Search in sources :

Example 26 with ErrorResponseException

use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.

the class PermissionTicketService method delete.

@Path("{id}")
@DELETE
@Consumes("application/json")
public Response delete(@PathParam("id") String id) {
    if (id == null) {
        throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST);
    }
    PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
    PermissionTicket ticket = ticketStore.findById(id, resourceServer.getId());
    if (ticket == null) {
        throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST);
    }
    if (!ticket.getOwner().equals(this.identity.getId()) && !this.identity.isResourceServer() && !ticket.getRequester().equals(this.identity.getId()))
        throw new ErrorResponseException("not_authorised", "permissions for [" + ticket.getResource() + "] can be deleted only by the owner, the requester, or the resource server", Response.Status.FORBIDDEN);
    ticketStore.delete(id);
    return Response.noContent().build();
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) ErrorResponseException(org.keycloak.services.ErrorResponseException) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) Consumes(javax.ws.rs.Consumes)

Example 27 with ErrorResponseException

use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.

the class PermissionTicketService method update.

@PUT
@Consumes("application/json")
public Response update(PermissionTicketRepresentation representation) {
    if (representation == null || representation.getId() == null) {
        throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST);
    }
    PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
    PermissionTicket ticket = ticketStore.findById(representation.getId(), resourceServer.getId());
    if (ticket == null) {
        throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST);
    }
    if (!ticket.getOwner().equals(this.identity.getId()) && !this.identity.isResourceServer())
        throw new ErrorResponseException("not_authorised", "permissions for [" + representation.getResource() + "] can be updated only by the owner or by the resource server", Response.Status.FORBIDDEN);
    RepresentationToModel.toModel(representation, resourceServer.getId(), authorization);
    return Response.noContent().build();
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) ErrorResponseException(org.keycloak.services.ErrorResponseException) Consumes(javax.ws.rs.Consumes) PUT(javax.ws.rs.PUT)

Example 28 with ErrorResponseException

use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.

the class AccountCredentialResource method setLabel.

/**
 * Update a user label of specified credential of current user
 *
 * @param credentialId ID of the credential, which will be updated
 * @param userLabel new user label as JSON string
 */
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Path("{credentialId}/label")
@NoCache
public void setLabel(@PathParam("credentialId") final String credentialId, String userLabel) {
    auth.require(AccountRoles.MANAGE_ACCOUNT);
    CredentialModel credential = session.userCredentialManager().getStoredCredentialById(realm, user, credentialId);
    if (credential == null) {
        throw new NotFoundException("Credential not found");
    }
    try {
        String label = JsonSerialization.readValue(userLabel, String.class);
        session.userCredentialManager().updateCredentialLabel(realm, user, credentialId, label);
    } catch (IOException ioe) {
        throw new ErrorResponseException(ErrorResponse.error(Messages.INVALID_REQUEST, Response.Status.BAD_REQUEST));
    }
}
Also used : CredentialModel(org.keycloak.credential.CredentialModel) NotFoundException(javax.ws.rs.NotFoundException) ErrorResponseException(org.keycloak.services.ErrorResponseException) IOException(java.io.IOException) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) NoCache(org.jboss.resteasy.annotations.cache.NoCache) PUT(javax.ws.rs.PUT)

Example 29 with ErrorResponseException

use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.

the class ClientResource method update.

/**
 * Update the client
 * @param rep
 * @return
 */
@PUT
@Consumes(MediaType.APPLICATION_JSON)
public Response update(final ClientRepresentation rep) {
    auth.clients().requireConfigure(client);
    try {
        session.clientPolicy().triggerOnEvent(new AdminClientUpdateContext(rep, client, auth.adminAuth()));
        updateClientFromRep(rep, client, session);
        ValidationUtil.validateClient(session, client, false, r -> {
            session.getTransactionManager().setRollbackOnly();
            throw new ErrorResponseException(Errors.INVALID_INPUT, r.getAllLocalizedErrorsAsString(AdminRoot.getMessages(session, realm, auth.adminAuth().getToken().getLocale())), Response.Status.BAD_REQUEST);
        });
        session.clientPolicy().triggerOnEvent(new AdminClientUpdatedContext(rep, client, auth.adminAuth()));
        adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success();
        return Response.noContent().build();
    } catch (ModelDuplicateException e) {
        return ErrorResponse.exists("Client already exists");
    } catch (ClientPolicyException cpe) {
        throw new ErrorResponseException(cpe.getError(), cpe.getErrorDetail(), Response.Status.BAD_REQUEST);
    }
}
Also used : AdminClientUpdateContext(org.keycloak.services.clientpolicy.context.AdminClientUpdateContext) ModelDuplicateException(org.keycloak.models.ModelDuplicateException) ErrorResponseException(org.keycloak.services.ErrorResponseException) AdminClientUpdatedContext(org.keycloak.services.clientpolicy.context.AdminClientUpdatedContext) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException) Consumes(javax.ws.rs.Consumes) PUT(javax.ws.rs.PUT)

Example 30 with ErrorResponseException

use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.

the class ClientRoleMappingsResource method addClientRoleMapping.

/**
 * Add client-level roles to the user role mapping
 *
 * @param roles
 */
@POST
@Consumes(MediaType.APPLICATION_JSON)
public void addClientRoleMapping(List<RoleRepresentation> roles) {
    managePermission.require();
    try {
        for (RoleRepresentation role : roles) {
            RoleModel roleModel = client.getRole(role.getName());
            if (roleModel == null || !roleModel.getId().equals(role.getId())) {
                throw new NotFoundException("Role not found");
            }
            auth.roles().requireMapRole(roleModel);
            user.grantRole(roleModel);
        }
    } catch (ModelException | ReadOnlyException me) {
        logger.warn(me.getMessage(), me);
        throw new ErrorResponseException("invalid_request", "Could not add user role mappings!", Response.Status.BAD_REQUEST);
    }
    adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success();
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ModelException(org.keycloak.models.ModelException) NotFoundException(javax.ws.rs.NotFoundException) RoleModel(org.keycloak.models.RoleModel) ErrorResponseException(org.keycloak.services.ErrorResponseException) ReadOnlyException(org.keycloak.storage.ReadOnlyException) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes)

Aggregations

ErrorResponseException (org.keycloak.services.ErrorResponseException)60 Consumes (javax.ws.rs.Consumes)25 Path (javax.ws.rs.Path)20 POST (javax.ws.rs.POST)19 ClientModel (org.keycloak.models.ClientModel)19 Produces (javax.ws.rs.Produces)17 NoCache (org.jboss.resteasy.annotations.cache.NoCache)14 ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)11 NotFoundException (javax.ws.rs.NotFoundException)9 IOException (java.io.IOException)8 Response (javax.ws.rs.core.Response)8 DELETE (javax.ws.rs.DELETE)7 PUT (javax.ws.rs.PUT)7 OAuthErrorException (org.keycloak.OAuthErrorException)7 RealmModel (org.keycloak.models.RealmModel)7 ModelException (org.keycloak.models.ModelException)6 RoleModel (org.keycloak.models.RoleModel)6 List (java.util.List)5 GET (javax.ws.rs.GET)5 Resource (org.keycloak.authorization.model.Resource)5