use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.
the class RoleMapperResource method addRealmRoleMappings.
/**
* Add realm-level role mappings to the user
*
* @param roles Roles to add
*/
@Path("realm")
@POST
@Consumes(MediaType.APPLICATION_JSON)
public void addRealmRoleMappings(List<RoleRepresentation> roles) {
managePermission.require();
logger.debugv("** addRealmRoleMappings: {0}", roles);
try {
for (RoleRepresentation role : roles) {
RoleModel roleModel = realm.getRole(role.getName());
if (roleModel == null || !roleModel.getId().equals(role.getId())) {
throw new NotFoundException("Role not found");
}
auth.roles().requireMapRole(roleModel);
roleMapper.grantRole(roleModel);
}
} catch (ModelException | ReadOnlyException me) {
logger.warn(me.getMessage(), me);
throw new ErrorResponseException("invalid_request", "Could not add user role mappings!", Response.Status.BAD_REQUEST);
}
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(roles).success();
}
use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.
the class UserResource method removeMembership.
@DELETE
@Path("groups/{groupId}")
@NoCache
public void removeMembership(@PathParam("groupId") String groupId) {
auth.users().requireManageGroupMembership(user);
GroupModel group = session.groups().getGroupById(realm, groupId);
if (group == null) {
throw new NotFoundException("Group not found");
}
auth.groups().requireManageMembership(group);
try {
if (user.isMemberOf(group)) {
user.leaveGroup(group);
adminEvent.operation(OperationType.DELETE).resource(ResourceType.GROUP_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(session.getContext().getUri()).success();
}
} catch (ModelException me) {
Properties messages = AdminRoot.getMessages(session, realm, auth.adminAuth().getToken().getLocale());
throw new ErrorResponseException(me.getMessage(), MessageFormat.format(messages.getProperty(me.getMessage(), me.getMessage()), me.getParameters()), Status.BAD_REQUEST);
}
}
use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.
the class ClientResource method addDefaultClientScope.
private void addDefaultClientScope(String clientScopeId, boolean defaultScope) {
auth.clients().requireManage(client);
ClientScopeModel clientScope = realm.getClientScopeById(clientScopeId);
if (clientScope == null) {
throw new javax.ws.rs.NotFoundException("Client scope not found");
}
if (defaultScope && clientScope.isDynamicScope()) {
throw new ErrorResponseException("invalid_request", "Can't assign a Dynamic Scope to a Client as a Default Scope", Response.Status.BAD_REQUEST);
}
client.addClientScope(clientScope, defaultScope);
adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLIENT_SCOPE_CLIENT_MAPPING).resourcePath(session.getContext().getUri()).success();
}
use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.
the class ClientResource method getClient.
/**
* Get representation of the client
*
* @return
*/
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public ClientRepresentation getClient() {
try {
session.clientPolicy().triggerOnEvent(new AdminClientViewContext(client, auth.adminAuth()));
} catch (ClientPolicyException cpe) {
throw new ErrorResponseException(cpe.getError(), cpe.getErrorDetail(), Response.Status.BAD_REQUEST);
}
auth.clients().requireView(client);
ClientRepresentation representation = ModelToRepresentation.toRepresentation(client, session);
representation.setAccess(auth.clients().getAccess(client));
return representation;
}
use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.
the class ClientAttributeCertificateResource method getKeystore.
/**
* Get a keystore file for the client, containing private key and public certificate
*
* @param config Keystore configuration as JSON
* @return
*/
@POST
@NoCache
@Path("/download")
@Produces(MediaType.APPLICATION_OCTET_STREAM)
@Consumes(MediaType.APPLICATION_JSON)
public byte[] getKeystore(final KeyStoreConfig config) {
auth.clients().requireView(client);
if (config.getFormat() != null && !config.getFormat().equals("JKS") && !config.getFormat().equals("PKCS12")) {
throw new NotAcceptableException("Only support jks or pkcs12 format.");
}
CertificateRepresentation info = CertificateInfoHelper.getCertificateFromClient(client, attributePrefix);
String privatePem = info.getPrivateKey();
String certPem = info.getCertificate();
if (privatePem == null && certPem == null) {
throw new NotFoundException("keypair not generated for client");
}
if (privatePem != null && config.getKeyPassword() == null) {
throw new ErrorResponseException("password-missing", "Need to specify a key password for jks download", Response.Status.BAD_REQUEST);
}
if (config.getStorePassword() == null) {
throw new ErrorResponseException("password-missing", "Need to specify a store password for jks download", Response.Status.BAD_REQUEST);
}
byte[] rtn = getKeystore(config, privatePem, certPem);
return rtn;
}
Aggregations