Search in sources :

Example 56 with ModelException

use of org.keycloak.models.ModelException in project keycloak by keycloak.

the class LDAPOperationManager method destroySubcontext.

/**
 * <p>
 * Destroys a subcontext with the given DN from the LDAP tree.
 * </p>
 *
 * @param dn
 */
private void destroySubcontext(LdapContext context, final String dn) {
    try {
        NamingEnumeration<Binding> enumeration = null;
        try {
            enumeration = context.listBindings(new LdapName(dn));
            while (enumeration.hasMore()) {
                Binding binding = enumeration.next();
                String name = binding.getNameInNamespace();
                destroySubcontext(context, name);
            }
            context.unbind(new LdapName(dn));
        } finally {
            try {
                enumeration.close();
            } catch (Exception e) {
            }
        }
    } catch (Exception e) {
        throw new ModelException("Could not unbind DN [" + dn + "]", e);
    }
}
Also used : Binding(javax.naming.Binding) ModelException(org.keycloak.models.ModelException) NamingException(javax.naming.NamingException) AuthenticationException(javax.naming.AuthenticationException) NameAlreadyBoundException(javax.naming.NameAlreadyBoundException) IOException(java.io.IOException) ModelException(org.keycloak.models.ModelException) LdapName(javax.naming.ldap.LdapName)

Example 57 with ModelException

use of org.keycloak.models.ModelException in project keycloak by keycloak.

the class GroupLDAPStorageMapper method syncNonExistingGroup.

private void syncNonExistingGroup(RealmModel realm, Map.Entry<String, LDAPObject> groupEntry, SynchronizationResult syncResult, Set<String> visitedGroupIds, String groupName) {
    try {
        // Create each non-existing group to be synced in its own inner transaction to prevent race condition when
        // the group intended to be created was already created via other channel in the meantime
        KeycloakModelUtils.runJobInTransaction(ldapProvider.getSession().getKeycloakSessionFactory(), session -> {
            RealmModel innerTransactionRealm = session.realms().getRealm(realm.getId());
            GroupModel kcGroup = createKcGroup(innerTransactionRealm, groupName, null);
            updateAttributesOfKCGroup(kcGroup, groupEntry.getValue());
            syncResult.increaseAdded();
            visitedGroupIds.add(kcGroup.getId());
        });
    } catch (ModelException me) {
        logger.error(String.format("Failed to sync group %s from LDAP: ", groupName), me);
        syncResult.increaseFailed();
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) ModelException(org.keycloak.models.ModelException) GroupModel(org.keycloak.models.GroupModel)

Example 58 with ModelException

use of org.keycloak.models.ModelException in project keycloak by keycloak.

the class RoleMapperResource method deleteRealmRoleMappings.

/**
 * Delete realm-level role mappings
 *
 * @param roles
 */
@Path("realm")
@DELETE
@Consumes(MediaType.APPLICATION_JSON)
public void deleteRealmRoleMappings(List<RoleRepresentation> roles) {
    managePermission.require();
    logger.debug("deleteRealmRoleMappings");
    if (roles == null) {
        roles = roleMapper.getRealmRoleMappingsStream().peek(roleModel -> {
            auth.roles().requireMapRole(roleModel);
            roleMapper.deleteRoleMapping(roleModel);
        }).map(ModelToRepresentation::toBriefRepresentation).collect(Collectors.toList());
    } else {
        for (RoleRepresentation role : roles) {
            RoleModel roleModel = realm.getRole(role.getName());
            if (roleModel == null || !roleModel.getId().equals(role.getId())) {
                throw new NotFoundException("Role not found");
            }
            auth.roles().requireMapRole(roleModel);
            try {
                roleMapper.deleteRoleMapping(roleModel);
            } catch (ModelException | ReadOnlyException me) {
                logger.warn(me.getMessage(), me);
                throw new ErrorResponseException("invalid_request", "Could not remove user role mappings!", Response.Status.BAD_REQUEST);
            }
        }
    }
    adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).representation(roles).success();
}
Also used : ClientModel(org.keycloak.models.ClientModel) OperationType(org.keycloak.events.admin.OperationType) PathParam(javax.ws.rs.PathParam) ResourceType(org.keycloak.events.admin.ResourceType) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) Logger(org.jboss.logging.Logger) Path(javax.ws.rs.Path) HashMap(java.util.HashMap) RoleContainerModel(org.keycloak.models.RoleContainerModel) AtomicReference(java.util.concurrent.atomic.AtomicReference) Function(java.util.function.Function) ArrayList(java.util.ArrayList) MediaType(javax.ws.rs.core.MediaType) QueryParam(javax.ws.rs.QueryParam) Consumes(javax.ws.rs.Consumes) ReadOnlyException(org.keycloak.storage.ReadOnlyException) ErrorResponseException(org.keycloak.services.ErrorResponseException) Map(java.util.Map) DefaultValue(javax.ws.rs.DefaultValue) ClientConnection(org.keycloak.common.ClientConnection) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) DELETE(javax.ws.rs.DELETE) RealmModel(org.keycloak.models.RealmModel) POST(javax.ws.rs.POST) Context(javax.ws.rs.core.Context) Predicate(java.util.function.Predicate) AdminPermissionEvaluator(org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator) MappingsRepresentation(org.keycloak.representations.idm.MappingsRepresentation) KeycloakSession(org.keycloak.models.KeycloakSession) RoleModel(org.keycloak.models.RoleModel) Collectors(java.util.stream.Collectors) NotFoundException(javax.ws.rs.NotFoundException) ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation) List(java.util.List) HttpHeaders(javax.ws.rs.core.HttpHeaders) Stream(java.util.stream.Stream) NoCache(org.jboss.resteasy.annotations.cache.NoCache) Response(javax.ws.rs.core.Response) ClientMappingsRepresentation(org.keycloak.representations.idm.ClientMappingsRepresentation) ModelException(org.keycloak.models.ModelException) RoleMapperModel(org.keycloak.models.RoleMapperModel) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ModelException(org.keycloak.models.ModelException) NotFoundException(javax.ws.rs.NotFoundException) RoleModel(org.keycloak.models.RoleModel) ErrorResponseException(org.keycloak.services.ErrorResponseException) ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation) ReadOnlyException(org.keycloak.storage.ReadOnlyException) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) Consumes(javax.ws.rs.Consumes)

Example 59 with ModelException

use of org.keycloak.models.ModelException in project keycloak by keycloak.

the class RoleMapperResource method addRealmRoleMappings.

/**
 * Add realm-level role mappings to the user
 *
 * @param roles Roles to add
 */
@Path("realm")
@POST
@Consumes(MediaType.APPLICATION_JSON)
public void addRealmRoleMappings(List<RoleRepresentation> roles) {
    managePermission.require();
    logger.debugv("** addRealmRoleMappings: {0}", roles);
    try {
        for (RoleRepresentation role : roles) {
            RoleModel roleModel = realm.getRole(role.getName());
            if (roleModel == null || !roleModel.getId().equals(role.getId())) {
                throw new NotFoundException("Role not found");
            }
            auth.roles().requireMapRole(roleModel);
            roleMapper.grantRole(roleModel);
        }
    } catch (ModelException | ReadOnlyException me) {
        logger.warn(me.getMessage(), me);
        throw new ErrorResponseException("invalid_request", "Could not add user role mappings!", Response.Status.BAD_REQUEST);
    }
    adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(roles).success();
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ModelException(org.keycloak.models.ModelException) NotFoundException(javax.ws.rs.NotFoundException) RoleModel(org.keycloak.models.RoleModel) ErrorResponseException(org.keycloak.services.ErrorResponseException) ReadOnlyException(org.keycloak.storage.ReadOnlyException) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes)

Example 60 with ModelException

use of org.keycloak.models.ModelException in project keycloak by keycloak.

the class UserResource method updateUser.

/**
 * Update the user
 *
 * @param rep
 * @return
 */
@PUT
@Consumes(MediaType.APPLICATION_JSON)
public Response updateUser(final UserRepresentation rep) {
    auth.users().requireManage(user);
    try {
        boolean wasPermanentlyLockedOut = false;
        if (rep.isEnabled() != null && rep.isEnabled()) {
            UserLoginFailureModel failureModel = session.loginFailures().getUserLoginFailure(realm, user.getId());
            if (failureModel != null) {
                failureModel.clearFailures();
            }
            wasPermanentlyLockedOut = session.getProvider(BruteForceProtector.class).isPermanentlyLockedOut(session, realm, user);
        }
        UserProfile profile = session.getProvider(UserProfileProvider.class).create(USER_API, rep.toAttributes(), user);
        Response response = validateUserProfile(profile, user, session);
        if (response != null) {
            return response;
        }
        profile.update(rep.getAttributes() != null);
        updateUserFromRep(profile, user, rep, session, true);
        RepresentationToModel.createCredentials(rep, session, realm, user, true);
        // we need to do it here as the attributes would be overwritten by what is in the rep
        if (wasPermanentlyLockedOut) {
            session.getProvider(BruteForceProtector.class).cleanUpPermanentLockout(session, realm, user);
        }
        adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success();
        if (session.getTransactionManager().isActive()) {
            session.getTransactionManager().commit();
        }
        return Response.noContent().build();
    } catch (ModelDuplicateException e) {
        return ErrorResponse.exists("User exists with same username or email");
    } catch (ReadOnlyException re) {
        return ErrorResponse.error("User is read only!", Status.BAD_REQUEST);
    } catch (ModelException me) {
        logger.warn("Could not update user!", me);
        return ErrorResponse.error("Could not update user!", Status.BAD_REQUEST);
    } catch (ForbiddenException fe) {
        throw fe;
    } catch (Exception me) {
        // JPA
        // may be committed by JTA which can't
        logger.warn("Could not update user!", me);
        return ErrorResponse.error("Could not update user!", Status.BAD_REQUEST);
    }
}
Also used : Response(javax.ws.rs.core.Response) ErrorResponse(org.keycloak.services.ErrorResponse) ForbiddenException(org.keycloak.services.ForbiddenException) UserLoginFailureModel(org.keycloak.models.UserLoginFailureModel) UserProfile(org.keycloak.userprofile.UserProfile) ModelException(org.keycloak.models.ModelException) UserProfileProvider(org.keycloak.userprofile.UserProfileProvider) ModelDuplicateException(org.keycloak.models.ModelDuplicateException) BruteForceProtector(org.keycloak.services.managers.BruteForceProtector) ReadOnlyException(org.keycloak.storage.ReadOnlyException) ErrorResponseException(org.keycloak.services.ErrorResponseException) WebApplicationException(javax.ws.rs.WebApplicationException) ModelDuplicateException(org.keycloak.models.ModelDuplicateException) ValidationException(org.keycloak.userprofile.ValidationException) ReadOnlyException(org.keycloak.storage.ReadOnlyException) BadRequestException(javax.ws.rs.BadRequestException) NotFoundException(javax.ws.rs.NotFoundException) ForbiddenException(org.keycloak.services.ForbiddenException) EmailException(org.keycloak.email.EmailException) ModelException(org.keycloak.models.ModelException) Consumes(javax.ws.rs.Consumes) PUT(javax.ws.rs.PUT)

Aggregations

ModelException (org.keycloak.models.ModelException)74 RealmModel (org.keycloak.models.RealmModel)20 NamingException (javax.naming.NamingException)13 UserModel (org.keycloak.models.UserModel)13 ClientModel (org.keycloak.models.ClientModel)11 ComponentModel (org.keycloak.component.ComponentModel)10 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)10 IOException (java.io.IOException)9 Consumes (javax.ws.rs.Consumes)9 NotFoundException (javax.ws.rs.NotFoundException)8 BasicAttribute (javax.naming.directory.BasicAttribute)7 KeycloakSession (org.keycloak.models.KeycloakSession)7 RoleModel (org.keycloak.models.RoleModel)7 ErrorResponseException (org.keycloak.services.ErrorResponseException)7 ReadOnlyException (org.keycloak.storage.ReadOnlyException)7 POST (javax.ws.rs.POST)6 Path (javax.ws.rs.Path)6 Test (org.junit.Test)6 ArrayList (java.util.ArrayList)5 AttributeInUseException (javax.naming.directory.AttributeInUseException)5