use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.
the class ClientRoleMappingsResource method deleteClientRoleMapping.
/**
* Delete client-level roles from user role mapping
*
* @param roles
*/
@DELETE
@Consumes(MediaType.APPLICATION_JSON)
public void deleteClientRoleMapping(List<RoleRepresentation> roles) {
managePermission.require();
if (roles == null) {
roles = user.getClientRoleMappingsStream(client).peek(roleModel -> {
auth.roles().requireMapRole(roleModel);
user.deleteRoleMapping(roleModel);
}).map(ModelToRepresentation::toBriefRepresentation).collect(Collectors.toList());
} else {
for (RoleRepresentation role : roles) {
RoleModel roleModel = client.getRole(role.getName());
if (roleModel == null || !roleModel.getId().equals(role.getId())) {
throw new NotFoundException("Role not found");
}
auth.roles().requireMapRole(roleModel);
try {
user.deleteRoleMapping(roleModel);
} catch (ModelException | ReadOnlyException me) {
logger.warn(me.getMessage(), me);
throw new ErrorResponseException("invalid_request", "Could not remove user role mappings!", Response.Status.BAD_REQUEST);
}
}
}
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
}
use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.
the class ClientsResource method createClient.
/**
* Create a new client
*
* Client's client_id must be unique!
*
* @param rep
* @return
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response createClient(final ClientRepresentation rep) {
auth.clients().requireManage();
try {
session.clientPolicy().triggerOnEvent(new AdminClientRegisterContext(rep, auth.adminAuth()));
ClientModel clientModel = ClientManager.createClient(session, realm, rep);
if (TRUE.equals(rep.isServiceAccountsEnabled())) {
UserModel serviceAccount = session.users().getServiceAccount(clientModel);
if (serviceAccount == null) {
new ClientManager(new RealmManager(session)).enableServiceAccount(clientModel);
}
}
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success();
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && TRUE.equals(rep.getAuthorizationServicesEnabled())) {
AuthorizationService authorizationService = getAuthorizationService(clientModel);
authorizationService.enable(true);
ResourceServerRepresentation authorizationSettings = rep.getAuthorizationSettings();
if (authorizationSettings != null) {
authorizationService.resourceServer().importSettings(authorizationSettings);
}
}
ValidationUtil.validateClient(session, clientModel, true, r -> {
session.getTransactionManager().setRollbackOnly();
throw new ErrorResponseException(Errors.INVALID_INPUT, r.getAllLocalizedErrorsAsString(AdminRoot.getMessages(session, realm, auth.adminAuth().getToken().getLocale())), Response.Status.BAD_REQUEST);
});
session.clientPolicy().triggerOnEvent(new AdminClientRegisteredContext(clientModel, auth.adminAuth()));
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
} catch (ModelDuplicateException e) {
return ErrorResponse.exists("Client " + rep.getClientId() + " already exists");
} catch (ClientPolicyException cpe) {
throw new ErrorResponseException(cpe.getError(), cpe.getErrorDetail(), Response.Status.BAD_REQUEST);
}
}
use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.
the class RoleContainerResource method deleteRole.
/**
* Delete a role by name
*
* @param roleName role's name (not id!)
*/
@Path("{role-name}")
@DELETE
@NoCache
public void deleteRole(@PathParam("role-name") final String roleName) {
auth.roles().requireManage(roleContainer);
RoleModel role = roleContainer.getRole(roleName);
if (role == null) {
throw new NotFoundException("Could not find role");
} else if (realm.getDefaultRole().getId().equals(role.getId())) {
throw new ErrorResponseException(ErrorResponse.error(roleName + " is default role of the realm and cannot be removed.", Response.Status.BAD_REQUEST));
}
deleteRole(role);
if (role.isClientRole()) {
adminEvent.resource(ResourceType.CLIENT_ROLE);
} else {
adminEvent.resource(ResourceType.REALM_ROLE);
}
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
}
use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.
the class ClientAttributeCertificateResource method uploadJksCertificate.
/**
* Upload only certificate, not private key
*
* @param input
* @return information extracted from uploaded certificate - not necessarily the new state of certificate on the server
* @throws IOException
*/
@POST
@Path("upload-certificate")
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces(MediaType.APPLICATION_JSON)
public CertificateRepresentation uploadJksCertificate(MultipartFormDataInput input) throws IOException {
auth.clients().requireConfigure(client);
try {
CertificateRepresentation info = getCertFromRequest(input);
info.setPrivateKey(null);
CertificateInfoHelper.updateClientModelCertificateInfo(client, info, attributePrefix);
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(info).success();
return info;
} catch (IllegalStateException ise) {
throw new ErrorResponseException("certificate-not-found", "Certificate or key with given alias not found in the keystore", Response.Status.BAD_REQUEST);
}
}
use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.
the class RoleMapperResource method deleteRealmRoleMappings.
/**
* Delete realm-level role mappings
*
* @param roles
*/
@Path("realm")
@DELETE
@Consumes(MediaType.APPLICATION_JSON)
public void deleteRealmRoleMappings(List<RoleRepresentation> roles) {
managePermission.require();
logger.debug("deleteRealmRoleMappings");
if (roles == null) {
roles = roleMapper.getRealmRoleMappingsStream().peek(roleModel -> {
auth.roles().requireMapRole(roleModel);
roleMapper.deleteRoleMapping(roleModel);
}).map(ModelToRepresentation::toBriefRepresentation).collect(Collectors.toList());
} else {
for (RoleRepresentation role : roles) {
RoleModel roleModel = realm.getRole(role.getName());
if (roleModel == null || !roleModel.getId().equals(role.getId())) {
throw new NotFoundException("Role not found");
}
auth.roles().requireMapRole(roleModel);
try {
roleMapper.deleteRoleMapping(roleModel);
} catch (ModelException | ReadOnlyException me) {
logger.warn(me.getMessage(), me);
throw new ErrorResponseException("invalid_request", "Could not remove user role mappings!", Response.Status.BAD_REQUEST);
}
}
}
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).representation(roles).success();
}
Aggregations