Search in sources :

Example 6 with Promise

use of org.forgerock.util.promise.Promise in project OpenAM by OpenRock.

the class ResourceSetService method getResourceSets.

/**
     * Queries resource sets across the resource set store and UMA policy store.
     *
     * @param context             The context.
     * @param realm               The realm.
     * @param query               The aggregated query.
     * @param resourceOwnerId     The resource owner id.
     * @param augmentWithPolicies {@code true} to pull in UMA policies into the resource set.
     * @return A Promise containing the Resource Sets or a ResourceException.
     */
Promise<Collection<ResourceSetDescription>, ResourceException> getResourceSets(final Context context, String realm, final ResourceSetWithPolicyQuery query, final String resourceOwnerId, final boolean augmentWithPolicies) {
    final Set<ResourceSetDescription> resourceSets;
    try {
        resourceSets = new ResourceSetSharedFilter(this, resourceOwnerId, realm).filter(resourceSetStoreFactory.create(realm).query(query.getResourceSetQuery()));
    } catch (ServerException e) {
        return new InternalServerErrorException(e).asPromise();
    }
    QueryRequest policyQuery = newQueryRequest("").setQueryId("searchAll");
    policyQuery.setQueryFilter(QueryFilter.<JsonPointer>alwaysTrue());
    return getSharedResourceSets(context, policyQuery, resourceOwnerId).thenAsync(new AsyncFunction<Set<ResourceSetDescription>, Collection<ResourceSetDescription>, ResourceException>() {

        @Override
        public Promise<Collection<ResourceSetDescription>, ResourceException> apply(final Set<ResourceSetDescription> sharedResourceSets) {
            //combine the owned ResourceSets with the shared ones, then filter based on the query
            sharedResourceSets.addAll(resourceSets);
            final Collection<ResourceSetDescription> filteredResourceSets = filterPolicies(resourceSets, query);
            Promise<Collection<ResourceSetDescription>, ResourceException> resourceSetsPromise;
            if (query.getPolicyQuery() != null) {
                QueryRequest policyQuery = newQueryRequest("").setQueryFilter(query.getPolicyQuery());
                resourceSetsPromise = policyService.queryPolicies(context, policyQuery).thenAsync(new AsyncFunction<Pair<QueryResponse, Collection<UmaPolicy>>, Collection<ResourceSetDescription>, ResourceException>() {

                    @Override
                    public Promise<Collection<ResourceSetDescription>, ResourceException> apply(Pair<QueryResponse, Collection<UmaPolicy>> result) throws ResourceException {
                        try {
                            return newResultPromise(combine(context, query, filteredResourceSets, result.getSecond(), augmentWithPolicies, resourceOwnerId));
                        } catch (org.forgerock.oauth2.core.exceptions.NotFoundException e) {
                            return new InternalServerErrorException(e).asPromise();
                        } catch (ServerException e) {
                            return new InternalServerErrorException(e).asPromise();
                        }
                    }
                });
            } else {
                if (augmentWithPolicies) {
                    List<Promise<ResourceSetDescription, ResourceException>> promises = new ArrayList<>();
                    PromiseImpl<ResourceSetDescription, ResourceException> kicker = PromiseImpl.create();
                    promises.add(kicker);
                    for (ResourceSetDescription resourceSet : filteredResourceSets) {
                        promises.add(augmentWithPolicy(context, resourceSet.getId(), resourceSet));
                    }
                    resourceSetsPromise = Promises.when(promises).thenAsync(new AsyncFunction<List<ResourceSetDescription>, Collection<ResourceSetDescription>, ResourceException>() {

                        @Override
                        public Promise<Collection<ResourceSetDescription>, ResourceException> apply(List<ResourceSetDescription> resourceSets) {
                            Collection<ResourceSetDescription> resourceSetDescriptions = new HashSet<>();
                            for (ResourceSetDescription rs : filteredResourceSets) {
                                if (rs != null) {
                                    resourceSetDescriptions.add(rs);
                                }
                            }
                            return newResultPromise(resourceSetDescriptions);
                        }
                    });
                    kicker.handleResult(null);
                } else {
                    resourceSetsPromise = newResultPromise(filteredResourceSets);
                }
            }
            return resourceSetsPromise;
        }
    });
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription) ResourceException(org.forgerock.json.resource.ResourceException) List(java.util.List) ArrayList(java.util.ArrayList) UmaPolicy(org.forgerock.openam.uma.UmaPolicy) Pair(org.forgerock.util.Pair) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) Requests.newQueryRequest(org.forgerock.json.resource.Requests.newQueryRequest) QueryRequest(org.forgerock.json.resource.QueryRequest) PromiseImpl(org.forgerock.util.promise.PromiseImpl) ResourceSetSharedFilter(org.forgerock.openam.uma.ResourceSetSharedFilter) Promises.newResultPromise(org.forgerock.util.promise.Promises.newResultPromise) Promise(org.forgerock.util.promise.Promise) QueryResponse(org.forgerock.json.resource.QueryResponse) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) Collection(java.util.Collection)

Example 7 with Promise

use of org.forgerock.util.promise.Promise in project OpenAM by OpenRock.

the class UmaPolicyServiceImpl method queryPolicies.

/**
     * {@inheritDoc}
     */
@Override
public Promise<Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException> queryPolicies(final Context context, final QueryRequest umaQueryRequest) {
    if (umaQueryRequest.getQueryExpression() != null) {
        return new BadRequestException("Query expressions not supported").asPromise();
    }
    QueryRequest request = Requests.newQueryRequest("");
    final AggregateQuery<QueryFilter<JsonPointer>, QueryFilter<JsonPointer>> filter = umaQueryRequest.getQueryFilter().accept(new AggregateUmaPolicyQueryFilter(), new AggregateQuery<QueryFilter<JsonPointer>, QueryFilter<JsonPointer>>());
    String queryId = umaQueryRequest.getQueryId();
    if (queryId != null && queryId.equals("searchAll")) {
        request.setQueryFilter(QueryFilter.<JsonPointer>alwaysTrue());
    } else {
        String resourceOwnerUid = getResourceOwnerUid(context);
        if (filter.getFirstQuery() == null) {
            request.setQueryFilter(QueryFilter.equalTo(new JsonPointer("createdBy"), resourceOwnerUid));
        } else {
            request.setQueryFilter(QueryFilter.and(QueryFilter.equalTo(new JsonPointer("createdBy"), resourceOwnerUid), filter.getFirstQuery()));
        }
    }
    return policyResourceDelegate.queryPolicies(context, request).thenAsync(new AsyncFunction<Pair<QueryResponse, List<ResourceResponse>>, Collection<UmaPolicy>, ResourceException>() {

        @Override
        public Promise<Collection<UmaPolicy>, ResourceException> apply(Pair<QueryResponse, List<ResourceResponse>> value) {
            Map<String, Set<ResourceResponse>> policyMapping = new HashMap<>();
            for (ResourceResponse policy : value.getSecond()) {
                String resource = policy.getContent().get("resources").asList(String.class).get(0);
                if (!resource.startsWith(UMA_POLICY_SCHEME)) {
                    continue;
                }
                resource = resource.replaceFirst(UMA_POLICY_SCHEME, "");
                if (resource.indexOf(":") > 0) {
                    resource = resource.substring(0, resource.indexOf(":"));
                }
                Set<ResourceResponse> mapping = policyMapping.get(resource);
                if (mapping == null) {
                    mapping = new HashSet<>();
                    policyMapping.put(resource, mapping);
                }
                mapping.add(policy);
            }
            try {
                Collection<UmaPolicy> umaPolicies = new HashSet<>();
                for (Map.Entry<String, Set<ResourceResponse>> entry : policyMapping.entrySet()) {
                    ResourceSetDescription resourceSet = getResourceSetDescription(entry.getKey(), context);
                    UmaPolicy umaPolicy = UmaPolicy.fromUnderlyingPolicies(resourceSet, entry.getValue());
                    resolveUIDToUsername(umaPolicy.asJson());
                    umaPolicies.add(umaPolicy);
                }
                return newResultPromise(umaPolicies);
            } catch (ResourceException e) {
                return e.asPromise();
            }
        }
    }).thenAsync(new AsyncFunction<Collection<UmaPolicy>, Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException>() {

        @Override
        public Promise<Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException> apply(Collection<UmaPolicy> policies) {
            Collection<UmaPolicy> results = policies;
            if (filter.getSecondQuery() != null) {
                PolicySearch search = filter.getSecondQuery().accept(new UmaPolicyQueryFilterVisitor(), new PolicySearch(policies));
                if (AggregateQuery.Operator.AND.equals(filter.getOperator())) {
                    results.retainAll(search.getPolicies());
                }
            }
            int pageSize = umaQueryRequest.getPageSize();
            String pagedResultsCookie = umaQueryRequest.getPagedResultsCookie();
            int pagedResultsOffset = umaQueryRequest.getPagedResultsOffset();
            Collection<UmaPolicy> pagedPolicies = new HashSet<UmaPolicy>();
            int count = 0;
            for (UmaPolicy policy : results) {
                if (count >= pagedResultsOffset * pageSize) {
                    pagedPolicies.add(policy);
                }
                count++;
            }
            int remainingPagedResults = results.size() - pagedPolicies.size();
            if (pageSize > 0) {
                remainingPagedResults /= pageSize;
            }
            return newResultPromise(Pair.of(newQueryResponse(pagedResultsCookie, CountPolicy.EXACT, remainingPagedResults), pagedPolicies));
        }
    });
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) JsonPointer(org.forgerock.json.JsonPointer) AsyncFunction(org.forgerock.util.AsyncFunction) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription) List(java.util.List) ArrayList(java.util.ArrayList) ResourceException(org.forgerock.json.resource.ResourceException) PolicySearch(org.forgerock.openam.uma.PolicySearch) UmaPolicy(org.forgerock.openam.uma.UmaPolicy) Pair(org.forgerock.util.Pair) HashSet(java.util.HashSet) UmaPolicyQueryFilterVisitor(org.forgerock.openam.uma.UmaPolicyQueryFilterVisitor) QueryRequest(org.forgerock.json.resource.QueryRequest) Promise(org.forgerock.util.promise.Promise) QueryFilter(org.forgerock.util.query.QueryFilter) ResourceResponse(org.forgerock.json.resource.ResourceResponse) Responses.newQueryResponse(org.forgerock.json.resource.Responses.newQueryResponse) QueryResponse(org.forgerock.json.resource.QueryResponse) BadRequestException(org.forgerock.json.resource.BadRequestException) Collection(java.util.Collection) Map(java.util.Map) HashMap(java.util.HashMap)

Example 8 with Promise

use of org.forgerock.util.promise.Promise in project OpenAM by OpenRock.

the class AuditRestRouteProvider method addResourceRoutes.

@Override
public void addResourceRoutes(ResourceRouter rootRouter, ResourceRouter realmRouter) {
    rootRouter.route("global-audit").auditAs(AUDIT, AuditEndpointAuditFilter.class).authorizeWith(SpecialOrAdminOrAgentAuthzModule.class).forVersion(1).toRequestHandler(STARTS_WITH, auditServiceProvider.getDefaultAuditService());
    rootRouter.route("realm-audit").auditAs(AUDIT, AuditEndpointAuditFilter.class).authorizeWith(SpecialOrAdminOrAgentAuthzModule.class).forVersion(1).through(RealmContextFilter.class).toRequestHandler(STARTS_WITH, new RequestHandler() {

        @Override
        public Promise<ActionResponse, ResourceException> handleAction(Context context, ActionRequest actionRequest) {
            return getAuditService(context).handleAction(context, actionRequest);
        }

        @Override
        public Promise<ResourceResponse, ResourceException> handleCreate(Context context, CreateRequest createRequest) {
            return getAuditService(context).handleCreate(context, createRequest);
        }

        @Override
        public Promise<ResourceResponse, ResourceException> handleDelete(Context context, DeleteRequest deleteRequest) {
            return getAuditService(context).handleDelete(context, deleteRequest);
        }

        @Override
        public Promise<ResourceResponse, ResourceException> handlePatch(Context context, PatchRequest patchRequest) {
            return getAuditService(context).handlePatch(context, patchRequest);
        }

        @Override
        public Promise<QueryResponse, ResourceException> handleQuery(Context context, QueryRequest queryRequest, QueryResourceHandler queryResourceHandler) {
            return getAuditService(context).handleQuery(context, queryRequest, queryResourceHandler);
        }

        @Override
        public Promise<ResourceResponse, ResourceException> handleRead(Context context, ReadRequest readRequest) {
            return getAuditService(context).handleRead(context, readRequest);
        }

        @Override
        public Promise<ResourceResponse, ResourceException> handleUpdate(Context context, UpdateRequest updateRequest) {
            return getAuditService(context).handleUpdate(context, updateRequest);
        }

        private AMAuditService getAuditService(Context context) {
            String realm = context.asContext(RealmContext.class).getResolvedRealm();
            if (StringUtils.isEmpty(realm)) {
                logger.warn("Context contained RealmContext but had an empty resolved realm");
                return auditServiceProvider.getDefaultAuditService();
            }
            return auditServiceProvider.getAuditService(realm);
        }
    });
}
Also used : RealmContext(org.forgerock.openam.rest.RealmContext) Context(org.forgerock.services.context.Context) QueryRequest(org.forgerock.json.resource.QueryRequest) AuditEndpointAuditFilter(org.forgerock.openam.rest.fluent.AuditEndpointAuditFilter) UpdateRequest(org.forgerock.json.resource.UpdateRequest) CreateRequest(org.forgerock.json.resource.CreateRequest) AMAuditService(org.forgerock.openam.audit.AMAuditService) PatchRequest(org.forgerock.json.resource.PatchRequest) Promise(org.forgerock.util.promise.Promise) RequestHandler(org.forgerock.json.resource.RequestHandler) ActionRequest(org.forgerock.json.resource.ActionRequest) RealmContextFilter(org.forgerock.openam.rest.RealmContextFilter) SpecialOrAdminOrAgentAuthzModule(org.forgerock.openam.rest.authz.SpecialOrAdminOrAgentAuthzModule) QueryResourceHandler(org.forgerock.json.resource.QueryResourceHandler) DeleteRequest(org.forgerock.json.resource.DeleteRequest) ReadRequest(org.forgerock.json.resource.ReadRequest)

Example 9 with Promise

use of org.forgerock.util.promise.Promise in project OpenAM by OpenRock.

the class IdentityResourceV2 method createInstance.

/**
     * {@inheritDoc}
     */
@Override
public Promise<ResourceResponse, ResourceException> createInstance(final Context context, final CreateRequest request) {
    RealmContext realmContext = context.asContext(RealmContext.class);
    final String realm = realmContext.getResolvedRealm();
    try {
        // anyone can create an account add
        SSOToken admin = getSSOToken(getCookieFromServerContext(context));
        final JsonValue jVal = request.getContent();
        String resourceId = request.getNewResourceId();
        IdentityDetails identity = jsonValueToIdentityDetails(objectType, jVal, realm);
        // check to see if request has included resource ID
        if (resourceId != null) {
            if (identity.getName() != null) {
                if (!resourceId.equalsIgnoreCase(identity.getName())) {
                    ResourceException be = new BadRequestException("id in path does not match id in request body");
                    debug.error("IdentityResource.createInstance() :: Cannot CREATE ", be);
                    return be.asPromise();
                }
            }
            identity.setName(resourceId);
        } else {
            resourceId = identity.getName();
        }
        UserAttributeInfo userAttributeInfo = configHandler.getConfig(realm, UserAttributeInfoBuilder.class);
        enforceWhiteList(context, request.getContent(), objectType, userAttributeInfo.getValidCreationAttributes());
        final String id = resourceId;
        return attemptResourceCreation(realm, admin, identity, resourceId).thenAsync(new AsyncFunction<IdentityDetails, ResourceResponse, ResourceException>() {

            @Override
            public Promise<ResourceResponse, ResourceException> apply(IdentityDetails dtls) {
                if (dtls != null) {
                    String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
                    debug.message("IdentityResource.createInstance :: CREATE of resourceId={} in realm={} " + "performed by principalName={}", id, realm, principalName);
                    ResourceResponse resource = newResourceResponse(id, "0", identityDetailsToJsonValue(dtls));
                    return newResultPromise(resource);
                } else {
                    debug.error("IdentityResource.createInstance() :: Identity not found");
                    return new NotFoundException("Identity not found").asPromise();
                }
            }
        });
    } catch (SSOException e) {
        return new ForbiddenException(e).asPromise();
    } catch (BadRequestException bre) {
        return bre.asPromise();
    }
}
Also used : UserAttributeInfo(org.forgerock.openam.core.rest.UserAttributeInfo) ForbiddenException(org.forgerock.json.resource.ForbiddenException) SSOToken(com.iplanet.sso.SSOToken) RealmContext(org.forgerock.openam.rest.RealmContext) JsonValue(org.forgerock.json.JsonValue) NotFoundException(org.forgerock.json.resource.NotFoundException) ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException) SSOException(com.iplanet.sso.SSOException) Promises.newResultPromise(org.forgerock.util.promise.Promises.newResultPromise) Promise(org.forgerock.util.promise.Promise) Responses.newResourceResponse(org.forgerock.json.resource.Responses.newResourceResponse) ResourceResponse(org.forgerock.json.resource.ResourceResponse) IdentityDetails(com.sun.identity.idsvcs.IdentityDetails) BadRequestException(org.forgerock.json.resource.BadRequestException) ResourceException(org.forgerock.json.resource.ResourceException)

Example 10 with Promise

use of org.forgerock.util.promise.Promise in project OpenAM by OpenRock.

the class IdentityResourceV2 method anonymousCreate.

private Promise<ActionResponse, ResourceException> anonymousCreate(final Context context, final ActionRequest request, final String realm, RestSecurity restSecurity) {
    final JsonValue jVal = request.getContent();
    String tokenID = null;
    String confirmationId;
    String email;
    try {
        if (!restSecurity.isSelfRegistration()) {
            throw new BadRequestException("Self-registration disabled");
        }
        tokenID = jVal.get(TOKEN_ID).asString();
        jVal.remove(TOKEN_ID);
        confirmationId = jVal.get(CONFIRMATION_ID).asString();
        jVal.remove(CONFIRMATION_ID);
        email = jVal.get(EMAIL).asString();
        if (email == null || email.isEmpty()) {
            throw new BadRequestException("Email not provided");
        }
        // Convert to IDRepo Attribute schema
        jVal.put("mail", email);
        if (confirmationId == null || confirmationId.isEmpty()) {
            throw new BadRequestException("confirmationId not provided");
        }
        if (tokenID == null || tokenID.isEmpty()) {
            throw new BadRequestException("tokenId not provided");
        }
        validateToken(tokenID, realm, email, confirmationId);
        // create an Identity
        SSOToken admin = RestUtils.getToken();
        final String finalTokenID = tokenID;
        return createInstance(admin, jVal, realm).thenAsync(new AsyncFunction<ActionResponse, ActionResponse, ResourceException>() {

            @Override
            public Promise<ActionResponse, ResourceException> apply(ActionResponse response) {
                // Only remove the token if the create was successful, errors will be set in the handler.
                try {
                    // Even though the generated token will eventually timeout, delete it after a successful read
                    // so that the completed registration request cannot be made again using the same token.
                    CTSHolder.getCTS().deleteAsync(finalTokenID);
                } catch (DeleteFailedException e) {
                    // reading and deleting, the token has expired.
                    if (debug.messageEnabled()) {
                        debug.message("IdentityResource.anonymousCreate: Deleting token " + finalTokenID + " after a successful read failed due to " + e.getMessage(), e);
                    }
                } catch (CoreTokenException cte) {
                    // For any unexpected CTS error
                    debug.error("IdentityResource.anonymousCreate(): CTS Error : " + cte.getMessage());
                    return new InternalServerErrorException(cte.getMessage(), cte).asPromise();
                }
                return newResultPromise(response);
            }
        });
    } catch (BadRequestException bre) {
        debug.warning("IdentityResource.anonymousCreate() :: Invalid Parameter", bre);
        return bre.asPromise();
    } catch (ResourceException re) {
        debug.warning("IdentityResource.anonymousCreate() :: Resource error", re);
        return re.asPromise();
    } catch (CoreTokenException cte) {
        // For any unexpected CTS error
        debug.error("IdentityResource.anonymousCreate() :: CTS error", cte);
        return new InternalServerErrorException(cte).asPromise();
    } catch (ServiceNotFoundException snfe) {
        // Failure from RestSecurity
        debug.error("IdentityResource.anonymousCreate() :: Internal error", snfe);
        return new InternalServerErrorException(snfe).asPromise();
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) JsonValue(org.forgerock.json.JsonValue) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) ActionResponse(org.forgerock.json.resource.ActionResponse) Responses.newActionResponse(org.forgerock.json.resource.Responses.newActionResponse) Promises.newResultPromise(org.forgerock.util.promise.Promises.newResultPromise) Promise(org.forgerock.util.promise.Promise) DeleteFailedException(org.forgerock.openam.cts.exceptions.DeleteFailedException) ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException) BadRequestException(org.forgerock.json.resource.BadRequestException) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) ResourceException(org.forgerock.json.resource.ResourceException)

Aggregations

Promise (org.forgerock.util.promise.Promise)21 ResourceException (org.forgerock.json.resource.ResourceException)18 JsonValue (org.forgerock.json.JsonValue)14 Promises.newResultPromise (org.forgerock.util.promise.Promises.newResultPromise)14 ArrayList (java.util.ArrayList)11 ResourceResponse (org.forgerock.json.resource.ResourceResponse)9 List (java.util.List)8 BadRequestException (org.forgerock.json.resource.BadRequestException)8 ActionResponse (org.forgerock.json.resource.ActionResponse)7 QueryRequest (org.forgerock.json.resource.QueryRequest)7 SSOToken (com.iplanet.sso.SSOToken)6 ServiceNotFoundException (com.sun.identity.sm.ServiceNotFoundException)6 NotFoundException (org.forgerock.json.resource.NotFoundException)6 RealmContext (org.forgerock.openam.rest.RealmContext)6 InternalServerErrorException (org.forgerock.json.resource.InternalServerErrorException)5 QueryResponse (org.forgerock.json.resource.QueryResponse)5 Context (org.forgerock.services.context.Context)5 Pair (org.forgerock.util.Pair)5 IdentityDetails (com.sun.identity.idsvcs.IdentityDetails)4 QueryResourceHandler (org.forgerock.json.resource.QueryResourceHandler)4