Search in sources :

Example 6 with ForbiddenException

use of org.keycloak.services.ForbiddenException in project keycloak by keycloak.

the class ClientsManagementService method unregisterNode.

/**
 * URL invoked by adapter to register new client cluster node. Each application cluster node will invoke this URL once it joins cluster
 *
 * @param authorizationHeader
 * @param formData
 * @return
 */
@Path("unregister-node")
@POST
@Produces(MediaType.APPLICATION_JSON)
public Response unregisterNode(@HeaderParam(HttpHeaders.AUTHORIZATION) String authorizationHeader, final MultivaluedMap<String, String> formData) {
    if (!checkSsl()) {
        throw new ForbiddenException("HTTPS required");
    }
    event.event(EventType.UNREGISTER_NODE);
    if (!realm.isEnabled()) {
        event.error(Errors.REALM_DISABLED);
        throw new NotAuthorizedException("Realm not enabled");
    }
    ClientModel client = authorizeClient();
    String nodeHost = getClientClusterHost(formData);
    event.client(client).detail(Details.NODE_HOST, nodeHost);
    logger.debugf("Unregistering cluster host '%s' for client '%s'", nodeHost, client.getClientId());
    client.unregisterNode(nodeHost);
    event.success();
    return Response.noContent().build();
}
Also used : ClientModel(org.keycloak.models.ClientModel) ForbiddenException(org.keycloak.services.ForbiddenException) NotAuthorizedException(javax.ws.rs.NotAuthorizedException) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces)

Example 7 with ForbiddenException

use of org.keycloak.services.ForbiddenException in project keycloak by keycloak.

the class ClientsResource method getClient.

/**
 * Base path for managing a specific client.
 *
 * @param id id of client (not client-id)
 * @return
 */
@Path("{id}")
public ClientResource getClient(@PathParam("id") final String id) {
    ClientModel clientModel = realm.getClientById(id);
    if (clientModel == null) {
        // we do this to make sure somebody can't phish ids
        if (auth.clients().canList())
            throw new NotFoundException("Could not find client");
        else
            throw new ForbiddenException();
    }
    session.getContext().setClient(clientModel);
    ClientResource clientResource = new ClientResource(realm, auth, clientModel, session, adminEvent);
    ResteasyProviderFactory.getInstance().injectProperties(clientResource);
    return clientResource;
}
Also used : ClientModel(org.keycloak.models.ClientModel) ForbiddenException(org.keycloak.services.ForbiddenException) NotFoundException(javax.ws.rs.NotFoundException) Path(javax.ws.rs.Path)

Example 8 with ForbiddenException

use of org.keycloak.services.ForbiddenException in project keycloak by keycloak.

the class UserResource method updateUser.

/**
 * Update the user
 *
 * @param rep
 * @return
 */
@PUT
@Consumes(MediaType.APPLICATION_JSON)
public Response updateUser(final UserRepresentation rep) {
    auth.users().requireManage(user);
    try {
        boolean wasPermanentlyLockedOut = false;
        if (rep.isEnabled() != null && rep.isEnabled()) {
            UserLoginFailureModel failureModel = session.loginFailures().getUserLoginFailure(realm, user.getId());
            if (failureModel != null) {
                failureModel.clearFailures();
            }
            wasPermanentlyLockedOut = session.getProvider(BruteForceProtector.class).isPermanentlyLockedOut(session, realm, user);
        }
        UserProfile profile = session.getProvider(UserProfileProvider.class).create(USER_API, rep.toAttributes(), user);
        Response response = validateUserProfile(profile, user, session);
        if (response != null) {
            return response;
        }
        profile.update(rep.getAttributes() != null);
        updateUserFromRep(profile, user, rep, session, true);
        RepresentationToModel.createCredentials(rep, session, realm, user, true);
        // we need to do it here as the attributes would be overwritten by what is in the rep
        if (wasPermanentlyLockedOut) {
            session.getProvider(BruteForceProtector.class).cleanUpPermanentLockout(session, realm, user);
        }
        adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success();
        if (session.getTransactionManager().isActive()) {
            session.getTransactionManager().commit();
        }
        return Response.noContent().build();
    } catch (ModelDuplicateException e) {
        return ErrorResponse.exists("User exists with same username or email");
    } catch (ReadOnlyException re) {
        return ErrorResponse.error("User is read only!", Status.BAD_REQUEST);
    } catch (ModelException me) {
        logger.warn("Could not update user!", me);
        return ErrorResponse.error("Could not update user!", Status.BAD_REQUEST);
    } catch (ForbiddenException fe) {
        throw fe;
    } catch (Exception me) {
        // JPA
        // may be committed by JTA which can't
        logger.warn("Could not update user!", me);
        return ErrorResponse.error("Could not update user!", Status.BAD_REQUEST);
    }
}
Also used : Response(javax.ws.rs.core.Response) ErrorResponse(org.keycloak.services.ErrorResponse) ForbiddenException(org.keycloak.services.ForbiddenException) UserLoginFailureModel(org.keycloak.models.UserLoginFailureModel) UserProfile(org.keycloak.userprofile.UserProfile) ModelException(org.keycloak.models.ModelException) UserProfileProvider(org.keycloak.userprofile.UserProfileProvider) ModelDuplicateException(org.keycloak.models.ModelDuplicateException) BruteForceProtector(org.keycloak.services.managers.BruteForceProtector) ReadOnlyException(org.keycloak.storage.ReadOnlyException) ErrorResponseException(org.keycloak.services.ErrorResponseException) WebApplicationException(javax.ws.rs.WebApplicationException) ModelDuplicateException(org.keycloak.models.ModelDuplicateException) ValidationException(org.keycloak.userprofile.ValidationException) ReadOnlyException(org.keycloak.storage.ReadOnlyException) BadRequestException(javax.ws.rs.BadRequestException) NotFoundException(javax.ws.rs.NotFoundException) ForbiddenException(org.keycloak.services.ForbiddenException) EmailException(org.keycloak.email.EmailException) ModelException(org.keycloak.models.ModelException) Consumes(javax.ws.rs.Consumes) PUT(javax.ws.rs.PUT)

Example 9 with ForbiddenException

use of org.keycloak.services.ForbiddenException in project keycloak by keycloak.

the class UserResource method setCredentialUserLabel.

/**
 * Update a credential label for a user
 */
@PUT
@Consumes(javax.ws.rs.core.MediaType.TEXT_PLAIN)
@Path("credentials/{credentialId}/userLabel")
public void setCredentialUserLabel(@PathParam("credentialId") final String credentialId, String userLabel) {
    auth.users().requireManage(user);
    CredentialModel credential = session.userCredentialManager().getStoredCredentialById(realm, user, credentialId);
    if (credential == null) {
        // we do this to make sure somebody can't phish ids
        if (auth.users().canQuery())
            throw new NotFoundException("Credential not found");
        else
            throw new ForbiddenException();
    }
    session.userCredentialManager().updateCredentialLabel(realm, user, credentialId, userLabel);
}
Also used : ForbiddenException(org.keycloak.services.ForbiddenException) UserCredentialModel(org.keycloak.models.UserCredentialModel) CredentialModel(org.keycloak.credential.CredentialModel) NotFoundException(javax.ws.rs.NotFoundException) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) PUT(javax.ws.rs.PUT)

Example 10 with ForbiddenException

use of org.keycloak.services.ForbiddenException in project keycloak by keycloak.

the class RealmsAdminResource method getRealmAdmin.

/**
 * Base path for the admin REST API for one particular realm.
 *
 * @param headers
 * @param name realm name (not id!)
 * @return
 */
@Path("{realm}")
public RealmAdminResource getRealmAdmin(@Context final HttpHeaders headers, @PathParam("realm") final String name) {
    RealmManager realmManager = new RealmManager(session);
    RealmModel realm = realmManager.getRealmByName(name);
    if (realm == null)
        throw new NotFoundException("Realm not found.");
    if (!auth.getRealm().equals(realmManager.getKeycloakAdminstrationRealm()) && !auth.getRealm().equals(realm)) {
        throw new ForbiddenException();
    }
    AdminPermissionEvaluator realmAuth = AdminPermissions.evaluator(session, realm, auth);
    AdminEventBuilder adminEvent = new AdminEventBuilder(realm, auth, session, clientConnection);
    session.getContext().setRealm(realm);
    RealmAdminResource adminResource = new RealmAdminResource(realmAuth, realm, tokenManager, adminEvent);
    ResteasyProviderFactory.getInstance().injectProperties(adminResource);
    // resourceContext.initResource(adminResource);
    return adminResource;
}
Also used : RealmModel(org.keycloak.models.RealmModel) ForbiddenException(org.keycloak.services.ForbiddenException) NotFoundException(javax.ws.rs.NotFoundException) RealmManager(org.keycloak.services.managers.RealmManager) AdminPermissionEvaluator(org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator) Path(javax.ws.rs.Path)

Aggregations

ForbiddenException (org.keycloak.services.ForbiddenException)17 Path (javax.ws.rs.Path)9 NotFoundException (javax.ws.rs.NotFoundException)7 POST (javax.ws.rs.POST)4 ClientModel (org.keycloak.models.ClientModel)4 Consumes (javax.ws.rs.Consumes)3 CredentialModel (org.keycloak.credential.CredentialModel)3 UserCredentialModel (org.keycloak.models.UserCredentialModel)3 UserModel (org.keycloak.models.UserModel)3 NotAuthorizedException (javax.ws.rs.NotAuthorizedException)2 PUT (javax.ws.rs.PUT)2 Produces (javax.ws.rs.Produces)2 Cookie (javax.ws.rs.core.Cookie)2 Response (javax.ws.rs.core.Response)2 ModelDuplicateException (org.keycloak.models.ModelDuplicateException)2 ModelException (org.keycloak.models.ModelException)2 RealmModel (org.keycloak.models.RealmModel)2 UserSessionModel (org.keycloak.models.UserSessionModel)2 ErrorResponse (org.keycloak.services.ErrorResponse)2 RealmManager (org.keycloak.services.managers.RealmManager)2