use of org.forgerock.util.promise.Promise in project OpenAM by OpenRock.
the class ResourceSetService method getResourceSets.
/**
* Queries resource sets across the resource set store and UMA policy store.
*
* @param context The context.
* @param realm The realm.
* @param query The aggregated query.
* @param resourceOwnerId The resource owner id.
* @param augmentWithPolicies {@code true} to pull in UMA policies into the resource set.
* @return A Promise containing the Resource Sets or a ResourceException.
*/
Promise<Collection<ResourceSetDescription>, ResourceException> getResourceSets(final Context context, String realm, final ResourceSetWithPolicyQuery query, final String resourceOwnerId, final boolean augmentWithPolicies) {
final Set<ResourceSetDescription> resourceSets;
try {
resourceSets = new ResourceSetSharedFilter(this, resourceOwnerId, realm).filter(resourceSetStoreFactory.create(realm).query(query.getResourceSetQuery()));
} catch (ServerException e) {
return new InternalServerErrorException(e).asPromise();
}
QueryRequest policyQuery = newQueryRequest("").setQueryId("searchAll");
policyQuery.setQueryFilter(QueryFilter.<JsonPointer>alwaysTrue());
return getSharedResourceSets(context, policyQuery, resourceOwnerId).thenAsync(new AsyncFunction<Set<ResourceSetDescription>, Collection<ResourceSetDescription>, ResourceException>() {
@Override
public Promise<Collection<ResourceSetDescription>, ResourceException> apply(final Set<ResourceSetDescription> sharedResourceSets) {
//combine the owned ResourceSets with the shared ones, then filter based on the query
sharedResourceSets.addAll(resourceSets);
final Collection<ResourceSetDescription> filteredResourceSets = filterPolicies(resourceSets, query);
Promise<Collection<ResourceSetDescription>, ResourceException> resourceSetsPromise;
if (query.getPolicyQuery() != null) {
QueryRequest policyQuery = newQueryRequest("").setQueryFilter(query.getPolicyQuery());
resourceSetsPromise = policyService.queryPolicies(context, policyQuery).thenAsync(new AsyncFunction<Pair<QueryResponse, Collection<UmaPolicy>>, Collection<ResourceSetDescription>, ResourceException>() {
@Override
public Promise<Collection<ResourceSetDescription>, ResourceException> apply(Pair<QueryResponse, Collection<UmaPolicy>> result) throws ResourceException {
try {
return newResultPromise(combine(context, query, filteredResourceSets, result.getSecond(), augmentWithPolicies, resourceOwnerId));
} catch (org.forgerock.oauth2.core.exceptions.NotFoundException e) {
return new InternalServerErrorException(e).asPromise();
} catch (ServerException e) {
return new InternalServerErrorException(e).asPromise();
}
}
});
} else {
if (augmentWithPolicies) {
List<Promise<ResourceSetDescription, ResourceException>> promises = new ArrayList<>();
PromiseImpl<ResourceSetDescription, ResourceException> kicker = PromiseImpl.create();
promises.add(kicker);
for (ResourceSetDescription resourceSet : filteredResourceSets) {
promises.add(augmentWithPolicy(context, resourceSet.getId(), resourceSet));
}
resourceSetsPromise = Promises.when(promises).thenAsync(new AsyncFunction<List<ResourceSetDescription>, Collection<ResourceSetDescription>, ResourceException>() {
@Override
public Promise<Collection<ResourceSetDescription>, ResourceException> apply(List<ResourceSetDescription> resourceSets) {
Collection<ResourceSetDescription> resourceSetDescriptions = new HashSet<>();
for (ResourceSetDescription rs : filteredResourceSets) {
if (rs != null) {
resourceSetDescriptions.add(rs);
}
}
return newResultPromise(resourceSetDescriptions);
}
});
kicker.handleResult(null);
} else {
resourceSetsPromise = newResultPromise(filteredResourceSets);
}
}
return resourceSetsPromise;
}
});
}
use of org.forgerock.util.promise.Promise in project OpenAM by OpenRock.
the class UmaPolicyServiceImpl method queryPolicies.
/**
* {@inheritDoc}
*/
@Override
public Promise<Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException> queryPolicies(final Context context, final QueryRequest umaQueryRequest) {
if (umaQueryRequest.getQueryExpression() != null) {
return new BadRequestException("Query expressions not supported").asPromise();
}
QueryRequest request = Requests.newQueryRequest("");
final AggregateQuery<QueryFilter<JsonPointer>, QueryFilter<JsonPointer>> filter = umaQueryRequest.getQueryFilter().accept(new AggregateUmaPolicyQueryFilter(), new AggregateQuery<QueryFilter<JsonPointer>, QueryFilter<JsonPointer>>());
String queryId = umaQueryRequest.getQueryId();
if (queryId != null && queryId.equals("searchAll")) {
request.setQueryFilter(QueryFilter.<JsonPointer>alwaysTrue());
} else {
String resourceOwnerUid = getResourceOwnerUid(context);
if (filter.getFirstQuery() == null) {
request.setQueryFilter(QueryFilter.equalTo(new JsonPointer("createdBy"), resourceOwnerUid));
} else {
request.setQueryFilter(QueryFilter.and(QueryFilter.equalTo(new JsonPointer("createdBy"), resourceOwnerUid), filter.getFirstQuery()));
}
}
return policyResourceDelegate.queryPolicies(context, request).thenAsync(new AsyncFunction<Pair<QueryResponse, List<ResourceResponse>>, Collection<UmaPolicy>, ResourceException>() {
@Override
public Promise<Collection<UmaPolicy>, ResourceException> apply(Pair<QueryResponse, List<ResourceResponse>> value) {
Map<String, Set<ResourceResponse>> policyMapping = new HashMap<>();
for (ResourceResponse policy : value.getSecond()) {
String resource = policy.getContent().get("resources").asList(String.class).get(0);
if (!resource.startsWith(UMA_POLICY_SCHEME)) {
continue;
}
resource = resource.replaceFirst(UMA_POLICY_SCHEME, "");
if (resource.indexOf(":") > 0) {
resource = resource.substring(0, resource.indexOf(":"));
}
Set<ResourceResponse> mapping = policyMapping.get(resource);
if (mapping == null) {
mapping = new HashSet<>();
policyMapping.put(resource, mapping);
}
mapping.add(policy);
}
try {
Collection<UmaPolicy> umaPolicies = new HashSet<>();
for (Map.Entry<String, Set<ResourceResponse>> entry : policyMapping.entrySet()) {
ResourceSetDescription resourceSet = getResourceSetDescription(entry.getKey(), context);
UmaPolicy umaPolicy = UmaPolicy.fromUnderlyingPolicies(resourceSet, entry.getValue());
resolveUIDToUsername(umaPolicy.asJson());
umaPolicies.add(umaPolicy);
}
return newResultPromise(umaPolicies);
} catch (ResourceException e) {
return e.asPromise();
}
}
}).thenAsync(new AsyncFunction<Collection<UmaPolicy>, Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException>() {
@Override
public Promise<Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException> apply(Collection<UmaPolicy> policies) {
Collection<UmaPolicy> results = policies;
if (filter.getSecondQuery() != null) {
PolicySearch search = filter.getSecondQuery().accept(new UmaPolicyQueryFilterVisitor(), new PolicySearch(policies));
if (AggregateQuery.Operator.AND.equals(filter.getOperator())) {
results.retainAll(search.getPolicies());
}
}
int pageSize = umaQueryRequest.getPageSize();
String pagedResultsCookie = umaQueryRequest.getPagedResultsCookie();
int pagedResultsOffset = umaQueryRequest.getPagedResultsOffset();
Collection<UmaPolicy> pagedPolicies = new HashSet<UmaPolicy>();
int count = 0;
for (UmaPolicy policy : results) {
if (count >= pagedResultsOffset * pageSize) {
pagedPolicies.add(policy);
}
count++;
}
int remainingPagedResults = results.size() - pagedPolicies.size();
if (pageSize > 0) {
remainingPagedResults /= pageSize;
}
return newResultPromise(Pair.of(newQueryResponse(pagedResultsCookie, CountPolicy.EXACT, remainingPagedResults), pagedPolicies));
}
});
}
use of org.forgerock.util.promise.Promise in project OpenAM by OpenRock.
the class AuditRestRouteProvider method addResourceRoutes.
@Override
public void addResourceRoutes(ResourceRouter rootRouter, ResourceRouter realmRouter) {
rootRouter.route("global-audit").auditAs(AUDIT, AuditEndpointAuditFilter.class).authorizeWith(SpecialOrAdminOrAgentAuthzModule.class).forVersion(1).toRequestHandler(STARTS_WITH, auditServiceProvider.getDefaultAuditService());
rootRouter.route("realm-audit").auditAs(AUDIT, AuditEndpointAuditFilter.class).authorizeWith(SpecialOrAdminOrAgentAuthzModule.class).forVersion(1).through(RealmContextFilter.class).toRequestHandler(STARTS_WITH, new RequestHandler() {
@Override
public Promise<ActionResponse, ResourceException> handleAction(Context context, ActionRequest actionRequest) {
return getAuditService(context).handleAction(context, actionRequest);
}
@Override
public Promise<ResourceResponse, ResourceException> handleCreate(Context context, CreateRequest createRequest) {
return getAuditService(context).handleCreate(context, createRequest);
}
@Override
public Promise<ResourceResponse, ResourceException> handleDelete(Context context, DeleteRequest deleteRequest) {
return getAuditService(context).handleDelete(context, deleteRequest);
}
@Override
public Promise<ResourceResponse, ResourceException> handlePatch(Context context, PatchRequest patchRequest) {
return getAuditService(context).handlePatch(context, patchRequest);
}
@Override
public Promise<QueryResponse, ResourceException> handleQuery(Context context, QueryRequest queryRequest, QueryResourceHandler queryResourceHandler) {
return getAuditService(context).handleQuery(context, queryRequest, queryResourceHandler);
}
@Override
public Promise<ResourceResponse, ResourceException> handleRead(Context context, ReadRequest readRequest) {
return getAuditService(context).handleRead(context, readRequest);
}
@Override
public Promise<ResourceResponse, ResourceException> handleUpdate(Context context, UpdateRequest updateRequest) {
return getAuditService(context).handleUpdate(context, updateRequest);
}
private AMAuditService getAuditService(Context context) {
String realm = context.asContext(RealmContext.class).getResolvedRealm();
if (StringUtils.isEmpty(realm)) {
logger.warn("Context contained RealmContext but had an empty resolved realm");
return auditServiceProvider.getDefaultAuditService();
}
return auditServiceProvider.getAuditService(realm);
}
});
}
use of org.forgerock.util.promise.Promise in project OpenAM by OpenRock.
the class IdentityResourceV2 method createInstance.
/**
* {@inheritDoc}
*/
@Override
public Promise<ResourceResponse, ResourceException> createInstance(final Context context, final CreateRequest request) {
RealmContext realmContext = context.asContext(RealmContext.class);
final String realm = realmContext.getResolvedRealm();
try {
// anyone can create an account add
SSOToken admin = getSSOToken(getCookieFromServerContext(context));
final JsonValue jVal = request.getContent();
String resourceId = request.getNewResourceId();
IdentityDetails identity = jsonValueToIdentityDetails(objectType, jVal, realm);
// check to see if request has included resource ID
if (resourceId != null) {
if (identity.getName() != null) {
if (!resourceId.equalsIgnoreCase(identity.getName())) {
ResourceException be = new BadRequestException("id in path does not match id in request body");
debug.error("IdentityResource.createInstance() :: Cannot CREATE ", be);
return be.asPromise();
}
}
identity.setName(resourceId);
} else {
resourceId = identity.getName();
}
UserAttributeInfo userAttributeInfo = configHandler.getConfig(realm, UserAttributeInfoBuilder.class);
enforceWhiteList(context, request.getContent(), objectType, userAttributeInfo.getValidCreationAttributes());
final String id = resourceId;
return attemptResourceCreation(realm, admin, identity, resourceId).thenAsync(new AsyncFunction<IdentityDetails, ResourceResponse, ResourceException>() {
@Override
public Promise<ResourceResponse, ResourceException> apply(IdentityDetails dtls) {
if (dtls != null) {
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
debug.message("IdentityResource.createInstance :: CREATE of resourceId={} in realm={} " + "performed by principalName={}", id, realm, principalName);
ResourceResponse resource = newResourceResponse(id, "0", identityDetailsToJsonValue(dtls));
return newResultPromise(resource);
} else {
debug.error("IdentityResource.createInstance() :: Identity not found");
return new NotFoundException("Identity not found").asPromise();
}
}
});
} catch (SSOException e) {
return new ForbiddenException(e).asPromise();
} catch (BadRequestException bre) {
return bre.asPromise();
}
}
use of org.forgerock.util.promise.Promise in project OpenAM by OpenRock.
the class IdentityResourceV2 method anonymousCreate.
private Promise<ActionResponse, ResourceException> anonymousCreate(final Context context, final ActionRequest request, final String realm, RestSecurity restSecurity) {
final JsonValue jVal = request.getContent();
String tokenID = null;
String confirmationId;
String email;
try {
if (!restSecurity.isSelfRegistration()) {
throw new BadRequestException("Self-registration disabled");
}
tokenID = jVal.get(TOKEN_ID).asString();
jVal.remove(TOKEN_ID);
confirmationId = jVal.get(CONFIRMATION_ID).asString();
jVal.remove(CONFIRMATION_ID);
email = jVal.get(EMAIL).asString();
if (email == null || email.isEmpty()) {
throw new BadRequestException("Email not provided");
}
// Convert to IDRepo Attribute schema
jVal.put("mail", email);
if (confirmationId == null || confirmationId.isEmpty()) {
throw new BadRequestException("confirmationId not provided");
}
if (tokenID == null || tokenID.isEmpty()) {
throw new BadRequestException("tokenId not provided");
}
validateToken(tokenID, realm, email, confirmationId);
// create an Identity
SSOToken admin = RestUtils.getToken();
final String finalTokenID = tokenID;
return createInstance(admin, jVal, realm).thenAsync(new AsyncFunction<ActionResponse, ActionResponse, ResourceException>() {
@Override
public Promise<ActionResponse, ResourceException> apply(ActionResponse response) {
// Only remove the token if the create was successful, errors will be set in the handler.
try {
// Even though the generated token will eventually timeout, delete it after a successful read
// so that the completed registration request cannot be made again using the same token.
CTSHolder.getCTS().deleteAsync(finalTokenID);
} catch (DeleteFailedException e) {
// reading and deleting, the token has expired.
if (debug.messageEnabled()) {
debug.message("IdentityResource.anonymousCreate: Deleting token " + finalTokenID + " after a successful read failed due to " + e.getMessage(), e);
}
} catch (CoreTokenException cte) {
// For any unexpected CTS error
debug.error("IdentityResource.anonymousCreate(): CTS Error : " + cte.getMessage());
return new InternalServerErrorException(cte.getMessage(), cte).asPromise();
}
return newResultPromise(response);
}
});
} catch (BadRequestException bre) {
debug.warning("IdentityResource.anonymousCreate() :: Invalid Parameter", bre);
return bre.asPromise();
} catch (ResourceException re) {
debug.warning("IdentityResource.anonymousCreate() :: Resource error", re);
return re.asPromise();
} catch (CoreTokenException cte) {
// For any unexpected CTS error
debug.error("IdentityResource.anonymousCreate() :: CTS error", cte);
return new InternalServerErrorException(cte).asPromise();
} catch (ServiceNotFoundException snfe) {
// Failure from RestSecurity
debug.error("IdentityResource.anonymousCreate() :: Internal error", snfe);
return new InternalServerErrorException(snfe).asPromise();
}
}
Aggregations