Search in sources :

Example 1 with RestSTSInstanceConfig

use of org.forgerock.openam.sts.rest.config.user.RestSTSInstanceConfig in project OpenAM by OpenRock.

the class RestSTSPublishServiceRequestHandler method handleUpdate.

/*
      * A PUT to the url composed of the publish endpont + the sts instance id with a payload corresponding to a
      * RestSTSInstanceId (wrapped in invocation context information) will result in republishing the existing instance
      * (which is a delete followed by a create).
      */
public Promise<ResourceResponse, ResourceException> handleUpdate(Context context, UpdateRequest request) {
    String stsId = request.getResourcePath();
    String realm = getRealmFromResourceName(request.getResourcePath());
    if (!realmValidator.isRealm(realm)) {
        logger.warn("Update of rest STS instance state for instance " + stsId + " in realm " + realm + " rejected because realm does not exist");
        return new NotFoundException("The specified realm does not exist.").asPromise();
    }
    /*
        Insure that the instance is published before performing an update.
         */
    final boolean publishedToSMS;
    try {
        publishedToSMS = publisher.isInstancePersistedInSMS(stsId, realm);
    } catch (STSPublishException e) {
        logger.error("In RestSTSPublishServiceRequestHandler#handleUpdate, exception caught determining whether " + "instance persisted in SMS. Instance not updated. Exception: " + e, e);
        return e.asPromise();
    }
    final boolean publishedToCrest = publisher.isInstanceExposedInCrest(stsId);
    if (publishedToSMS) {
        if (!publishedToCrest) {
            /*
                Entering this branch would seem to be an error condition. It could possibly happen in a site deployment,
                where a rest sts instance is published to a different server than the current server, and the registered
                ServiceListener was not called when the ldap replication created the service entry on the current server.
                I will log a warning, and still publish the instance, just for robustness.
                 */
            logger.warn("The rest sts instance " + stsId + " in realm " + realm + " is present in the SMS, but " + "has not been hung off of the CREST router. This is an illegal state. The instance will be" + " republished.");
        }
        RestSTSInstanceConfig instanceConfig;
        try {
            instanceConfig = marshalInstanceConfigFromInvocation(request.getContent());
        } catch (BadRequestException e) {
            logger.error("In RestSTSPublishServiceRequestHandler#handleUpdate, exception caught marshalling " + "invocation state to RestSTSInstanceConfig. Instance not updated. The state: " + request.getContent() + "Exception: " + e, e);
            return e.asPromise();
        }
        Injector instanceInjector;
        try {
            instanceInjector = createInjector(instanceConfig);
        } catch (ResourceException e) {
            logger.error("In RestSTSPublishServiceRequestHandler#handleUpdate, exception caught creating an " + "Injector using the RestSTSInstanceConfig. The instance: " + instanceConfig.toJson() + "; Exception: " + e, e);
            return e.asPromise();
        }
        try {
            publisher.updateInstanceInSMS(stsId, realm, instanceConfig, instanceInjector.getInstance(RestSTS.class));
            return newResultPromise(newResourceResponse(instanceConfig.getDeploymentSubPath(), Integer.toString(instanceConfig.hashCode()), json(object(field(RESULT, SUCCESS)))));
        } catch (STSPublishException e) {
            logger.error("In RestSTSPublishServiceRequestHandler#handleUpdate, exception caught removing " + "rest sts instance " + instanceConfig.getDeploymentSubPath() + ". This means instance is" + "in indeterminate state, and has not been updated. The instance config: " + instanceConfig + "; Exception: " + e, e);
            return e.asPromise();
        }
    } else {
        //404 - realm and id not found in SMS
        return new NotFoundException("No rest sts instance with id " + stsId + " in realm " + realm).asPromise();
    }
}
Also used : RestSTSInstanceConfig(org.forgerock.openam.sts.rest.config.user.RestSTSInstanceConfig) Injector(com.google.inject.Injector) STSPublishException(org.forgerock.openam.sts.STSPublishException) NotFoundException(org.forgerock.json.resource.NotFoundException) BadRequestException(org.forgerock.json.resource.BadRequestException) ResourceException(org.forgerock.json.resource.ResourceException) RestSTS(org.forgerock.openam.sts.rest.RestSTS)

Example 2 with RestSTSInstanceConfig

use of org.forgerock.openam.sts.rest.config.user.RestSTSInstanceConfig in project OpenAM by OpenRock.

the class RestSTSPublishServiceRequestHandler method handleCreate.

/*
     This method will be invoked by either a programmatic client, in which case a RestSTSInstanceConfig has emitted
     properly-formatted json, or from the RestSecurityTokenServiceViewBean, in which case the configuration state is
     in the sms-centric Map<String, Set<String>> format. This method needs to be able to handle both invocation types,
     and marshal the invocation state in to a RestSTSInstanceConfig instance either way. It also needs to return an accurate
     error message, so that in the case of RestSecurityTokenServiceViewBean invocation, the user can make appropriate
      corrections to the configuration state.
      */
public Promise<ResourceResponse, ResourceException> handleCreate(Context context, CreateRequest request) {
    final RestSTSInstanceConfig instanceConfig;
    try {
        instanceConfig = marshalInstanceConfigFromInvocation(request.getContent());
    } catch (BadRequestException e) {
        return e.asPromise();
    }
    if (!realmValidator.isRealm(instanceConfig.getDeploymentConfig().getRealm())) {
        logger.warn("Publish of Rest STS instance " + instanceConfig.getDeploymentSubPath() + " to realm " + instanceConfig.getDeploymentConfig().getRealm() + " rejected because realm does not exist.");
        return new NotFoundException("The specified realm does not exist.").asPromise();
    }
    Injector instanceInjector;
    try {
        instanceInjector = createInjector(instanceConfig);
    } catch (ResourceException e) {
        return e.asPromise();
    }
    return publishInstance(instanceConfig, instanceInjector);
}
Also used : RestSTSInstanceConfig(org.forgerock.openam.sts.rest.config.user.RestSTSInstanceConfig) Injector(com.google.inject.Injector) BadRequestException(org.forgerock.json.resource.BadRequestException) NotFoundException(org.forgerock.json.resource.NotFoundException) ResourceException(org.forgerock.json.resource.ResourceException)

Example 3 with RestSTSInstanceConfig

use of org.forgerock.openam.sts.rest.config.user.RestSTSInstanceConfig in project OpenAM by OpenRock.

the class RestSTSPublishServiceListener method handleInstanceCreation.

private void handleInstanceCreation(String normalizedServiceComponent, String orgName, String serviceComponent) {
    final String logIdentifier = "RestSTSPublishServiceListener#handleInstanceCreation";
    if (StringUtils.isBlank(normalizedServiceComponent)) {
        logger.warn("In RestSTSPublishServiceListener#handleInstanceCreation, the normalized name of the rest-sts service for " + "which the creation event was received is blank. The un-normalized name: " + serviceComponent + ". This happens " + "the first time a rest-sts instance is published in a newly-created realm, as the first step in this creation " + "is the addition of a new service configuration object for this subrealm, which also triggers the invocation " + "of this listener. If this message is appearing after the first creation of a rest-sts instance in a new realm, " + "then something is wrong.");
        return;
    }
    if (!instancePublisher.isInstanceExposedInCrest(normalizedServiceComponent)) {
        String realm = DNMapper.orgNameToRealmName(orgName);
        RestSTSInstanceConfig createdInstance;
        try {
            createdInstance = restSTSInstanceConfigStore.getSTSInstanceConfig(normalizedServiceComponent, realm);
        } catch (STSPublishException e) {
            logger.error(logIdentifier + ":could not obtain newly created rest-sts instance " + serviceComponent + " from SMS. " + "This means this instance will not be hung off of the CREST router. Exception: " + e);
            return;
        }
        Injector instanceInjector;
        try {
            instanceInjector = createInjector(createdInstance);
        } catch (ResourceException e) {
            logger.error(logIdentifier + ":could not create injector corresponding to newly created rest-sts " + "instance " + serviceComponent + ". The instanceConfig " + createdInstance.toJson() + "\nThis means this instance will not be hung off of the CREST router. Exception: " + e);
            return;
        }
        try {
            instancePublisher.publishInstance(createdInstance, instanceInjector.getInstance(RestSTS.class), REPUBLISH_INSTANCE);
            logger.info(logIdentifier + ": Successfully hung rest-sts instance " + createdInstance.getDeploymentSubPath() + " published at another server in the site deployment off of CREST router.");
        } catch (ResourceException e) {
            logger.error(logIdentifier + ":could not create injector corresponding to newly created rest-sts " + "instance " + serviceComponent + ". The instanceConfig " + createdInstance.toJson() + "\nThis means this instance will not be hung off of the CREST router. Exception: " + e);
        }
    }
}
Also used : RestSTSInstanceConfig(org.forgerock.openam.sts.rest.config.user.RestSTSInstanceConfig) Injector(com.google.inject.Injector) STSPublishException(org.forgerock.openam.sts.STSPublishException) ResourceException(org.forgerock.json.resource.ResourceException) RestSTS(org.forgerock.openam.sts.rest.RestSTS)

Example 4 with RestSTSInstanceConfig

use of org.forgerock.openam.sts.rest.config.user.RestSTSInstanceConfig in project OpenAM by OpenRock.

the class RestSTSInstancePublisherImpl method republishExistingInstances.

/**
     * This method is only to be called by the RestSTSSetupListener, which calls it only to re-publish
     * previously-published Rest STS instances during OpenAM startup.
     */
@Override
public void republishExistingInstances() throws STSPublishException {
    /*
        Do not trigger the republish if OpenAM is being installed or upgraded.
         */
    if (AMSetupServlet.isCurrentConfigurationValid()) {
        final List<RestSTSInstanceConfig> publishedInstances = getPublishedInstances();
        for (RestSTSInstanceConfig instanceConfig : publishedInstances) {
            Injector instanceInjector;
            try {
                instanceInjector = Guice.createInjector(new RestSTSInstanceModule(instanceConfig));
            } catch (Exception e) {
                logger.error("Exception caught creating the guice injector in republish corresponding to rest sts " + "instance: " + instanceConfig.toJson() + ". This instance cannot be republished. Exception: " + e);
                continue;
            }
            try {
                publishInstance(instanceConfig, instanceInjector.getInstance(RestSTS.class), true);
                logger.info("Republished Rest STS instance corresponding to config " + instanceConfig.toJson());
            } catch (STSPublishException e) {
                logger.error("Exception caught publishing rest sts " + "instance: " + instanceConfig.toJson() + ". This instance cannot be republished. Exception: " + e);
                continue;
            }
        }
    }
}
Also used : RestSTSInstanceModule(org.forgerock.openam.sts.rest.config.RestSTSInstanceModule) RestSTSInstanceConfig(org.forgerock.openam.sts.rest.config.user.RestSTSInstanceConfig) Injector(com.google.inject.Injector) STSPublishException(org.forgerock.openam.sts.STSPublishException) RestSTS(org.forgerock.openam.sts.rest.RestSTS) STSInitializationException(org.forgerock.openam.sts.STSInitializationException) ResourceException(org.forgerock.json.resource.ResourceException) STSPublishException(org.forgerock.openam.sts.STSPublishException)

Example 5 with RestSTSInstanceConfig

use of org.forgerock.openam.sts.rest.config.user.RestSTSInstanceConfig in project OpenAM by OpenRock.

the class RestSTSPublishServiceListener method handleInstanceModification.

private void handleInstanceModification(String normalizedServiceComponent, String orgName, String serviceComponent) {
    final String logIdentifier = "RestSTSPublishServiceListener#handleInstanceModification";
    String realm = DNMapper.orgNameToRealmName(orgName);
    RestSTSInstanceConfig instanceConfig;
    try {
        instanceConfig = restSTSInstanceConfigStore.getSTSInstanceConfig(normalizedServiceComponent, realm);
    } catch (STSPublishException e) {
        logger.error(logIdentifier + ":could not obtain the modified rest-sts instance " + serviceComponent + " from SMS. " + "This means the updated instance will not be hung off of the CREST router. Exception: " + e);
        return;
    }
    Injector instanceInjector;
    try {
        instanceInjector = createInjector(instanceConfig);
    } catch (ResourceException e) {
        logger.error(logIdentifier + ":could not create injector corresponding to modified rest-sts " + "instance " + serviceComponent + ". The instanceConfig " + instanceConfig.toJson() + "\nThis means the updated instance will not be hung off of the CREST router. Exception: " + e);
        return;
    }
    try {
        instancePublisher.updateInstanceInCrestRouter(instanceConfig.getDeploymentSubPath(), realm, instanceConfig, instanceInjector.getInstance(RestSTS.class));
        logger.info(logIdentifier + ": Successfully hung updated rest-sts instance " + instanceConfig.getDeploymentSubPath() + " off of CREST router.");
    } catch (ResourceException e) {
        logger.error(logIdentifier + ":could not create injector corresponding to updated rest-sts " + "instance " + serviceComponent + ". The instanceConfig " + instanceConfig.toJson() + "\nThis means the updated instance will not be hung off of the CREST router. Exception: " + e);
    }
}
Also used : RestSTSInstanceConfig(org.forgerock.openam.sts.rest.config.user.RestSTSInstanceConfig) Injector(com.google.inject.Injector) STSPublishException(org.forgerock.openam.sts.STSPublishException) ResourceException(org.forgerock.json.resource.ResourceException) RestSTS(org.forgerock.openam.sts.rest.RestSTS)

Aggregations

RestSTSInstanceConfig (org.forgerock.openam.sts.rest.config.user.RestSTSInstanceConfig)9 Injector (com.google.inject.Injector)5 ResourceException (org.forgerock.json.resource.ResourceException)5 STSPublishException (org.forgerock.openam.sts.STSPublishException)5 RestSTS (org.forgerock.openam.sts.rest.RestSTS)4 NotFoundException (org.forgerock.json.resource.NotFoundException)3 BeforeTest (org.testng.annotations.BeforeTest)3 Test (org.testng.annotations.Test)3 BadRequestException (org.forgerock.json.resource.BadRequestException)2 STSInitializationException (org.forgerock.openam.sts.STSInitializationException)1 RestSTSInstanceModule (org.forgerock.openam.sts.rest.config.RestSTSInstanceModule)1 JsonObject (org.forgerock.openam.utils.JsonObject)1