Examples with STSPublishException org.forgerock.openam.sts.STSPublishException used on opensource projects

Example 11 with STSPublishException

use of org.forgerock.openam.sts.STSPublishException in project OpenAM by OpenRock.

the class STSInstanceConfigStoreBase method persistSTSInstance.

/**
     * Persists the STS instance into the SMS.
     * @param stsInstanceId the identifier for the to-be-published sts instance
     * @param realm The realm in which the sts instance should be deployed
     * @param instance The to-be-persisted state.
     * @throws STSPublishException if the SMS encounters a problem during persistence.
     */
@Override
public void persistSTSInstance(String stsInstanceId, String realm, T instance) throws STSPublishException {
    /*
          Note on having to explicitly specify the realm as a parameter, when it could, theoretically, be obtained from the T instance parameter:
          although both the RestSTSInstanceConfig and the SoapSTSInstanceConfig have a DeploymentConfig reference, it is not defined
          in STSInstanceConfig (which would allow it to be referenced in this method), because the SoapSTSInstanceConfig class
          encapsulates a DeploymentConfig subclass, the SoapDeploymentConfig, as some additional deployment information is
          required for a soap deployment. I don't want to declare the DeploymentConfig base in the STSInstanceConfig class, as this
          would require an explicit down-cast in the SoapSTSInstanceConfig, and I don't want to add some generic complexity to
          the STSInstanceConfig class to model DeploymentConfig subclasses - the builder hierarchy in the STSInstanceConfig
          hierarchy is already complicated enough. So the realm parameter is added explicitly, as the calling context knows
          whether it is dealing with a soap or rest sts instance.
         */
    try {
        /*
            Model for code below taken from AMAuthenticationManager.createAuthenticationInstance, as the 'multiple authN module per realm'
            model applies to the STS, and the AMAuthenticationManager seems to implement the SMS persistence concern of these semantics.
             */
        OrganizationConfigManager organizationConfigManager = new OrganizationConfigManager(getAdminToken(), realm);
        Map<String, Set<String>> instanceConfigAttributes = instanceConfigMarshaller.toMap(instance);
        if (!organizationConfigManager.getAssignedServices().contains(serviceName)) {
            organizationConfigManager.assignService(serviceName, null);
        }
        ServiceConfig orgConfig = organizationConfigManager.getServiceConfig(serviceName);
        if (orgConfig == null) {
            orgConfig = organizationConfigManager.addServiceConfig(serviceName, null);
        }
        orgConfig.addSubConfig(stsInstanceId, ISAuthConstants.SERVER_SUBSCHEMA, PRIORITY_ZERO, instanceConfigAttributes);
        if (logger.isDebugEnabled()) {
            logger.debug("Persisted " + restOrSoap() + " sts instance with id " + stsInstanceId + " in realm " + realm);
        }
    } catch (SMSException e) {
        throw new STSPublishException(ResourceException.INTERNAL_ERROR, "Exception caught persisting " + restOrSoap() + " instance " + stsInstanceId + "Exception: " + e, e);
    } catch (SSOException e) {
        throw new STSPublishException(ResourceException.INTERNAL_ERROR, "Exception caught persisting " + restOrSoap() + " instance" + stsInstanceId + "Exception: " + e, e);
    }
}

Example 12 with STSPublishException

use of org.forgerock.openam.sts.STSPublishException in project OpenAM by OpenRock.

the class STSInstanceConfigStoreBase method getPublishedInstances.

@Override
@SuppressWarnings("unchecked")
public List<T> getPublishedInstances(String realm) throws STSPublishException {
    List<T> instances = new ArrayList<>();
    ServiceConfig baseService;
    try {
        baseService = new ServiceConfigManager(serviceName, getAdminToken()).getOrganizationConfig(realm, null);
    } catch (SMSException | SSOException e) {
        throw new STSPublishException(ResourceException.INTERNAL_ERROR, "Could not obtain ServiceConfig instance for realm " + realm + "." + restOrSoap() + " sts instances for this realm cannot be returned from getAllPublishedInstances(String realm). " + "Exception: " + e, e);
    }
    if (baseService != null) {
        Set<String> subConfigNames;
        try {
            subConfigNames = baseService.getSubConfigNames();
        } catch (SMSException e) {
            throw new STSPublishException(ResourceException.INTERNAL_ERROR, "Could not get list of " + restOrSoap() + "sts instances in realm " + realm + ". Exception: " + e, e);
        }
        for (String stsInstanceId : subConfigNames) {
            ServiceConfig instanceService;
            try {
                instanceService = baseService.getSubConfig(stsInstanceId);
            } catch (SSOException | SMSException e) {
                logger.error("Could not get " + restOrSoap() + " sts state for id " + stsInstanceId + " in realm " + realm + ". Exception: " + e);
                continue;
            }
            if (instanceService != null) {
                Map<String, Set<String>> instanceAttrs = instanceService.getAttributes();
                try {
                    instances.add(instanceConfigMarshaller.fromMapAttributes(instanceAttrs));
                } catch (STSPublishException e) {
                    logger.error("Exception caught in getAllPublishedInstances(String realm) marshalling attributes " + "corresponding to sts " + stsInstanceId + " in realm + " + realm + "; Exception: " + e, e);
                }
            } else {
                logger.error("Could not obtain the " + restOrSoap() + " sts state for instance with id " + stsInstanceId + " in realm " + realm);
            }
        }
    } else {
        logger.error("Could not obtain ServiceConfig instance for realm " + realm + "." + restOrSoap() + " sts instances for this realm cannot be returned from getAllPublishedInstances.");
    }
    return instances;
}

Example 13 with STSPublishException

use of org.forgerock.openam.sts.STSPublishException in project OpenAM by OpenRock.

the class RestSTSInstancePublisherImpl method republishExistingInstances.

/**
     * This method is only to be called by the RestSTSSetupListener, which calls it only to re-publish
     * previously-published Rest STS instances during OpenAM startup.
     */
@Override
public void republishExistingInstances() throws STSPublishException {
    /*
        Do not trigger the republish if OpenAM is being installed or upgraded.
         */
    if (AMSetupServlet.isCurrentConfigurationValid()) {
        final List<RestSTSInstanceConfig> publishedInstances = getPublishedInstances();
        for (RestSTSInstanceConfig instanceConfig : publishedInstances) {
            Injector instanceInjector;
            try {
                instanceInjector = Guice.createInjector(new RestSTSInstanceModule(instanceConfig));
            } catch (Exception e) {
                logger.error("Exception caught creating the guice injector in republish corresponding to rest sts " + "instance: " + instanceConfig.toJson() + ". This instance cannot be republished. Exception: " + e);
                continue;
            }
            try {
                publishInstance(instanceConfig, instanceInjector.getInstance(RestSTS.class), true);
                logger.info("Republished Rest STS instance corresponding to config " + instanceConfig.toJson());
            } catch (STSPublishException e) {
                logger.error("Exception caught publishing rest sts " + "instance: " + instanceConfig.toJson() + ". This instance cannot be republished. Exception: " + e);
                continue;
            }
        }
    }
}

Example 14 with STSPublishException

use of org.forgerock.openam.sts.STSPublishException in project OpenAM by OpenRock.

the class PublishServiceConsumerImpl method parseResponse.

/*
    The response is created in SoapSTSPublishServiceRequestHandler#handleQuery.
     */
private Set<SoapSTSInstanceConfig> parseResponse(String response) throws STSPublishException {
    Set<SoapSTSInstanceConfig> instanceConfigs = new HashSet<>();
    JsonValue json;
    try {
        json = JsonValueBuilder.toJsonValue(response);
    } catch (JsonException e) {
        throw new STSPublishException(ResourceException.INTERNAL_ERROR, e.getMessage(), e);
    }
    JsonValue queryResult = json.get(RESULT);
    if (queryResult.isCollection()) {
        int size = queryResult.asCollection().size();
        for (int ndx = 0; ndx < size; ndx++) {
            final SoapSTSInstanceConfig soapSTSInstanceConfig = SoapSTSInstanceConfig.fromJson(queryResult.get(ndx));
            /*
                check for duplicates: duplicates cannot really be present because the combination of realm and deployment
                uri constitutes the identity of the soap-sts instance, and duplicate entries will result in LDAP errors
                when the instance is persisted in the SMS, but paranoia pays...
                 */
            if (!instanceConfigs.add(soapSTSInstanceConfig)) {
                logger.error("The set of published soap-sts instances contains a duplicate!! The duplicate instance: " + queryResult.get(ndx));
            }
        }
        return instanceConfigs;
    } else {
        throw new STSPublishException(ResourceException.INTERNAL_ERROR, "Unexpected state: the query result is not " + "a collection. The query result: " + queryResult.toString());
    }
}

Example 15 with STSPublishException

use of org.forgerock.openam.sts.STSPublishException in project OpenAM by OpenRock.

the class RestSTSPublishServiceListener method handleInstanceModification.

private void handleInstanceModification(String normalizedServiceComponent, String orgName, String serviceComponent) {
    final String logIdentifier = "RestSTSPublishServiceListener#handleInstanceModification";
    String realm = DNMapper.orgNameToRealmName(orgName);
    RestSTSInstanceConfig instanceConfig;
    try {
        instanceConfig = restSTSInstanceConfigStore.getSTSInstanceConfig(normalizedServiceComponent, realm);
    } catch (STSPublishException e) {
        logger.error(logIdentifier + ":could not obtain the modified rest-sts instance " + serviceComponent + " from SMS. " + "This means the updated instance will not be hung off of the CREST router. Exception: " + e);
        return;
    }
    Injector instanceInjector;
    try {
        instanceInjector = createInjector(instanceConfig);
    } catch (ResourceException e) {
        logger.error(logIdentifier + ":could not create injector corresponding to modified rest-sts " + "instance " + serviceComponent + ". The instanceConfig " + instanceConfig.toJson() + "\nThis means the updated instance will not be hung off of the CREST router. Exception: " + e);
        return;
    }
    try {
        instancePublisher.updateInstanceInCrestRouter(instanceConfig.getDeploymentSubPath(), realm, instanceConfig, instanceInjector.getInstance(RestSTS.class));
        logger.info(logIdentifier + ": Successfully hung updated rest-sts instance " + instanceConfig.getDeploymentSubPath() + " off of CREST router.");
    } catch (ResourceException e) {
        logger.error(logIdentifier + ":could not create injector corresponding to updated rest-sts " + "instance " + serviceComponent + ". The instanceConfig " + instanceConfig.toJson() + "\nThis means the updated instance will not be hung off of the CREST router. Exception: " + e);
    }
}