Examples with ConflictException org.forgerock.json.resource.ConflictException used on opensource projects

Example 1 with ConflictException

use of org.forgerock.json.resource.ConflictException in project OpenAM by OpenRock.

the class SmsRealmProvider method handleDelete.

@Override
public Promise<ResourceResponse, ResourceException> handleDelete(Context serverContext, DeleteRequest request) {
    RealmContext realmContext = serverContext.asContext(RealmContext.class);
    String realmPath = realmContext.getResolvedRealm();
    try {
        OrganizationConfigManager realmManager = new OrganizationConfigManager(getSSOToken(), realmPath);
        final ResourceResponse resource = getResource(getJsonValue(realmPath));
        realmManager.deleteSubOrganization(null, false);
        String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(serverContext);
        debug.message("RealmResource.deleteInstance :: DELETE of realm " + realmPath + " performed by " + principalName);
        return newResultPromise(resource);
    } catch (SMSException smse) {
        ResourceException exception = configureErrorMessage(smse);
        if (exception instanceof NotFoundException) {
            debug.warning("RealmResource.deleteInstance() : Cannot find {}", realmPath, smse);
            return exception.asPromise();
        } else if (exception instanceof ForbiddenException || exception instanceof PermanentException || exception instanceof ConflictException || exception instanceof BadRequestException) {
            debug.warning("RealmResource.deleteInstance() : Cannot DELETE {}", realmPath, smse);
            return exception.asPromise();
        } else {
            return new BadRequestException(exception.getMessage(), exception).asPromise();
        }
    } catch (Exception e) {
        return new BadRequestException(e.getMessage(), e).asPromise();
    }
}

Example 2 with ConflictException

use of org.forgerock.json.resource.ConflictException in project OpenAM by OpenRock.

the class SmsRealmProvider method handleRead.

@Override
public Promise<ResourceResponse, ResourceException> handleRead(Context context, ReadRequest request) {
    RealmContext realmContext = context.asContext(RealmContext.class);
    String realmPath = realmContext.getResolvedRealm();
    if (!request.getResourcePath().isEmpty()) {
        //if the resource path is not empty, the realm has not resolved correctly
        return new NotFoundException("Realm \"" + RealmUtils.concatenateRealmPath(RealmUtils.cleanRealm(realmPath), RealmUtils.cleanRealm(request.getResourcePath())) + "\" is not a valid realm.").asPromise();
    }
    try {
        JsonValue jsonResponse = getJsonValue(realmPath);
        if (debug.messageEnabled()) {
            debug.message("RealmResource.readInstance :: READ : Successfully read realm, " + realmPath + " performed by " + PrincipalRestUtils.getPrincipalNameFromServerContext(context));
        }
        return newResultPromise(getResource(jsonResponse));
    } catch (SMSException smse) {
        ResourceException exception = configureErrorMessage(smse);
        if (exception instanceof NotFoundException) {
            debug.warning("RealmResource.readInstance() : Cannot find {}", realmPath, smse);
            return exception.asPromise();
        } else if (exception instanceof ForbiddenException || exception instanceof PermanentException || exception instanceof ConflictException || exception instanceof BadRequestException) {
            debug.warning("RealmResource.readInstance() : Cannot READ {}", realmPath, smse);
            return exception.asPromise();
        } else {
            return new BadRequestException(exception.getMessage(), exception).asPromise();
        }
    } catch (Exception e) {
        return new BadRequestException(e.getMessage(), e).asPromise();
    }
}

Example 3 with ConflictException

use of org.forgerock.json.resource.ConflictException in project OpenAM by OpenRock.

the class IdentityResourceV1 method generateNewPasswordEmail.

/**
     * Generates the e-mail contents based on the incoming request.
     *
     * Will only send the e-mail if all the following conditions are true:
     *
     * - Forgotten Password service is enabled
     * - User exists
     * - User has an e-mail address in their profile
     * - E-mail service is correctly configured.
     *
     * @param context Non null.
     * @param request Non null.
     * @param realm Used as part of user lookup.
     * @param restSecurity Non null.
     */
private Promise<ActionResponse, ResourceException> generateNewPasswordEmail(final Context context, final ActionRequest request, final String realm, final RestSecurity restSecurity) {
    JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
    final JsonValue jsonBody = request.getContent();
    try {
        // Check to make sure forgotPassword enabled
        if (restSecurity == null) {
            if (debug.warningEnabled()) {
                debug.warning("Rest Security not created. restSecurity={}", restSecurity);
            }
            throw getException(UNAVAILABLE, "Rest Security Service not created");
        }
        if (!restSecurity.isForgotPassword()) {
            if (debug.warningEnabled()) {
                debug.warning("Forgot Password set to : {}", restSecurity.isForgotPassword());
            }
            throw getException(UNAVAILABLE, "Forgot password is not accessible.");
        }
        // Generate Admin Token
        SSOToken adminToken = getSSOToken(RestUtils.getToken().getTokenID().toString());
        Map<String, Set<String>> searchAttributes = getIdentityServicesAttributes(realm);
        searchAttributes.putAll(getAttributeFromRequest(jsonBody));
        List searchResults = identityServices.search(new CrestQuery("*"), searchAttributes, adminToken);
        if (searchResults.isEmpty()) {
            throw new NotFoundException("User not found");
        } else if (searchResults.size() > 1) {
            throw new ConflictException("Multiple users found");
        } else {
            String username = (String) searchResults.get(0);
            IdentityDetails identityDetails = identityServices.read(username, getIdentityServicesAttributes(realm), adminToken);
            String email = null;
            String uid = null;
            for (Map.Entry<String, Set<String>> attribute : asMap(identityDetails.getAttributes()).entrySet()) {
                String attributeName = attribute.getKey();
                if (MAIL.equalsIgnoreCase(attributeName)) {
                    if (attribute.getValue() != null && !attribute.getValue().isEmpty()) {
                        email = attribute.getValue().iterator().next();
                    }
                } else if (UNIVERSAL_ID.equalsIgnoreCase(attributeName)) {
                    if (attribute.getValue() != null && !attribute.getValue().isEmpty()) {
                        uid = attribute.getValue().iterator().next();
                    }
                }
            }
            // Check to see if user is Active/Inactive
            if (!isUserActive(uid)) {
                throw new ForbiddenException("Request is forbidden for this user");
            }
            // Check if email is provided
            if (email == null || email.isEmpty()) {
                throw new BadRequestException("No email provided in profile.");
            }
            // Get full deployment URL
            HttpContext header = context.asContext(HttpContext.class);
            StringBuilder deploymentURL = RestUtils.getFullDeploymentURI(header.getPath());
            String subject = jsonBody.get("subject").asString();
            String message = jsonBody.get("message").asString();
            // Retrieve email registration token life time
            if (restSecurity == null) {
                if (debug.warningEnabled()) {
                    debug.warning("Rest Security not created. restSecurity={}", restSecurity);
                }
                throw new NotFoundException("Rest Security Service not created");
            }
            Long tokenLifeTime = restSecurity.getForgotPassTLT();
            // Generate Token
            org.forgerock.openam.cts.api.tokens.Token ctsToken = generateToken(email, username, tokenLifeTime, realm);
            // Store token in datastore
            CTSHolder.getCTS().createAsync(ctsToken);
            // Create confirmationId
            String confirmationId = Hash.hash(ctsToken.getTokenId() + username + SystemProperties.get(AM_ENCRYPTION_PWD));
            // Build Confirmation URL
            String confURL = restSecurity.getForgotPasswordConfirmationUrl();
            StringBuilder confURLBuilder = new StringBuilder(100);
            if (confURL == null || confURL.isEmpty()) {
                confURLBuilder.append(deploymentURL.append("/json/confirmation/forgotPassword").toString());
            } else {
                confURLBuilder.append(confURL);
            }
            String confirmationLink = confURLBuilder.append("?confirmationId=").append(requestParamEncode(confirmationId)).append("&tokenId=").append(requestParamEncode(ctsToken.getTokenId())).append("&username=").append(requestParamEncode(username)).append("&realm=").append(realm).toString();
            // Send Registration
            sendNotification(email, subject, message, realm, confirmationLink);
            String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
            if (debug.messageEnabled()) {
                debug.message("IdentityResource.generateNewPasswordEmail :: ACTION of generate new password email " + " for username={} in realm={} performed by principalName={}", username, realm, principalName);
            }
        }
        return newResultPromise(newActionResponse(result));
    } catch (NotFoundException e) {
        debug.warning("Could not find user", e);
        return e.asPromise();
    } catch (ResourceException re) {
        // Service not available, Neither or both Username/Email provided, User inactive
        debug.warning(re.getMessage(), re);
        return re.asPromise();
    } catch (Exception e) {
        // Intentional - all other errors are considered Internal Error.
        debug.error("Internal error : Failed to send mail", e);
        return new InternalServerErrorException("Failed to send mail", e).asPromise();
    }
}

Example 4 with ConflictException

use of org.forgerock.json.resource.ConflictException in project OpenAM by OpenRock.

the class IdentityResourceV2 method generateNewPasswordEmail.

/**
     * Generates the e-mail contents based on the incoming request.
     *
     * Will only send the e-mail if all the following conditions are true:
     *
     * - Forgotten Password service is enabled
     * - User exists
     * - User has an e-mail address in their profile
     * - E-mail service is correctly configured.
     *
     * @param context Non null.
     * @param request Non null.
     * @param realm Used as part of user lookup.
     * @param restSecurity Non null.
     */
private Promise<ActionResponse, ResourceException> generateNewPasswordEmail(final Context context, final ActionRequest request, final String realm, final RestSecurity restSecurity) {
    JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
    final JsonValue jsonBody = request.getContent();
    try {
        // Check to make sure forgotPassword enabled
        if (restSecurity == null) {
            if (debug.warningEnabled()) {
                debug.warning("Rest Security not created. restSecurity={}", restSecurity);
            }
            throw getException(UNAVAILABLE, "Rest Security Service not created");
        }
        if (!restSecurity.isSelfServiceRestEndpointEnabled()) {
            if (debug.warningEnabled()) {
                debug.warning("Forgot Password set to : {}", restSecurity.isSelfServiceRestEndpointEnabled());
            }
            throw getException(UNAVAILABLE, "Legacy Self Service REST Endpoint is not enabled.");
        }
        if (!restSecurity.isForgotPassword()) {
            if (debug.warningEnabled()) {
                debug.warning("Forgot Password set to : {}", restSecurity.isForgotPassword());
            }
            throw getException(UNAVAILABLE, "Forgot password is not accessible.");
        }
        // Generate Admin Token
        SSOToken adminToken = getSSOToken(RestUtils.getToken().getTokenID().toString());
        Map<String, Set<String>> searchAttributes = getIdentityServicesAttributes(realm, objectType);
        searchAttributes.putAll(getAttributeFromRequest(jsonBody));
        List<String> searchResults = identityServices.search(new CrestQuery("*"), searchAttributes, adminToken);
        if (searchResults.isEmpty()) {
            throw new NotFoundException("User not found");
        } else if (searchResults.size() > 1) {
            throw new ConflictException("Multiple users found");
        } else {
            String username = searchResults.get(0);
            IdentityDetails identityDetails = identityServices.read(username, getIdentityServicesAttributes(realm, objectType), adminToken);
            String email = null;
            String uid = null;
            for (Map.Entry<String, Set<String>> attribute : asMap(identityDetails.getAttributes()).entrySet()) {
                String attributeName = attribute.getKey();
                if (MAIL.equalsIgnoreCase(attributeName)) {
                    if (attribute.getValue() != null && !attribute.getValue().isEmpty()) {
                        email = attribute.getValue().iterator().next();
                    }
                } else if (UNIVERSAL_ID.equalsIgnoreCase(attributeName)) {
                    if (attribute.getValue() != null && !attribute.getValue().isEmpty()) {
                        uid = attribute.getValue().iterator().next();
                    }
                }
            }
            // Check to see if user is Active/Inactive
            if (!isUserActive(uid)) {
                throw new ForbiddenException("Request is forbidden for this user");
            }
            // Check if email is provided
            if (email == null || email.isEmpty()) {
                throw new BadRequestException("No email provided in profile.");
            }
            // Get full deployment URL
            HttpContext header = context.asContext(HttpContext.class);
            String baseURL = baseURLProviderFactory.get(realm).getRootURL(header);
            String subject = jsonBody.get("subject").asString();
            String message = jsonBody.get("message").asString();
            // Retrieve email registration token life time
            if (restSecurity == null) {
                if (debug.warningEnabled()) {
                    debug.warning("Rest Security not created. restSecurity={}", restSecurity);
                }
                throw new NotFoundException("Rest Security Service not created");
            }
            Long tokenLifeTime = restSecurity.getForgotPassTLT();
            // Generate Token
            org.forgerock.openam.cts.api.tokens.Token ctsToken = generateToken(email, username, tokenLifeTime, realm);
            // Store token in datastore
            CTSHolder.getCTS().createAsync(ctsToken);
            // Create confirmationId
            String confirmationId = Hash.hash(ctsToken.getTokenId() + username + SystemProperties.get(AM_ENCRYPTION_PWD));
            // Build Confirmation URL
            String confURL = restSecurity.getForgotPasswordConfirmationUrl();
            StringBuilder confURLBuilder = new StringBuilder(100);
            if (StringUtils.isEmpty(confURL)) {
                confURLBuilder.append(baseURL).append("/json/confirmation/forgotPassword");
            } else if (confURL.startsWith("/")) {
                confURLBuilder.append(baseURL).append(confURL);
            } else {
                confURLBuilder.append(confURL);
            }
            String confirmationLink = confURLBuilder.append("?confirmationId=").append(requestParamEncode(confirmationId)).append("&tokenId=").append(requestParamEncode(ctsToken.getTokenId())).append("&username=").append(requestParamEncode(username)).append("&realm=").append(realm).toString();
            // Send Registration
            sendNotification(email, subject, message, realm, confirmationLink);
            String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
            if (debug.messageEnabled()) {
                debug.message("IdentityResource.generateNewPasswordEmail :: ACTION of generate new password email " + " for username={} in realm={} performed by principalName={}", username, realm, principalName);
            }
        }
        return newResultPromise(newActionResponse(result));
    } catch (ResourceException re) {
        // Service not available, Neither or both Username/Email provided, User inactive
        debug.warning(re.getMessage(), re);
        return re.asPromise();
    } catch (Exception e) {
        // Intentional - all other errors are considered Internal Error.
        debug.error("Internal error", e);
        return new InternalServerErrorException("Failed to send mail", e).asPromise();
    }
}

Example 5 with ConflictException

use of org.forgerock.json.resource.ConflictException in project OpenAM by OpenRock.

the class RealmResource method updateInstance.

/**
     * {@inheritDoc}
     */
@Override
public Promise<ResourceResponse, ResourceException> updateInstance(Context context, String resourceId, UpdateRequest request) {
    RealmContext realmContext = context.asContext(RealmContext.class);
    String realmPath = realmContext.getResolvedRealm();
    final JsonValue realmDetails = request.getContent();
    ResourceResponse resource;
    String realm;
    OrganizationConfigManager ocm;
    OrganizationConfigManager realmCreatedOcm;
    String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
    try {
        hasPermission(context);
        realm = checkForTopLevelRealm(resourceId);
        if (realm != null && !realm.startsWith("/")) {
            realm = "/" + realm;
        }
        if (!realmPath.equalsIgnoreCase("/")) {
            realm = realmPath + realm;
        }
        // Update a realm - if it's not found, error out.
        ocm = new OrganizationConfigManager(getSSOToken(), realm);
        List newServiceNames;
        // update ID_REPO attributes
        updateConfiguredServices(ocm, createServicesMap(realmDetails));
        newServiceNames = realmDetails.get(SERVICE_NAMES).asList();
        if (newServiceNames == null || newServiceNames.isEmpty()) {
            debug.error("RealmResource.updateInstance() : No Services defined.");
        } else {
            //assign services to realm
            assignServices(ocm, newServiceNames);
        }
        // READ THE REALM
        realmCreatedOcm = new OrganizationConfigManager(getSSOToken(), realm);
        debug.message("RealmResource.updateInstance :: UPDATE of realm " + realm + " performed by " + principalName);
        // create a resource for handler to return
        resource = newResourceResponse(realm, String.valueOf(System.currentTimeMillis()), createJsonMessage("realmUpdated", realmCreatedOcm.getOrganizationName()));
        return newResultPromise(resource);
    } catch (SMSException e) {
        try {
            configureErrorMessage(e);
            return new NotFoundException(e.getMessage(), e).asPromise();
        } catch (ForbiddenException fe) {
            // User does not have authorization
            debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe);
            return fe.asPromise();
        } catch (PermanentException pe) {
            debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, pe);
            // Cannot recover from this exception
            return pe.asPromise();
        } catch (ConflictException ce) {
            debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ce);
            return ce.asPromise();
        } catch (BadRequestException be) {
            debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, be);
            return be.asPromise();
        } catch (Exception ex) {
            debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex);
            return new NotFoundException("Cannot update realm.", ex).asPromise();
        }
    } catch (SSOException sso) {
        debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, sso);
        return new PermanentException(401, "Access Denied", null).asPromise();
    } catch (ForbiddenException fe) {
        debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe);
        return fe.asPromise();
    } catch (PermanentException pe) {
        debug.error("RealmResource.Instance() : Cannot UPDATE " + resourceId, pe);
        // Cannot recover from this exception
        return pe.asPromise();
    } catch (Exception ex) {
        debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex);
        return new NotFoundException("Cannot update realm.", ex).asPromise();
    }
}