use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.
the class RealmResource method deleteInstance.
/**
* {@inheritDoc}
*/
@Override
public Promise<ResourceResponse, ResourceException> deleteInstance(Context context, String resourceId, DeleteRequest request) {
RealmContext realmContext = context.asContext(RealmContext.class);
String realmPath = realmContext.getResolvedRealm();
boolean recursive = false;
ResourceResponse resource;
String holdResourceId = checkForTopLevelRealm(resourceId);
try {
hasPermission(context);
if (holdResourceId != null && !holdResourceId.startsWith("/")) {
holdResourceId = "/" + holdResourceId;
}
if (!realmPath.equalsIgnoreCase("/")) {
holdResourceId = realmPath + holdResourceId;
}
OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), holdResourceId);
ocm.deleteSubOrganization(null, recursive);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
debug.message("RealmResource.deleteInstance :: DELETE of realm " + holdResourceId + " performed by " + principalName);
// handle resource
resource = newResourceResponse(resourceId, "0", createJsonMessage("success", "true"));
return newResultPromise(resource);
} catch (SMSException smse) {
try {
configureErrorMessage(smse);
return new BadRequestException(smse.getMessage(), smse).asPromise();
} catch (NotFoundException nf) {
debug.error("RealmResource.deleteInstance() : Cannot find " + resourceId + ":" + smse);
return nf.asPromise();
} catch (ForbiddenException fe) {
// User does not have authorization
debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
return fe.asPromise();
} catch (PermanentException pe) {
debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
// Cannot recover from this exception
return pe.asPromise();
} catch (ConflictException ce) {
debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
return ce.asPromise();
} catch (BadRequestException be) {
debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
return be.asPromise();
} catch (Exception e) {
return new BadRequestException(e.getMessage(), e).asPromise();
}
} catch (SSOException sso) {
debug.error("RealmResource.updateInstance() : Cannot DELETE " + resourceId + ":" + sso);
return new PermanentException(401, "Access Denied", null).asPromise();
} catch (ForbiddenException fe) {
debug.error("RealmResource.updateInstance() : Cannot DELETE " + resourceId + ":" + fe);
return fe.asPromise();
} catch (Exception e) {
return new BadRequestException(e.getMessage(), e).asPromise();
}
}
use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.
the class IdentityResourceV1 method deleteInstance.
/**
* {@inheritDoc}
*/
@Override
public Promise<ResourceResponse, ResourceException> deleteInstance(final Context context, final String resourceId, final DeleteRequest request) {
RealmContext realmContext = context.asContext(RealmContext.class);
final String realm = realmContext.getResolvedRealm();
JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
ResourceResponse resource;
IdentityDetails dtls;
try {
SSOToken admin = getSSOToken(getCookieFromServerContext(context));
// read to see if resource is available to user
dtls = identityServices.read(resourceId, getIdentityServicesAttributes(realm), admin);
// delete the resource
identityServices.delete(dtls, admin);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
debug.message("IdentityResource.deleteInstance :: DELETE of resourceId={} in realm={} performed by " + "principalName={}", resourceId, realm, principalName);
result.put("success", "true");
resource = newResourceResponse(resourceId, "0", result);
return newResultPromise(resource);
} catch (final NeedMoreCredentials ex) {
debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : User does not have enough" + " privileges.", resourceId, ex);
return new ForbiddenException(resourceId, ex).asPromise();
} catch (final ObjectNotFound notFound) {
debug.error("IdentityResource.deleteInstance() :: Cannot DELETE {} : Resource cannot be found.", resourceId, notFound);
return new NotFoundException("Resource cannot be found.", notFound).asPromise();
} catch (final TokenExpired tokenExpired) {
debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : Unauthorized", resourceId, tokenExpired);
return new PermanentException(401, "Unauthorized", null).asPromise();
} catch (final AccessDenied accessDenied) {
debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : Access denied", resourceId, accessDenied);
return new ForbiddenException(accessDenied).asPromise();
} catch (final GeneralFailure generalFailure) {
debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : general failure", resourceId, generalFailure);
return new BadRequestException(generalFailure.getMessage(), generalFailure).asPromise();
} catch (ForbiddenException ex) {
debug.warning("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={}: User does not have " + "enough privileges.", resourceId, ex);
return new ForbiddenException(resourceId, ex).asPromise();
} catch (NotFoundException notFound) {
debug.warning("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : Resource cannot be found", resourceId, notFound);
return new NotFoundException("Resource cannot be found.", notFound).asPromise();
} catch (ResourceException re) {
debug.warning("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={} : resource failure", resourceId, re);
result.put("success", "false");
resource = newResourceResponse(resourceId, "0", result);
return newResultPromise(resource);
} catch (Exception e) {
debug.error("IdentityResource.deleteInstance() :: Cannot DELETE resourceId={}", resourceId, e);
result.put("success", "false");
resource = newResourceResponse(resourceId, "0", result);
return newResultPromise(resource);
}
}
use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.
the class RealmResource method createInstance.
/**
* {@inheritDoc}
*/
@Override
public Promise<ResourceResponse, ResourceException> createInstance(Context context, CreateRequest request) {
RealmContext realmContext = context.asContext(RealmContext.class);
String realmPath = realmContext.getResolvedRealm();
ResourceResponse resource;
String parentRealm;
String childRealm;
String realm = null;
try {
hasPermission(context);
final JsonValue jVal = request.getContent();
// get the realm
realm = jVal.get("realm").asString();
if (StringUtils.isBlank(realm)) {
realm = request.getNewResourceId();
}
realm = checkForTopLevelRealm(realm);
if (StringUtils.isBlank(realm)) {
throw new BadRequestException("No realm name provided.");
} else if (!realm.startsWith("/")) {
realm = "/" + realm;
}
if (!realmPath.equalsIgnoreCase("/")) {
// build realm to comply with format if not top level
realm = realmPath + realm;
}
parentRealm = RealmUtils.getParentRealm(realm);
childRealm = RealmUtils.getChildRealm(realm);
OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), parentRealm);
Map defaultValues = createServicesMap(jVal);
ocm.createSubOrganization(childRealm, defaultValues);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
debug.message("RealmResource.createInstance :: CREATE of realm " + childRealm + " in realm " + parentRealm + " performed by " + principalName);
// create a resource for handler to return
OrganizationConfigManager realmCreated = new OrganizationConfigManager(getSSOToken(), realm);
resource = newResourceResponse(childRealm, String.valueOf(System.currentTimeMillis()), createJsonMessage("realmCreated", realmCreated.getOrganizationName()));
return newResultPromise(resource);
} catch (SMSException smse) {
debug.error("RealmResource.createInstance() : Cannot find " + realm, smse);
try {
configureErrorMessage(smse);
return new BadRequestException(smse.getMessage(), smse).asPromise();
} catch (NotFoundException nf) {
debug.error("RealmResource.createInstance() : Cannot find " + realm, nf);
return nf.asPromise();
} catch (ForbiddenException fe) {
// User does not have authorization
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
return fe.asPromise();
} catch (PermanentException pe) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
// Cannot recover from this exception
return pe.asPromise();
} catch (ConflictException ce) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, ce);
return ce.asPromise();
} catch (BadRequestException be) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
return be.asPromise();
} catch (Exception e) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, e);
return new BadRequestException(e.getMessage(), e).asPromise();
}
} catch (SSOException sso) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, sso);
return new PermanentException(401, "Access Denied", null).asPromise();
} catch (ForbiddenException fe) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
return fe.asPromise();
} catch (BadRequestException be) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
return be.asPromise();
} catch (PermanentException pe) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
// Cannot recover from this exception
return pe.asPromise();
} catch (Exception e) {
debug.error("RealmResource.createInstance()" + realm + ":" + e);
return new BadRequestException(e.getMessage(), e).asPromise();
}
}
use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.
the class IdentityResourceV1 method actionCollection.
/**
* {@inheritDoc}
*/
@Override
public Promise<ActionResponse, ResourceException> actionCollection(final Context context, final ActionRequest request) {
RealmContext realmContext = context.asContext(RealmContext.class);
final String realm = realmContext.getResolvedRealm();
RestSecurity restSecurity = restSecurityProvider.get(realm);
final String action = request.getAction();
if (action.equalsIgnoreCase("idFromSession")) {
return idFromSession(context, request);
} else if (action.equalsIgnoreCase("register")) {
return createRegistrationEmail(context, request, realm, restSecurity);
} else if (action.equalsIgnoreCase("confirm")) {
return confirmationIdCheck(context, request, realm);
} else if (action.equalsIgnoreCase("anonymousCreate")) {
return anonymousCreate(context, request, realm, restSecurity);
} else if (action.equalsIgnoreCase("forgotPassword")) {
return generateNewPasswordEmail(context, request, realm, restSecurity);
} else if (action.equalsIgnoreCase("forgotPasswordReset")) {
return anonymousUpdate(context, request, realm);
} else {
// for now this is the only case coming in, so fail if otherwise
return new NotSupportedException("Actions are not supported for resource instances").asPromise();
}
}
use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.
the class SmsRealmProvider method handleCreate.
@Override
public Promise<ResourceResponse, ResourceException> handleCreate(Context serverContext, CreateRequest createRequest) {
final JsonValue jsonContent = createRequest.getContent();
final String realmName = jsonContent.get(REALM_NAME_ATTRIBUTE_NAME).asString();
try {
if (StringUtils.isBlank(realmName)) {
throw new BadRequestException("No realm name provided");
}
if (containsBlacklistedCharacters(realmName)) {
throw new BadRequestException("Realm names cannot contain: " + BLACKLIST_CHARACTERS.toString());
}
RealmContext realmContext = serverContext.asContext(RealmContext.class);
StringBuilder realmPath = new StringBuilder(realmContext.getResolvedRealm());
String location = jsonContent.get(new JsonPointer(PATH_ATTRIBUTE_NAME)).asString();
if (realmPath.length() > 1) {
if (realmPath.charAt(realmPath.length() - 1) != '/' && !location.startsWith("/")) {
realmPath.append('/');
}
realmPath.append(location);
} else {
realmPath = new StringBuilder(location);
}
if (realmPath.charAt(realmPath.length() - 1) != '/') {
realmPath.append('/');
}
realmPath.append(realmName);
String path = realmPath.toString();
String parentRealm = RealmUtils.getParentRealm(path);
String childRealm = RealmUtils.getChildRealm(path);
OrganizationConfigManager realmManager = new OrganizationConfigManager(getUserSsoToken(serverContext), parentRealm);
Map<String, Map<String, Set>> serviceAttributes = new HashMap<>();
serviceAttributes.put(IdConstants.REPO_SERVICE, getAttributeMap(jsonContent));
realmManager.createSubOrganization(childRealm, serviceAttributes);
if (debug.messageEnabled()) {
debug.message("RealmResource.createInstance :: CREATE of realm {} in realm {} performed by {}", childRealm, parentRealm, PrincipalRestUtils.getPrincipalNameFromServerContext(serverContext));
}
JsonValue jsonValue = getJsonValue(path, parentRealm);
return newResultPromise(getResource(jsonValue));
} catch (SMSException e) {
return configureErrorMessage(e).asPromise();
} catch (SSOException sso) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realmName, sso);
return new PermanentException(401, "Access Denied", null).asPromise();
} catch (BadRequestException fe) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realmName, fe);
return fe.asPromise();
}
}
Aggregations