use of org.forgerock.json.resource.NotFoundException in project OpenAM by OpenRock.
the class ResourceSetResourceTest method revokeAllUserPoliciesActionShouldHandleResourceException.
@Test
public void revokeAllUserPoliciesActionShouldHandleResourceException() {
//Given
Context context = mock(Context.class);
ActionRequest request = mock(ActionRequest.class);
given(contextHelper.getRealm(context)).willReturn("REALM");
given(contextHelper.getUserId(context)).willReturn("RESOURCE_OWNER_ID");
given(request.getAction()).willReturn("revokeAll");
given(resourceSetService.revokeAllPolicies(context, "REALM", "RESOURCE_OWNER_ID")).willReturn(new NotFoundException().<Void>asPromise());
//When
Promise<ActionResponse, ResourceException> promise = resource.actionCollection(context, request);
//Then
assertThat(promise).failedWithException().isInstanceOf(ResourceException.class);
}
use of org.forgerock.json.resource.NotFoundException in project OpenAM by OpenRock.
the class PolicyV1Filter method retrieveResourceType.
/**
* Retrieves the resource type Id from the containing application
* and sets it within the policies' JSON representation.
*
* @param jsonValue
* the policies' JSON representation
* @param callingSubject
* the calling subject
* @param realm
* the realm
*
* @throws EntitlementException
* should some policy error occur
* @throws ResourceException
* should some violation occur that doesn't satisfy policy v1.0
*/
private void retrieveResourceType(JsonValue jsonValue, Subject callingSubject, String realm) throws EntitlementException, ResourceException {
final String applicationName = jsonValue.get("applicationName").asString();
if (applicationName == null) {
throw new BadRequestException("Invalid application name defined in request");
}
final ApplicationService applicationService = applicationServiceFactory.create(callingSubject, realm);
final Application application = applicationService.getApplication(applicationName);
if (application == null) {
throw new NotFoundException("Unable to find application " + applicationName);
}
if (application.getResourceTypeUuids().size() != 1) {
throw new BadRequestException("Cannot create policy under an application with more than " + "one resource type using version 1.0 of this endpoint");
}
// Retrieve the resource type from the applications single resource type.
final String resourceTypeUuid = application.getResourceTypeUuids().iterator().next();
jsonValue.put(RESOURCE_TYPE_UUID, resourceTypeUuid);
}
use of org.forgerock.json.resource.NotFoundException in project OpenAM by OpenRock.
the class TokenResource method queryCollection.
@Override
public Promise<QueryResponse, ResourceException> queryCollection(Context context, QueryRequest queryRequest, QueryResourceHandler handler) {
try {
JsonValue response;
Collection<QueryFilter<CoreTokenField>> query = new ArrayList<QueryFilter<CoreTokenField>>();
//get uid of submitter
AMIdentity uid;
try {
uid = getUid(context);
if (!uid.equals(adminUserId)) {
query.add(QueryFilter.equalTo(USERNAME_FIELD, uid.getName()));
query.add(QueryFilter.equalTo(REALM_FIELD, DNMapper.orgNameToRealmName(uid.getRealm())));
}
} catch (Exception e) {
if (debug.errorEnabled()) {
debug.error("TokenResource :: QUERY : Unable to query collection as no UID discovered " + "for requesting user.");
}
return new PermanentException(401, "Unauthorized", e).asPromise();
}
String id = queryRequest.getQueryId();
String queryString;
if (id.equals("access_token")) {
queryString = "tokenName=access_token";
} else {
queryString = id;
}
String[] constraints = queryString.split(",");
boolean userNamePresent = false;
for (String constraint : constraints) {
String[] params = constraint.split("=");
if (params.length == 2) {
if (OAuthTokenField.USER_NAME.getOAuthField().equals(params[0])) {
userNamePresent = true;
}
query.add(QueryFilter.equalTo(getOAuth2TokenField(params[0]), params[1]));
}
}
if (adminUserId.equals(uid)) {
if (!userNamePresent) {
return new BadRequestException("userName field MUST be set in _queryId").asPromise();
}
} else if (userNamePresent) {
return new BadRequestException("userName field MUST NOT be set in _queryId").asPromise();
}
response = tokenStore.query(QueryFilter.and(query));
return handleResponse(handler, response, context);
} catch (UnauthorizedClientException e) {
debug.error("TokenResource :: QUERY : Unable to query collection as the client is not authorized.", e);
return new PermanentException(401, e.getMessage(), e).asPromise();
} catch (CoreTokenException e) {
debug.error("TokenResource :: QUERY : Unable to query collection as the token store is not available.", e);
return new ServiceUnavailableException(e.getMessage(), e).asPromise();
} catch (InternalServerErrorException e) {
debug.error("TokenResource :: QUERY : Unable to query collection as writing the response failed.", e);
return e.asPromise();
} catch (NotFoundException e) {
debug.error("TokenResource :: QUERY : Unable to query collection as realm does not have OAuth 2 provider.", e);
return e.asPromise();
}
}
use of org.forgerock.json.resource.NotFoundException in project OpenAM by OpenRock.
the class TokenResource method readInstance.
@Override
public Promise<ResourceResponse, ResourceException> readInstance(Context context, String resourceId, ReadRequest request) {
try {
AMIdentity uid = getUid(context);
JsonValue response;
ResourceResponse resource;
try {
response = tokenStore.read(resourceId);
} catch (CoreTokenException e) {
if (debug.errorEnabled()) {
debug.error("TokenResource :: READ : No token found with ID, " + resourceId);
}
throw new NotFoundException("Could not find valid token with given ID", e);
}
if (response == null) {
if (debug.errorEnabled()) {
debug.error("TokenResource :: READ : No token found with ID, " + resourceId);
}
throw new NotFoundException("Could not find valid token with given ID");
}
JsonValue expireTimeValue = response.get(OAuth2Constants.CoreTokenParams.EXPIRE_TIME);
long expireTime;
if (expireTimeValue.isNumber()) {
expireTime = expireTimeValue.asLong();
} else {
Set<String> expireTimeSet = (Set<String>) expireTimeValue.getObject();
expireTime = Long.parseLong(expireTimeSet.iterator().next());
}
if (System.currentTimeMillis() > expireTime) {
throw new NotFoundException("Could not find valid token with given ID");
}
String grantType = getAttributeValue(response, GRANT_TYPE);
if (grantType != null && grantType.equalsIgnoreCase(OAuth2Constants.TokenEndpoint.CLIENT_CREDENTIALS)) {
resource = newResourceResponse(OAuth2Constants.Params.ID, String.valueOf(System.currentTimeMillis()), response);
return newResultPromise(resource);
} else {
String realm = getAttributeValue(response, REALM);
String username = getAttributeValue(response, USERNAME);
if (username == null || username.isEmpty()) {
if (debug.errorEnabled()) {
debug.error("TokenResource :: READ : No token found with ID, " + resourceId);
}
throw new NotFoundException("Could not find valid token with given ID");
}
AMIdentity uid2 = identityManager.getResourceOwnerIdentity(username, realm);
if (uid.equals(adminUserId) || uid.equals(uid2)) {
resource = newResourceResponse(OAuth2Constants.Params.ID, String.valueOf(System.currentTimeMillis()), response);
return newResultPromise(resource);
} else {
if (debug.errorEnabled()) {
debug.error("TokenResource :: READ : Only the resource owner or an administrator may perform " + "a read on the token with ID, " + resourceId + ".");
}
throw new PermanentException(401, "Unauthorized", null);
}
}
} catch (ResourceException e) {
return e.asPromise();
} catch (SSOException e) {
debug.error("TokenResource :: READ : Unable to query collection as the IdRepo " + "failed to return a valid user.", e);
return new PermanentException(401, "Unauthorized", e).asPromise();
} catch (IdRepoException e) {
debug.error("TokenResource :: READ : Unable to query collection as the IdRepo " + "failed to return a valid user.", e);
return new PermanentException(401, "Unauthorized", e).asPromise();
} catch (UnauthorizedClientException e) {
debug.error("TokenResource :: READ : Unable to query collection as the client is not authorized.", e);
return new PermanentException(401, "Unauthorized", e).asPromise();
}
}
use of org.forgerock.json.resource.NotFoundException in project OpenAM by OpenRock.
the class IdentityServicesImpl method searchIdentityDetails.
/**
* Searches the identity repository to find all identities that match the search criteria and returns them as a
* list of identities.
*
* @param crestQuery A CREST Query object which will contain either a _queryId or a _queryFilter.
* @param searchModifiers The search modifiers
* @param admin Your SSO token.
* @return a list of matching identities.
* @throws ResourceException
*/
public List<IdentityDetails> searchIdentityDetails(CrestQuery crestQuery, Map<String, Set<String>> searchModifiers, SSOToken admin) throws ResourceException {
try {
String realm = "/";
String objectType = "User";
if (searchModifiers != null) {
realm = attractValues("realm", searchModifiers, "/");
objectType = attractValues("objecttype", searchModifiers, "User");
}
AMIdentityRepository repo = getRepo(admin, realm);
IdType idType = getIdType(objectType);
if (idType != null) {
List<AMIdentity> identities = fetchAMIdentities(idType, crestQuery, true, repo, searchModifiers);
List<IdentityDetails> result = new ArrayList<>();
for (AMIdentity identity : identities) {
result.add(convertToIdentityDetails(identity, null));
}
return result;
}
debug.error("IdentityServicesImpl.searchIdentities unsupported IdType " + objectType);
throw new BadRequestException("searchIdentities: unsupported IdType " + objectType);
} catch (IdRepoException e) {
debug.error("IdentityServicesImpl.searchIdentities", e);
throw new InternalServerErrorException(e.getMessage());
} catch (SSOException e) {
debug.error("IdentityServicesImpl.searchIdentities", e);
throw new InternalServerErrorException(e.getMessage());
} catch (ObjectNotFound e) {
debug.error("IdentityServicesImpl.searchIdentities", e);
throw new NotFoundException(e.getMessage());
}
}
Aggregations