Examples with ForbiddenException org.forgerock.json.resource.ForbiddenException used on opensource projects

Search in sources :

Example 26 with ForbiddenException

use of org.forgerock.json.resource.ForbiddenException in project OpenAM by OpenRock.

the class IdentityResourceV1 method deleteInstance.

/**
     * {@inheritDoc}
     */
@Override
public Promise<ResourceResponse, ResourceException> deleteInstance(final Context context, final String resourceId, final DeleteRequest request) {
    RealmContext realmContext = context.asContext(RealmContext.class);
    final String realm = realmContext.getResolvedRealm();
    JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
    ResourceResponse resource;
    IdentityDetails dtls;
    try {
        SSOToken admin = getSSOToken(getCookieFromServerContext(context));
        // read to see if resource is available to user
        dtls = identityServices.read(resourceId, getIdentityServicesAttributes(realm), admin);
        // delete the resource
        identityServices.delete(dtls, admin);
        String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
        debug.message("IdentityResource.deleteInstance :: DELETE of resourceId={} in realm={} performed by " + "principalName={}", resourceId, realm, principalName);
        result.put("success", "true");
        resource = newResourceResponse(resourceId, "0", result);
        return newResultPromise(resource);
    } catch (final NeedMoreCredentials ex) {
        debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : User does not have enough" + " privileges.", resourceId, ex);
        return new ForbiddenException(resourceId, ex).asPromise();
    } catch (final ObjectNotFound notFound) {
        debug.error("IdentityResource.deleteInstance() :: Cannot DELETE {} : Resource cannot be found.", resourceId, notFound);
        return new NotFoundException("Resource cannot be found.", notFound).asPromise();
    } catch (final TokenExpired tokenExpired) {
        debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : Unauthorized", resourceId, tokenExpired);
        return new PermanentException(401, "Unauthorized", null).asPromise();
    } catch (final AccessDenied accessDenied) {
        debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : Access denied", resourceId, accessDenied);
        return new ForbiddenException(accessDenied).asPromise();
    } catch (final GeneralFailure generalFailure) {
        debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : general failure", resourceId, generalFailure);
        return new BadRequestException(generalFailure.getMessage(), generalFailure).asPromise();
    } catch (ForbiddenException ex) {
        debug.warning("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={}: User does not have " + "enough privileges.", resourceId, ex);
        return new ForbiddenException(resourceId, ex).asPromise();
    } catch (NotFoundException notFound) {
        debug.warning("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : Resource cannot be found", resourceId, notFound);
        return new NotFoundException("Resource cannot be found.", notFound).asPromise();
    } catch (ResourceException re) {
        debug.warning("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : resource failure", resourceId, re);
        result.put("success", "false");
        resource = newResourceResponse(resourceId, "0", result);
        return newResultPromise(resource);
    } catch (Exception e) {
        debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={}", resourceId, e);
        result.put("success", "false");
        resource = newResourceResponse(resourceId, "0", result);
        return newResultPromise(resource);
    }
}
Also used : ForbiddenException(org.forgerock.json.resource.ForbiddenException) IdentityRestUtils.getSSOToken(org.forgerock.openam.core.rest.IdentityRestUtils.getSSOToken) SSOToken(com.iplanet.sso.SSOToken) NeedMoreCredentials(com.sun.identity.idsvcs.NeedMoreCredentials) RealmContext(org.forgerock.openam.rest.RealmContext) IdentityRestUtils.identityDetailsToJsonValue(org.forgerock.openam.core.rest.IdentityRestUtils.identityDetailsToJsonValue) JsonValue(org.forgerock.json.JsonValue) NotFoundException(org.forgerock.json.resource.NotFoundException) ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException) AccessDenied(com.sun.identity.idsvcs.AccessDenied) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) DeleteFailedException(org.forgerock.openam.cts.exceptions.DeleteFailedException) SSOException(com.iplanet.sso.SSOException) NotFoundException(org.forgerock.json.resource.NotFoundException) NotSupportedException(org.forgerock.json.resource.NotSupportedException) BadRequestException(org.forgerock.json.resource.BadRequestException) MessagingException(javax.mail.MessagingException) ConflictException(org.forgerock.json.resource.ConflictException) PermanentException(org.forgerock.json.resource.PermanentException) ForbiddenException(org.forgerock.json.resource.ForbiddenException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException) IdRepoException(com.sun.identity.idm.IdRepoException) SMSException(com.sun.identity.sm.SMSException) ResourceException(org.forgerock.json.resource.ResourceException) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) ResourceResponse(org.forgerock.json.resource.ResourceResponse) ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound) PermanentException(org.forgerock.json.resource.PermanentException) GeneralFailure(com.sun.identity.idsvcs.GeneralFailure) IdentityRestUtils.jsonValueToIdentityDetails(org.forgerock.openam.core.rest.IdentityRestUtils.jsonValueToIdentityDetails) IdentityDetails(com.sun.identity.idsvcs.IdentityDetails) BadRequestException(org.forgerock.json.resource.BadRequestException) TokenExpired(com.sun.identity.idsvcs.TokenExpired) ResourceException(org.forgerock.json.resource.ResourceException)

Example 27 with ForbiddenException

use of org.forgerock.json.resource.ForbiddenException in project OpenAM by OpenRock.

the class IdentityResourceV1 method idFromSession.

/**
     * Gets the user id from the session provided in the server context
     *
     * @param context Current Server Context
     * @param request Request from client to retrieve id
     */
private Promise<ActionResponse, ResourceException> idFromSession(final Context context, final ActionRequest request) {
    JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
    SSOToken ssotok;
    AMIdentity amIdentity;
    try {
        SSOTokenManager mgr = SSOTokenManager.getInstance();
        ssotok = mgr.createSSOToken(getCookieFromServerContext(context));
        amIdentity = new AMIdentity(ssotok);
        // build resource
        result.put("id", amIdentity.getName());
        result.put("realm", com.sun.identity.sm.DNMapper.orgNameToRealmName(amIdentity.getRealm()));
        result.put("dn", amIdentity.getUniversalId());
        result.put("successURL", ssotok.getProperty(ISAuthConstants.SUCCESS_URL, false));
        result.put("fullLoginURL", ssotok.getProperty(ISAuthConstants.FULL_LOGIN_URL, false));
        if (debug.messageEnabled()) {
            debug.message("IdentityResource.idFromSession() :: Retrieved ID for user={}", amIdentity.getName());
        }
        return newResultPromise(newActionResponse(result));
    } catch (SSOException e) {
        debug.error("IdentityResource.idFromSession() :: Cannot retrieve SSO Token", e);
        return new ForbiddenException("SSO Token cannot be retrieved.", e).asPromise();
    } catch (IdRepoException ex) {
        debug.error("IdentityResource.idFromSession() :: Cannot retrieve user from IdRepo", ex);
        return new ForbiddenException("Cannot retrieve id from session.", ex).asPromise();
    }
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) ForbiddenException(org.forgerock.json.resource.ForbiddenException) IdentityRestUtils.getSSOToken(org.forgerock.openam.core.rest.IdentityRestUtils.getSSOToken) SSOToken(com.iplanet.sso.SSOToken) AMIdentity(com.sun.identity.idm.AMIdentity) IdentityRestUtils.identityDetailsToJsonValue(org.forgerock.openam.core.rest.IdentityRestUtils.identityDetailsToJsonValue) JsonValue(org.forgerock.json.JsonValue) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException)

Example 28 with ForbiddenException

use of org.forgerock.json.resource.ForbiddenException in project OpenAM by OpenRock.

the class RealmResource method createInstance.

/**
     * {@inheritDoc}
     */
@Override
public Promise<ResourceResponse, ResourceException> createInstance(Context context, CreateRequest request) {
    RealmContext realmContext = context.asContext(RealmContext.class);
    String realmPath = realmContext.getResolvedRealm();
    ResourceResponse resource;
    String parentRealm;
    String childRealm;
    String realm = null;
    try {
        hasPermission(context);
        final JsonValue jVal = request.getContent();
        // get the realm
        realm = jVal.get("realm").asString();
        if (StringUtils.isBlank(realm)) {
            realm = request.getNewResourceId();
        }
        realm = checkForTopLevelRealm(realm);
        if (StringUtils.isBlank(realm)) {
            throw new BadRequestException("No realm name provided.");
        } else if (!realm.startsWith("/")) {
            realm = "/" + realm;
        }
        if (!realmPath.equalsIgnoreCase("/")) {
            // build realm to comply with format if not top level
            realm = realmPath + realm;
        }
        parentRealm = RealmUtils.getParentRealm(realm);
        childRealm = RealmUtils.getChildRealm(realm);
        OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), parentRealm);
        Map defaultValues = createServicesMap(jVal);
        ocm.createSubOrganization(childRealm, defaultValues);
        String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
        debug.message("RealmResource.createInstance :: CREATE of realm " + childRealm + " in realm " + parentRealm + " performed by " + principalName);
        // create a resource for handler to return
        OrganizationConfigManager realmCreated = new OrganizationConfigManager(getSSOToken(), realm);
        resource = newResourceResponse(childRealm, String.valueOf(System.currentTimeMillis()), createJsonMessage("realmCreated", realmCreated.getOrganizationName()));
        return newResultPromise(resource);
    } catch (SMSException smse) {
        debug.error("RealmResource.createInstance() : Cannot find " + realm, smse);
        try {
            configureErrorMessage(smse);
            return new BadRequestException(smse.getMessage(), smse).asPromise();
        } catch (NotFoundException nf) {
            debug.error("RealmResource.createInstance() : Cannot find " + realm, nf);
            return nf.asPromise();
        } catch (ForbiddenException fe) {
            // User does not have authorization
            debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
            return fe.asPromise();
        } catch (PermanentException pe) {
            debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
            // Cannot recover from this exception
            return pe.asPromise();
        } catch (ConflictException ce) {
            debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, ce);
            return ce.asPromise();
        } catch (BadRequestException be) {
            debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
            return be.asPromise();
        } catch (Exception e) {
            debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, e);
            return new BadRequestException(e.getMessage(), e).asPromise();
        }
    } catch (SSOException sso) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, sso);
        return new PermanentException(401, "Access Denied", null).asPromise();
    } catch (ForbiddenException fe) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
        return fe.asPromise();
    } catch (BadRequestException be) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
        return be.asPromise();
    } catch (PermanentException pe) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
        // Cannot recover from this exception
        return pe.asPromise();
    } catch (Exception e) {
        debug.error("RealmResource.createInstance()" + realm + ":" + e);
        return new BadRequestException(e.getMessage(), e).asPromise();
    }
}
Also used : ForbiddenException(org.forgerock.json.resource.ForbiddenException) RealmContext(org.forgerock.openam.rest.RealmContext) SMSException(com.sun.identity.sm.SMSException) ConflictException(org.forgerock.json.resource.ConflictException) JsonValue(org.forgerock.json.JsonValue) NotFoundException(org.forgerock.json.resource.NotFoundException) SSOException(com.iplanet.sso.SSOException) NotFoundException(org.forgerock.json.resource.NotFoundException) BadRequestException(org.forgerock.json.resource.BadRequestException) ConflictException(org.forgerock.json.resource.ConflictException) PermanentException(org.forgerock.json.resource.PermanentException) SMSException(com.sun.identity.sm.SMSException) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) ForbiddenException(org.forgerock.json.resource.ForbiddenException) JsonValueException(org.forgerock.json.JsonValueException) ResourceException(org.forgerock.json.resource.ResourceException) SSOException(com.iplanet.sso.SSOException) Responses.newResourceResponse(org.forgerock.json.resource.Responses.newResourceResponse) ResourceResponse(org.forgerock.json.resource.ResourceResponse) OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager) PermanentException(org.forgerock.json.resource.PermanentException) BadRequestException(org.forgerock.json.resource.BadRequestException) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map)

Example 29 with ForbiddenException

use of org.forgerock.json.resource.ForbiddenException in project OpenAM by OpenRock.

the class IdentityResourceV2 method attemptResourceCreation.

private Promise<IdentityDetails, ResourceException> attemptResourceCreation(String realm, SSOToken admin, IdentityDetails identity, String resourceId) {
    IdentityDetails dtls = null;
    try {
        // Create the resource
        identityServices.create(identity, admin);
        // Read created resource
        dtls = identityServices.read(resourceId, getIdentityServicesAttributes(realm, objectType), admin);
        if (debug.messageEnabled()) {
            debug.message("IdentityResource.createInstance() :: Created resourceId={} in realm={} by AdminID={}", resourceId, realm, admin.getTokenID());
        }
    } catch (final ObjectNotFound notFound) {
        debug.error("IdentityResource.createInstance() :: Cannot READ resourceId={} : Resource cannot be found.", resourceId, notFound);
        return new NotFoundException("Resource not found.", notFound).asPromise();
    } catch (final TokenExpired tokenExpired) {
        debug.error("IdentityResource.createInstance() :: Cannot CREATE resourceId={} : Unauthorized", resourceId, tokenExpired);
        return new PermanentException(401, "Unauthorized", null).asPromise();
    } catch (final NeedMoreCredentials needMoreCredentials) {
        debug.error("IdentityResource.createInstance() :: Cannot CREATE resourceId={} : Token is not authorized", resourceId, needMoreCredentials);
        return new ForbiddenException("Token is not authorized", needMoreCredentials).asPromise();
    } catch (final GeneralAccessDeniedError accessDenied) {
        debug.error("IdentityResource.createInstance() :: Cannot CREATE " + accessDenied);
        return new ForbiddenException().asPromise();
    } catch (GeneralFailure generalFailure) {
        debug.error("IdentityResource.createInstance() :: Cannot CREATE " + generalFailure);
        return new BadRequestException("Resource cannot be created: " + generalFailure.getMessage(), generalFailure).asPromise();
    } catch (AccessDenied accessDenied) {
        debug.error("IdentityResource.createInstance() :: Cannot CREATE " + accessDenied);
        return new ForbiddenException("Token is not authorized: " + accessDenied.getMessage(), accessDenied).asPromise();
    } catch (ResourceException re) {
        debug.warning("IdentityResource.createInstance() :: Cannot CREATE resourceId={}", resourceId, re);
        return re.asPromise();
    } catch (final Exception e) {
        debug.error("IdentityResource.createInstance() :: Cannot CREATE resourceId={}", resourceId, e);
        return new NotFoundException(e.getMessage(), e).asPromise();
    }
    return newResultPromise(dtls);
}
Also used : GeneralAccessDeniedError(com.sun.identity.idsvcs.opensso.GeneralAccessDeniedError) ForbiddenException(org.forgerock.json.resource.ForbiddenException) NeedMoreCredentials(com.sun.identity.idsvcs.NeedMoreCredentials) NotFoundException(org.forgerock.json.resource.NotFoundException) ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException) AccessDenied(com.sun.identity.idsvcs.AccessDenied) MessagingException(javax.mail.MessagingException) ConflictException(org.forgerock.json.resource.ConflictException) PermanentException(org.forgerock.json.resource.PermanentException) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) ForbiddenException(org.forgerock.json.resource.ForbiddenException) DeleteFailedException(org.forgerock.openam.cts.exceptions.DeleteFailedException) SSOException(com.iplanet.sso.SSOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) NotFoundException(org.forgerock.json.resource.NotFoundException) ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException) NotSupportedException(org.forgerock.json.resource.NotSupportedException) BadRequestException(org.forgerock.json.resource.BadRequestException) IdRepoException(com.sun.identity.idm.IdRepoException) SMSException(com.sun.identity.sm.SMSException) ResourceException(org.forgerock.json.resource.ResourceException) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound) PermanentException(org.forgerock.json.resource.PermanentException) GeneralFailure(com.sun.identity.idsvcs.GeneralFailure) IdentityDetails(com.sun.identity.idsvcs.IdentityDetails) BadRequestException(org.forgerock.json.resource.BadRequestException) TokenExpired(com.sun.identity.idsvcs.TokenExpired) ResourceException(org.forgerock.json.resource.ResourceException)

Example 30 with ForbiddenException

use of org.forgerock.json.resource.ForbiddenException in project OpenAM by OpenRock.

the class SmsRealmProvider method handleUpdate.

@Override
public Promise<ResourceResponse, ResourceException> handleUpdate(Context context, UpdateRequest request) {
    RealmContext realmContext = context.asContext(RealmContext.class);
    String realmPath = realmContext.getResolvedRealm();
    try {
        checkValues(request.getContent());
    } catch (BadRequestException e) {
        debug.error("RealmResource.updateInstance() : Cannot UPDATE " + realmPath, e);
        return new BadRequestException("Invalid attribute values").asPromise();
    }
    // protect against attempts to change a realm that does not exist as this results in unexpected behaviour
    try {
        String requestPath = getExpectedPathFromRequestContext(request);
        if (!realmPath.equals(requestPath)) {
            return new BadRequestException(BAD_REQUEST_REALM_NAME_ERROR_MESSAGE).asPromise();
        }
    } catch (org.forgerock.oauth2.core.exceptions.NotFoundException e) {
        return new BadRequestException(BAD_REQUEST_REALM_NAME_ERROR_MESSAGE).asPromise();
    }
    final JsonValue realmDetails = request.getContent();
    try {
        hasPermission(context);
        OrganizationConfigManager realmManager = new OrganizationConfigManager(getSSOToken(), realmPath);
        realmManager.setAttributes(IdConstants.REPO_SERVICE, getAttributeMap(realmDetails));
        final List<Object> newServiceNames = realmDetails.get(SERVICE_NAMES).asList();
        if (newServiceNames != null) {
            assignServices(realmManager, newServiceNames);
        }
        debug.message("RealmResource.updateInstance :: UPDATE of realm " + realmPath + " performed by " + PrincipalRestUtils.getPrincipalNameFromServerContext(context));
        return newResultPromise(getResource(getJsonValue(realmPath)));
    } catch (SMSException e) {
        debug.error("RealmResource.updateInstance() : Cannot UPDATE " + realmPath, e);
        return configureErrorMessage(e).asPromise();
    } catch (SSOException | ForbiddenException | IdRepoException e) {
        debug.error("RealmResource.updateInstance() : Cannot UPDATE " + realmPath, e);
        return new PermanentException(401, "Access Denied", null).asPromise();
    }
}
Also used : ForbiddenException(org.forgerock.json.resource.ForbiddenException) RealmContext(org.forgerock.openam.rest.RealmContext) SMSException(com.sun.identity.sm.SMSException) JsonValue(org.forgerock.json.JsonValue) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager) PermanentException(org.forgerock.json.resource.PermanentException) BadRequestException(org.forgerock.json.resource.BadRequestException)

Aggregations

ForbiddenException (org.forgerock.json.resource.ForbiddenException)31 SSOException (com.iplanet.sso.SSOException)26 BadRequestException (org.forgerock.json.resource.BadRequestException)22 NotFoundException (org.forgerock.json.resource.NotFoundException)21 InternalServerErrorException (org.forgerock.json.resource.InternalServerErrorException)20 ResourceException (org.forgerock.json.resource.ResourceException)19 IdRepoException (com.sun.identity.idm.IdRepoException)18 SMSException (com.sun.identity.sm.SMSException)18 JsonValue (org.forgerock.json.JsonValue)17 PermanentException (org.forgerock.json.resource.PermanentException)16 SSOToken (com.iplanet.sso.SSOToken)15 ConflictException (org.forgerock.json.resource.ConflictException)15 RealmContext (org.forgerock.openam.rest.RealmContext)14 NotSupportedException (org.forgerock.json.resource.NotSupportedException)11 ResourceResponse (org.forgerock.json.resource.ResourceResponse)11 IdentityDetails (com.sun.identity.idsvcs.IdentityDetails)10 ObjectNotFound (com.sun.identity.idsvcs.ObjectNotFound)10 ServiceNotFoundException (com.sun.identity.sm.ServiceNotFoundException)9 OrganizationConfigManager (com.sun.identity.sm.OrganizationConfigManager)8 UnsupportedEncodingException (java.io.UnsupportedEncodingException)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial