Example 1 with ApplicationService
use of org.forgerock.openam.entitlement.service.ApplicationService in project OpenAM by OpenRock.
the class PrivilegeManager method validate.
/**
* Validates the passed policy.
*
* @param privilege
* the policy instance
*
* @throws EntitlementException
* should validator fail
*/
protected void validate(Privilege privilege) throws EntitlementException {
final String pName = privilege.getName();
if (pName == null || pName.trim().isEmpty()) {
throw new EntitlementException(EntitlementException.EMPTY_PRIVILEGE_NAME);
}
final Entitlement entitlement = privilege.getEntitlement();
if (entitlement == null) {
throw new EntitlementException(EntitlementException.NULL_ENTITLEMENT);
}
privilege.validateSubject(privilege.getSubject());
ApplicationService applicationService = applicationServiceFactory.create(adminSubject, realm);
Application application = applicationService.getApplication(entitlement.getApplicationName());
if (application == null) {
throw new EntitlementException(EntitlementException.APP_RETRIEVAL_ERROR, realm);
}
if (CollectionUtils.isEmpty(application.getResourceTypeUuids())) {
if (StringUtils.isNotEmpty(privilege.getResourceTypeUuid())) {
throw new EntitlementException(EntitlementException.NO_RESOURCE_TYPE_EXPECTED);
}
// If no resource types have been defined then the following resource type validation is irrelevant.
return;
}
if (!application.getResourceTypeUuids().contains(privilege.getResourceTypeUuid())) {
throw new EntitlementException(EntitlementException.POLICY_DEFINES_INVALID_RESOURCE_TYPE, privilege.getResourceTypeUuid());
}
final ResourceType resourceType = resourceTypeService.getResourceType(superAdminSubject, realm, privilege.getResourceTypeUuid());
if (resourceType == null) {
throw new EntitlementException(EntitlementException.NO_SUCH_RESOURCE_TYPE, privilege.getResourceTypeUuid(), realm);
}
validator.verifyActions(entitlement.getActionValues().keySet()).against(resourceType).throwExceptionIfFailure();
validator.verifyResources(entitlement.getResourceNames()).using(entitlement.getResourceComparator(superAdminSubject, realm)).against(resourceType).throwExceptionIfFailure();
}
Also used :
ResourceType(org.forgerock.openam.entitlement.ResourceType)
ApplicationService(org.forgerock.openam.entitlement.service.ApplicationService)
Example 2 with ApplicationService
use of org.forgerock.openam.entitlement.service.ApplicationService in project OpenAM by OpenRock.
the class ApplicationV1Filter method filterUpdate.
/**
* Update expects the application json to contain both actions and resources; these attributes are part of the old
* json definition for an application. It also expects that the mentioned application exists with exactly one
* resource type - no resource types or many resource types is not acceptable, else it is impossible to determine
* which resource type applies to the set of actions and resources being passed as part of the application json.
* <p/>
* Changes to the actions and/or resources will be reflected in the applications associated resource type.
*
* @param context
* the filter chain context
* @param request
* the update request
* @param next
* a request handler representing the remainder of the filter chain
*/
@Override
public Promise<ResourceResponse, ResourceException> filterUpdate(final Context context, final UpdateRequest request, final RequestHandler next) {
final JsonValue jsonValue = request.getContent();
final Map<String, Boolean> actions = jsonValue.get(ACTIONS).asMap(Boolean.class);
final Set<String> resources = jsonValue.get(RESOURCES).asSet(String.class);
final String bodyRealm = jsonValue.get(REALM).asString();
final String pathRealm = contextHelper.getRealm(context);
if (actions == null) {
return new BadRequestException("Invalid actions defined in request").asPromise();
}
if (resources == null) {
return new BadRequestException("Invalid resources defined in request").asPromise();
}
if (!pathRealm.equals(bodyRealm)) {
return resourceErrorHandler.handleError(context, request, new EntitlementException(EntitlementException.INVALID_APP_REALM, new String[] { bodyRealm, pathRealm })).asPromise();
}
final Subject callingSubject = contextHelper.getSubject(context);
final String applicationName = request.getResourcePath();
try {
final ApplicationService applicationService = applicationServiceFactory.create(callingSubject, pathRealm);
final Application application = applicationService.getApplication(applicationName);
if (application == null) {
return new NotFoundException("Unable to find application " + applicationName).asPromise();
}
if (application.getResourceTypeUuids().size() != 1) {
return new BadRequestException("Cannot modify application with more than one " + "resource type using version 1.0 of this endpoint").asPromise();
}
// Retrieve the resource type from the applications single resource type.
final String resourceTypeUuid = application.getResourceTypeUuids().iterator().next();
ResourceType resourceType = resourceTypeService.getResourceType(callingSubject, pathRealm, resourceTypeUuid);
boolean resourceTypeModified = false;
if (!actions.equals(resourceType.getActions())) {
resourceTypeModified = true;
resourceType = resourceType.populatedBuilder().setActions(actions).build();
}
if (!resources.equals(resourceType.getPatterns())) {
resourceTypeModified = true;
resourceType = resourceType.populatedBuilder().setPatterns(resources).build();
}
if (resourceTypeModified) {
resourceTypeService.updateResourceType(callingSubject, pathRealm, resourceType);
}
// Ensure the resource type UUID isn't lost.
jsonValue.put(RESOURCE_TYPE_UUIDS, new HashSet<String>(Arrays.asList(resourceTypeUuid)));
} catch (EntitlementException eE) {
debug.error("Error filtering application update CREST request", eE);
return resourceErrorHandler.handleError(context, request, eE).asPromise();
}
// Forward onto next handler.
return applicationTransformer.transform(next.handleUpdate(context, request), context);
}
Also used :
JsonValue(org.forgerock.json.JsonValue)
NotFoundException(org.forgerock.json.resource.NotFoundException)
ResourceType(org.forgerock.openam.entitlement.ResourceType)
Subject(javax.security.auth.Subject)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
BadRequestException(org.forgerock.json.resource.BadRequestException)
Application(com.sun.identity.entitlement.Application)
ApplicationService(org.forgerock.openam.entitlement.service.ApplicationService)
Example 3 with ApplicationService
use of org.forgerock.openam.entitlement.service.ApplicationService in project OpenAM by OpenRock.
the class PolicyV1Filter method retrieveResourceType.
/**
* Retrieves the resource type Id from the containing application
* and sets it within the policies' JSON representation.
*
* @param jsonValue
* the policies' JSON representation
* @param callingSubject
* the calling subject
* @param realm
* the realm
*
* @throws EntitlementException
* should some policy error occur
* @throws ResourceException
* should some violation occur that doesn't satisfy policy v1.0
*/
private void retrieveResourceType(JsonValue jsonValue, Subject callingSubject, String realm) throws EntitlementException, ResourceException {
final String applicationName = jsonValue.get("applicationName").asString();
if (applicationName == null) {
throw new BadRequestException("Invalid application name defined in request");
}
final ApplicationService applicationService = applicationServiceFactory.create(callingSubject, realm);
final Application application = applicationService.getApplication(applicationName);
if (application == null) {
throw new NotFoundException("Unable to find application " + applicationName);
}
if (application.getResourceTypeUuids().size() != 1) {
throw new BadRequestException("Cannot create policy under an application with more than " + "one resource type using version 1.0 of this endpoint");
}
// Retrieve the resource type from the applications single resource type.
final String resourceTypeUuid = application.getResourceTypeUuids().iterator().next();
jsonValue.put(RESOURCE_TYPE_UUID, resourceTypeUuid);
}
Also used :
BadRequestException(org.forgerock.json.resource.BadRequestException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
Application(com.sun.identity.entitlement.Application)
ApplicationService(org.forgerock.openam.entitlement.service.ApplicationService)
Aggregations
ApplicationService (org.forgerock.openam.entitlement.service.ApplicationService)3
Application (com.sun.identity.entitlement.Application)2
BadRequestException (org.forgerock.json.resource.BadRequestException)2
NotFoundException (org.forgerock.json.resource.NotFoundException)2
ResourceType (org.forgerock.openam.entitlement.ResourceType)2
EntitlementException (com.sun.identity.entitlement.EntitlementException)1
Subject (javax.security.auth.Subject)1
JsonValue (org.forgerock.json.JsonValue)1
