Search in sources :

Example 51 with RealmContext

use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.

the class RealmResource method deleteInstance.

/**
     * {@inheritDoc}
     */
@Override
public Promise<ResourceResponse, ResourceException> deleteInstance(Context context, String resourceId, DeleteRequest request) {
    RealmContext realmContext = context.asContext(RealmContext.class);
    String realmPath = realmContext.getResolvedRealm();
    boolean recursive = false;
    ResourceResponse resource;
    String holdResourceId = checkForTopLevelRealm(resourceId);
    try {
        hasPermission(context);
        if (holdResourceId != null && !holdResourceId.startsWith("/")) {
            holdResourceId = "/" + holdResourceId;
        }
        if (!realmPath.equalsIgnoreCase("/")) {
            holdResourceId = realmPath + holdResourceId;
        }
        OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), holdResourceId);
        ocm.deleteSubOrganization(null, recursive);
        String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
        debug.message("RealmResource.deleteInstance :: DELETE of realm " + holdResourceId + " performed by " + principalName);
        // handle resource
        resource = newResourceResponse(resourceId, "0", createJsonMessage("success", "true"));
        return newResultPromise(resource);
    } catch (SMSException smse) {
        try {
            configureErrorMessage(smse);
            return new BadRequestException(smse.getMessage(), smse).asPromise();
        } catch (NotFoundException nf) {
            debug.error("RealmResource.deleteInstance() : Cannot find " + resourceId + ":" + smse);
            return nf.asPromise();
        } catch (ForbiddenException fe) {
            // User does not have authorization
            debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
            return fe.asPromise();
        } catch (PermanentException pe) {
            debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
            // Cannot recover from this exception
            return pe.asPromise();
        } catch (ConflictException ce) {
            debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
            return ce.asPromise();
        } catch (BadRequestException be) {
            debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
            return be.asPromise();
        } catch (Exception e) {
            return new BadRequestException(e.getMessage(), e).asPromise();
        }
    } catch (SSOException sso) {
        debug.error("RealmResource.updateInstance() : Cannot DELETE " + resourceId + ":" + sso);
        return new PermanentException(401, "Access Denied", null).asPromise();
    } catch (ForbiddenException fe) {
        debug.error("RealmResource.updateInstance() : Cannot DELETE " + resourceId + ":" + fe);
        return fe.asPromise();
    } catch (Exception e) {
        return new BadRequestException(e.getMessage(), e).asPromise();
    }
}
Also used : ForbiddenException(org.forgerock.json.resource.ForbiddenException) RealmContext(org.forgerock.openam.rest.RealmContext) SMSException(com.sun.identity.sm.SMSException) ConflictException(org.forgerock.json.resource.ConflictException) NotFoundException(org.forgerock.json.resource.NotFoundException) SSOException(com.iplanet.sso.SSOException) NotFoundException(org.forgerock.json.resource.NotFoundException) BadRequestException(org.forgerock.json.resource.BadRequestException) ConflictException(org.forgerock.json.resource.ConflictException) PermanentException(org.forgerock.json.resource.PermanentException) SMSException(com.sun.identity.sm.SMSException) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) ForbiddenException(org.forgerock.json.resource.ForbiddenException) JsonValueException(org.forgerock.json.JsonValueException) ResourceException(org.forgerock.json.resource.ResourceException) SSOException(com.iplanet.sso.SSOException) Responses.newResourceResponse(org.forgerock.json.resource.Responses.newResourceResponse) ResourceResponse(org.forgerock.json.resource.ResourceResponse) OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager) PermanentException(org.forgerock.json.resource.PermanentException) BadRequestException(org.forgerock.json.resource.BadRequestException)

Example 52 with RealmContext

use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.

the class IdentityResourceV1 method deleteInstance.

/**
     * {@inheritDoc}
     */
@Override
public Promise<ResourceResponse, ResourceException> deleteInstance(final Context context, final String resourceId, final DeleteRequest request) {
    RealmContext realmContext = context.asContext(RealmContext.class);
    final String realm = realmContext.getResolvedRealm();
    JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
    ResourceResponse resource;
    IdentityDetails dtls;
    try {
        SSOToken admin = getSSOToken(getCookieFromServerContext(context));
        // read to see if resource is available to user
        dtls = identityServices.read(resourceId, getIdentityServicesAttributes(realm), admin);
        // delete the resource
        identityServices.delete(dtls, admin);
        String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
        debug.message("IdentityResource.deleteInstance :: DELETE of resourceId={} in realm={} performed by " + "principalName={}", resourceId, realm, principalName);
        result.put("success", "true");
        resource = newResourceResponse(resourceId, "0", result);
        return newResultPromise(resource);
    } catch (final NeedMoreCredentials ex) {
        debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : User does not have enough" + " privileges.", resourceId, ex);
        return new ForbiddenException(resourceId, ex).asPromise();
    } catch (final ObjectNotFound notFound) {
        debug.error("IdentityResource.deleteInstance() :: Cannot DELETE {} : Resource cannot be found.", resourceId, notFound);
        return new NotFoundException("Resource cannot be found.", notFound).asPromise();
    } catch (final TokenExpired tokenExpired) {
        debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : Unauthorized", resourceId, tokenExpired);
        return new PermanentException(401, "Unauthorized", null).asPromise();
    } catch (final AccessDenied accessDenied) {
        debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : Access denied", resourceId, accessDenied);
        return new ForbiddenException(accessDenied).asPromise();
    } catch (final GeneralFailure generalFailure) {
        debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : general failure", resourceId, generalFailure);
        return new BadRequestException(generalFailure.getMessage(), generalFailure).asPromise();
    } catch (ForbiddenException ex) {
        debug.warning("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={}: User does not have " + "enough privileges.", resourceId, ex);
        return new ForbiddenException(resourceId, ex).asPromise();
    } catch (NotFoundException notFound) {
        debug.warning("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : Resource cannot be found", resourceId, notFound);
        return new NotFoundException("Resource cannot be found.", notFound).asPromise();
    } catch (ResourceException re) {
        debug.warning("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : resource failure", resourceId, re);
        result.put("success", "false");
        resource = newResourceResponse(resourceId, "0", result);
        return newResultPromise(resource);
    } catch (Exception e) {
        debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={}", resourceId, e);
        result.put("success", "false");
        resource = newResourceResponse(resourceId, "0", result);
        return newResultPromise(resource);
    }
}
Also used : ForbiddenException(org.forgerock.json.resource.ForbiddenException) IdentityRestUtils.getSSOToken(org.forgerock.openam.core.rest.IdentityRestUtils.getSSOToken) SSOToken(com.iplanet.sso.SSOToken) NeedMoreCredentials(com.sun.identity.idsvcs.NeedMoreCredentials) RealmContext(org.forgerock.openam.rest.RealmContext) IdentityRestUtils.identityDetailsToJsonValue(org.forgerock.openam.core.rest.IdentityRestUtils.identityDetailsToJsonValue) JsonValue(org.forgerock.json.JsonValue) NotFoundException(org.forgerock.json.resource.NotFoundException) ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException) AccessDenied(com.sun.identity.idsvcs.AccessDenied) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) DeleteFailedException(org.forgerock.openam.cts.exceptions.DeleteFailedException) SSOException(com.iplanet.sso.SSOException) NotFoundException(org.forgerock.json.resource.NotFoundException) NotSupportedException(org.forgerock.json.resource.NotSupportedException) BadRequestException(org.forgerock.json.resource.BadRequestException) MessagingException(javax.mail.MessagingException) ConflictException(org.forgerock.json.resource.ConflictException) PermanentException(org.forgerock.json.resource.PermanentException) ForbiddenException(org.forgerock.json.resource.ForbiddenException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException) IdRepoException(com.sun.identity.idm.IdRepoException) SMSException(com.sun.identity.sm.SMSException) ResourceException(org.forgerock.json.resource.ResourceException) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) ResourceResponse(org.forgerock.json.resource.ResourceResponse) ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound) PermanentException(org.forgerock.json.resource.PermanentException) GeneralFailure(com.sun.identity.idsvcs.GeneralFailure) IdentityRestUtils.jsonValueToIdentityDetails(org.forgerock.openam.core.rest.IdentityRestUtils.jsonValueToIdentityDetails) IdentityDetails(com.sun.identity.idsvcs.IdentityDetails) BadRequestException(org.forgerock.json.resource.BadRequestException) TokenExpired(com.sun.identity.idsvcs.TokenExpired) ResourceException(org.forgerock.json.resource.ResourceException)

Example 53 with RealmContext

use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.

the class RealmResource method createInstance.

/**
     * {@inheritDoc}
     */
@Override
public Promise<ResourceResponse, ResourceException> createInstance(Context context, CreateRequest request) {
    RealmContext realmContext = context.asContext(RealmContext.class);
    String realmPath = realmContext.getResolvedRealm();
    ResourceResponse resource;
    String parentRealm;
    String childRealm;
    String realm = null;
    try {
        hasPermission(context);
        final JsonValue jVal = request.getContent();
        // get the realm
        realm = jVal.get("realm").asString();
        if (StringUtils.isBlank(realm)) {
            realm = request.getNewResourceId();
        }
        realm = checkForTopLevelRealm(realm);
        if (StringUtils.isBlank(realm)) {
            throw new BadRequestException("No realm name provided.");
        } else if (!realm.startsWith("/")) {
            realm = "/" + realm;
        }
        if (!realmPath.equalsIgnoreCase("/")) {
            // build realm to comply with format if not top level
            realm = realmPath + realm;
        }
        parentRealm = RealmUtils.getParentRealm(realm);
        childRealm = RealmUtils.getChildRealm(realm);
        OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), parentRealm);
        Map defaultValues = createServicesMap(jVal);
        ocm.createSubOrganization(childRealm, defaultValues);
        String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
        debug.message("RealmResource.createInstance :: CREATE of realm " + childRealm + " in realm " + parentRealm + " performed by " + principalName);
        // create a resource for handler to return
        OrganizationConfigManager realmCreated = new OrganizationConfigManager(getSSOToken(), realm);
        resource = newResourceResponse(childRealm, String.valueOf(System.currentTimeMillis()), createJsonMessage("realmCreated", realmCreated.getOrganizationName()));
        return newResultPromise(resource);
    } catch (SMSException smse) {
        debug.error("RealmResource.createInstance() : Cannot find " + realm, smse);
        try {
            configureErrorMessage(smse);
            return new BadRequestException(smse.getMessage(), smse).asPromise();
        } catch (NotFoundException nf) {
            debug.error("RealmResource.createInstance() : Cannot find " + realm, nf);
            return nf.asPromise();
        } catch (ForbiddenException fe) {
            // User does not have authorization
            debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
            return fe.asPromise();
        } catch (PermanentException pe) {
            debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
            // Cannot recover from this exception
            return pe.asPromise();
        } catch (ConflictException ce) {
            debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, ce);
            return ce.asPromise();
        } catch (BadRequestException be) {
            debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
            return be.asPromise();
        } catch (Exception e) {
            debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, e);
            return new BadRequestException(e.getMessage(), e).asPromise();
        }
    } catch (SSOException sso) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, sso);
        return new PermanentException(401, "Access Denied", null).asPromise();
    } catch (ForbiddenException fe) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
        return fe.asPromise();
    } catch (BadRequestException be) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
        return be.asPromise();
    } catch (PermanentException pe) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
        // Cannot recover from this exception
        return pe.asPromise();
    } catch (Exception e) {
        debug.error("RealmResource.createInstance()" + realm + ":" + e);
        return new BadRequestException(e.getMessage(), e).asPromise();
    }
}
Also used : ForbiddenException(org.forgerock.json.resource.ForbiddenException) RealmContext(org.forgerock.openam.rest.RealmContext) SMSException(com.sun.identity.sm.SMSException) ConflictException(org.forgerock.json.resource.ConflictException) JsonValue(org.forgerock.json.JsonValue) NotFoundException(org.forgerock.json.resource.NotFoundException) SSOException(com.iplanet.sso.SSOException) NotFoundException(org.forgerock.json.resource.NotFoundException) BadRequestException(org.forgerock.json.resource.BadRequestException) ConflictException(org.forgerock.json.resource.ConflictException) PermanentException(org.forgerock.json.resource.PermanentException) SMSException(com.sun.identity.sm.SMSException) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) ForbiddenException(org.forgerock.json.resource.ForbiddenException) JsonValueException(org.forgerock.json.JsonValueException) ResourceException(org.forgerock.json.resource.ResourceException) SSOException(com.iplanet.sso.SSOException) Responses.newResourceResponse(org.forgerock.json.resource.Responses.newResourceResponse) ResourceResponse(org.forgerock.json.resource.ResourceResponse) OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager) PermanentException(org.forgerock.json.resource.PermanentException) BadRequestException(org.forgerock.json.resource.BadRequestException) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map)

Example 54 with RealmContext

use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.

the class IdentityResourceV1 method actionCollection.

/**
     * {@inheritDoc}
     */
@Override
public Promise<ActionResponse, ResourceException> actionCollection(final Context context, final ActionRequest request) {
    RealmContext realmContext = context.asContext(RealmContext.class);
    final String realm = realmContext.getResolvedRealm();
    RestSecurity restSecurity = restSecurityProvider.get(realm);
    final String action = request.getAction();
    if (action.equalsIgnoreCase("idFromSession")) {
        return idFromSession(context, request);
    } else if (action.equalsIgnoreCase("register")) {
        return createRegistrationEmail(context, request, realm, restSecurity);
    } else if (action.equalsIgnoreCase("confirm")) {
        return confirmationIdCheck(context, request, realm);
    } else if (action.equalsIgnoreCase("anonymousCreate")) {
        return anonymousCreate(context, request, realm, restSecurity);
    } else if (action.equalsIgnoreCase("forgotPassword")) {
        return generateNewPasswordEmail(context, request, realm, restSecurity);
    } else if (action.equalsIgnoreCase("forgotPasswordReset")) {
        return anonymousUpdate(context, request, realm);
    } else {
        // for now this is the only case coming in, so fail if otherwise
        return new NotSupportedException("Actions are not supported for resource instances").asPromise();
    }
}
Also used : RealmContext(org.forgerock.openam.rest.RealmContext) RestSecurity(org.forgerock.openam.services.RestSecurity) NotSupportedException(org.forgerock.json.resource.NotSupportedException)

Example 55 with RealmContext

use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.

the class SmsRealmProvider method handleCreate.

@Override
public Promise<ResourceResponse, ResourceException> handleCreate(Context serverContext, CreateRequest createRequest) {
    final JsonValue jsonContent = createRequest.getContent();
    final String realmName = jsonContent.get(REALM_NAME_ATTRIBUTE_NAME).asString();
    try {
        if (StringUtils.isBlank(realmName)) {
            throw new BadRequestException("No realm name provided");
        }
        if (containsBlacklistedCharacters(realmName)) {
            throw new BadRequestException("Realm names cannot contain: " + BLACKLIST_CHARACTERS.toString());
        }
        RealmContext realmContext = serverContext.asContext(RealmContext.class);
        StringBuilder realmPath = new StringBuilder(realmContext.getResolvedRealm());
        String location = jsonContent.get(new JsonPointer(PATH_ATTRIBUTE_NAME)).asString();
        if (realmPath.length() > 1) {
            if (realmPath.charAt(realmPath.length() - 1) != '/' && !location.startsWith("/")) {
                realmPath.append('/');
            }
            realmPath.append(location);
        } else {
            realmPath = new StringBuilder(location);
        }
        if (realmPath.charAt(realmPath.length() - 1) != '/') {
            realmPath.append('/');
        }
        realmPath.append(realmName);
        String path = realmPath.toString();
        String parentRealm = RealmUtils.getParentRealm(path);
        String childRealm = RealmUtils.getChildRealm(path);
        OrganizationConfigManager realmManager = new OrganizationConfigManager(getUserSsoToken(serverContext), parentRealm);
        Map<String, Map<String, Set>> serviceAttributes = new HashMap<>();
        serviceAttributes.put(IdConstants.REPO_SERVICE, getAttributeMap(jsonContent));
        realmManager.createSubOrganization(childRealm, serviceAttributes);
        if (debug.messageEnabled()) {
            debug.message("RealmResource.createInstance :: CREATE of realm {} in realm {} performed by {}", childRealm, parentRealm, PrincipalRestUtils.getPrincipalNameFromServerContext(serverContext));
        }
        JsonValue jsonValue = getJsonValue(path, parentRealm);
        return newResultPromise(getResource(jsonValue));
    } catch (SMSException e) {
        return configureErrorMessage(e).asPromise();
    } catch (SSOException sso) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realmName, sso);
        return new PermanentException(401, "Access Denied", null).asPromise();
    } catch (BadRequestException fe) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realmName, fe);
        return fe.asPromise();
    }
}
Also used : RealmContext(org.forgerock.openam.rest.RealmContext) HashMap(java.util.HashMap) SMSException(com.sun.identity.sm.SMSException) JsonValue(org.forgerock.json.JsonValue) SSOException(com.iplanet.sso.SSOException) JsonPointer(org.forgerock.json.JsonPointer) OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager) PermanentException(org.forgerock.json.resource.PermanentException) BadRequestException(org.forgerock.json.resource.BadRequestException) Map(java.util.Map) HashMap(java.util.HashMap)

Aggregations

RealmContext (org.forgerock.openam.rest.RealmContext)94 ResourceException (org.forgerock.json.resource.ResourceException)63 ResourceResponse (org.forgerock.json.resource.ResourceResponse)58 Context (org.forgerock.services.context.Context)53 Test (org.testng.annotations.Test)53 Subject (javax.security.auth.Subject)42 ClientContext (org.forgerock.services.context.ClientContext)41 SSOTokenContext (org.forgerock.openam.rest.resource.SSOTokenContext)40 JsonValue (org.forgerock.json.JsonValue)35 Matchers.anyString (org.mockito.Matchers.anyString)27 SubjectContext (org.forgerock.openam.rest.resource.SubjectContext)20 BadRequestException (org.forgerock.json.resource.BadRequestException)19 SSOException (com.iplanet.sso.SSOException)17 Application (com.sun.identity.entitlement.Application)16 ForbiddenException (org.forgerock.json.resource.ForbiddenException)16 NotFoundException (org.forgerock.json.resource.NotFoundException)15 PermanentException (org.forgerock.json.resource.PermanentException)15 QueryResourceHandler (org.forgerock.json.resource.QueryResourceHandler)15 ReadRequest (org.forgerock.json.resource.ReadRequest)15 SSOToken (com.iplanet.sso.SSOToken)14