock.json.resource.Responses.newResourceResponse) ResourceResponse(org.forgerock.json.resource.ResourceResponse) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

JsonValue (org.forgerock.json.JsonValue)575 Test (org.testng.annotations.Test)333 ResourceException (org.forgerock.json.resource.ResourceException)144 ResourceResponse (org.forgerock.json.resource.ResourceResponse)123 RealmContext (org.forgerock.openam.rest.RealmContext)70 Context (org.forgerock.services.context.Context)63 HashSet (java.util.HashSet)56 SSOException (com.iplanet.sso.SSOException)54 ArrayList (java.util.ArrayList)51 BadRequestException (org.forgerock.json.resource.BadRequestException)47 Privilege (com.sun.identity.entitlement.Privilege)46 InternalServerErrorException (org.forgerock.json.resource.InternalServerErrorException)46 SSOToken (com.iplanet.sso.SSOToken)43 SMSException (com.sun.identity.sm.SMSException)42 HashMap (java.util.HashMap)42 NotFoundException (org.forgerock.json.resource.NotFoundException)41 SSOTokenContext (org.forgerock.openam.rest.resource.SSOTokenContext)41 CreateRequest (org.forgerock.json.resource.CreateRequest)40 OpenSSOPrivilege (com.sun.identity.entitlement.opensso.OpenSSOPrivilege)39 Subject (javax.security.auth.Subject)32