Beispiel #1
0
  /**
   * Assigns Services to a realm
   *
   * @param ocm Organization Configuration Manager
   * @param newServiceNames List of service names to be assigned/unassigned
   * @throws SMSException
   */
  private void assignServices(OrganizationConfigManager ocm, List newServiceNames)
      throws SMSException {
    try {
      // include mandatory, otherwise pass in false
      Set assignedServices = ocm.getAssignedServices();
      // combine new services names with current assigned services
      Set allServices = new HashSet(newServiceNames.size() + assignedServices.size());

      // add all to make union of the two sets of service names
      allServices.addAll(assignedServices);
      allServices.addAll(newServiceNames);

      // update services associated with realm
      for (Object tmp : allServices) {
        String serviceName = (String) tmp;
        if (newServiceNames.contains(serviceName) && assignedServices.contains(serviceName)) {
          // do nothing, keep current service name as it is for now
        } else if (newServiceNames.contains(serviceName)
            && !assignedServices.contains(serviceName)) {
          // assign the service to realm
          ocm.assignService(serviceName, null);
        } else if (!newServiceNames.contains(serviceName)
            && assignedServices.contains(serviceName)) {
          // unassign the service from the realm  if not mandatory
          ocm.unassignService(serviceName);
        }
      }
    } catch (SMSException smse) {
      debug.error("RealmResource.assignServices() : Unable to assign services");
      throw smse;
    }
  }
 @AfterClass
 public void cleanup() throws Exception {
   if (orgAliasEnabled) {
     OrganizationConfigManager ocm = new OrganizationConfigManager(adminToken, "/");
     ocm.deleteSubOrganization(SUB_REALM1.substring(1), true);
   }
 }
  @BeforeTest
  public void setup() throws Exception {
    OrganizationConfigManager orgMgr = new OrganizationConfigManager(adminToken, "/");
    orgMgr.createSubOrganization(SUB_REALM.substring(1), Collections.EMPTY_MAP);
    delegatedUser = IdRepoUtils.createUser(SUB_REALM, DELEGATED_USER);
    delegatedUser1 = IdRepoUtils.createUser(SUB_REALM, DELEGATED_USER1);

    orgMgr = new OrganizationConfigManager(adminToken, SUB_REALM);
    orgMgr.createSubOrganization(SUB_SUB_REALM, Collections.EMPTY_MAP);

    createReferral();

    Application appl =
        ApplicationManager.newApplication(
            SUB_REALM,
            APPLICATION_NAME,
            ApplicationTypeManager.getAppplicationType(
                PrivilegeManager.superAdminSubject,
                ApplicationTypeManager.URL_APPLICATION_TYPE_NAME));
    // Test disabled, unable to make model change.
    // Set<String> resources = new HashSet<String>();
    // resources.add(DELEGATED_RESOURCE);
    // appl.setResources(resources);
    appl.setEntitlementCombiner(DenyOverride.class);
    ApplicationManager.saveApplication(SubjectUtils.createSuperAdminSubject(), SUB_REALM, appl);
  }
Beispiel #4
0
 /**
  * Returns the authentication service or chain configured for the given organization.
  *
  * @param orgDN organization DN.
  * @return the authentication service or chain configured for the given organization.
  */
 public String getOrgConfiguredAuthenticationChain(String orgDN) {
   String orgAuthConfig = null;
   try {
     OrganizationConfigManager orgConfigMgr = getOrgConfigManager(orgDN);
     ServiceConfig svcConfig = orgConfigMgr.getServiceConfig(ISAuthConstants.AUTH_SERVICE_NAME);
     Map attrs = svcConfig.getAttributes();
     orgAuthConfig = Misc.getMapAttr(attrs, ISAuthConstants.AUTHCONFIG_ORG);
   } catch (Exception e) {
     debug.error("Error in getOrgConfiguredAuthenticationChain : ", e);
   }
   return orgAuthConfig;
 }
  @AfterClass
  public void cleanup() throws Exception {
    PolicyManager pm = new PolicyManager(adminToken, SUB_REALM1);
    pm.removePolicy(POLICY_NAME);
    pm = new PolicyManager(adminToken, "/");
    pm.removePolicy(REFERRAL_POLICY_NAME1);
    pm.removePolicy(REFERRAL_POLICY_NAME2);

    OrganizationConfigManager ocm = new OrganizationConfigManager(adminToken, "/");
    String subRealm = SUB_REALM1.substring(1);
    ocm.deleteSubOrganization(subRealm, true);
  }
  private void createOrgs() throws Exception {
    OrganizationConfigManager ocm = new OrganizationConfigManager(adminToken, "/");
    String subRealm = SUB_REALM1.substring(1);

    Map<String, Map<String, Set<String>>> map = new HashMap<String, Map<String, Set<String>>>();
    Map<String, Set<String>> idRepoService = new HashMap<String, Set<String>>();
    Set<String> set = new HashSet<String>();
    set.add("www.OrgAliasReferralTest.com");
    idRepoService.put(PolicyManager.ORG_ALIAS, set);
    map.put(PolicyManager.ID_REPO_SERVICE, idRepoService);

    ocm.createSubOrganization(subRealm, map);
  }
Beispiel #7
0
  /**
   * Returns names of all realms included in the subtree rooted by the realm indicated in the query
   * url.
   *
   * <p>Names are unsorted and given as full paths.
   *
   * <p>Filtering, sorting, and paging of results is not supported.
   *
   * <p>{@inheritDoc}
   */
  @Override
  public void queryCollection(
      final ServerContext context, final QueryRequest request, final QueryResultHandler handler) {

    final String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
    final RealmContext realmContext = context.asContext(RealmContext.class);
    final String realmPath = realmContext.getResolvedRealm();

    try {

      final SSOTokenManager mgr = SSOTokenManager.getInstance();
      final SSOToken ssoToken = mgr.createSSOToken(getCookieFromServerContext(context));

      final OrganizationConfigManager ocm = new OrganizationConfigManager(ssoToken, realmPath);
      final List<String> realmsInSubTree = new ArrayList<String>();
      realmsInSubTree.add(realmPath);
      for (final Object subRealmRelativePath : ocm.getSubOrganizationNames("*", true)) {
        if (realmPath.endsWith("/")) {
          realmsInSubTree.add(realmPath + subRealmRelativePath);
        } else {
          realmsInSubTree.add(realmPath + "/" + subRealmRelativePath);
        }
      }

      debug.message("RealmResource :: QUERY : performed by " + principalName);

      for (final Object realmName : realmsInSubTree) {
        JsonValue val = new JsonValue(realmName);
        Resource resource = new Resource((String) realmName, "0", val);
        handler.handleResource(resource);
      }
      handler.handleResult(new QueryResult());

    } catch (SSOException ex) {
      debug.error("RealmResource :: QUERY by " + principalName + " failed : " + ex);
      handler.handleError(ResourceException.getException(ResourceException.FORBIDDEN));

    } catch (SMSException ex) {
      debug.error("RealmResource :: QUERY by " + principalName + " failed :" + ex);
      switch (ex.getExceptionCode()) {
        case STATUS_NO_PERMISSION:
          // This exception will be thrown if permission to read realms from SMS has not been
          // delegated
          handler.handleError(ResourceException.getException(ResourceException.FORBIDDEN));
          break;
        default:
          handler.handleError(ResourceException.getException(ResourceException.INTERNAL_ERROR));
          break;
      }
    }
  }
Beispiel #8
0
 /**
  * Returns a list of domains defined by iplanet-am-auth-valid-goto-domains in iPlanetAMAuthService
  * plus organization aliases
  *
  * @param orgDN organization DN.
  * @return a Set object containing a list of valid domains, null if
  *     iplanet-am-auth-valid-goto-domains is empty.
  */
 private Set getValidGotoUrlDomains(String orgDN) {
   Set validGotoUrlDomains = null;
   try {
     OrganizationConfigManager orgConfigMgr = getOrgConfigManager(orgDN);
     ServiceConfig svcConfig = orgConfigMgr.getServiceConfig(ISAuthConstants.AUTH_SERVICE_NAME);
     Map attrs = svcConfig.getAttributes();
     validGotoUrlDomains = (Set) attrs.get(ISAuthConstants.AUTH_GOTO_DOMAINS);
     if (debug.messageEnabled()) {
       debug.message("AuthD.getValidGotoUrlDomains(): " + validGotoUrlDomains);
     }
   } catch (Exception e) {
     debug.error("AuthD.getValidGotoUrlDomains():" + "Error in getValidGotoUrlDomains : ", e);
   }
   return validGotoUrlDomains;
 }
  /**
   * Unassigns services from realm.
   *
   * @param realmName Name of Realm.
   * @param names Names of services that are to be unassigned.
   * @throws AMConsoleException if services cannot be unassigned.
   */
  public void unassignServices(String realmName, Set names) throws AMConsoleException {
    if ((names != null) && !names.isEmpty()) {
      if ((realmName == null) || (realmName.trim().length() == 0)) {
        realmName = "/";
      }

      String[] params = new String[2];
      params[0] = realmName;
      String curServiceName = "";

      try {
        OrganizationConfigManager scm = new OrganizationConfigManager(getUserSSOToken(), realmName);
        AMIdentityRepository repo = new AMIdentityRepository(getUserSSOToken(), realmName);
        AMIdentity realmIdentity = repo.getRealmIdentity();
        Set realmServices = realmIdentity.getAssignedServices();

        for (Iterator iter = names.iterator(); iter.hasNext(); ) {
          String name = (String) iter.next();
          curServiceName = name;
          params[1] = name;
          logEvent("ATTEMPT_UNASSIGN_SERVICE_FROM_REALM", params);

          if (realmServices.contains(name)) {
            realmIdentity.unassignService(name);
          } else {
            scm.unassignService(name);
          }

          logEvent("SUCCEED_UNASSIGN_SERVICE_FROM_REALM", params);
        }
      } catch (SMSException e) {
        String strError = getErrorString(e);
        String[] paramsEx = {realmName, curServiceName, strError};
        logEvent("SMS_EXCEPTION_UNASSIGN_SERVICE_FROM_REALM", paramsEx);
        throw new AMConsoleException(strError);
      } catch (SSOException e) {
        String strError = getErrorString(e);
        String[] paramsEx = {realmName, curServiceName, strError};
        logEvent("SSO_EXCEPTION_UNASSIGN_SERVICE_FROM_REALM", paramsEx);
        throw new AMConsoleException(strError);
      } catch (IdRepoException e) {
        String strError = getErrorString(e);
        String[] paramsEx = {realmName, curServiceName, strError};
        logEvent("IDREPO_EXCEPTION_UNASSIGN_SERVICE_FROM_REALM", paramsEx);
        throw new AMConsoleException(strError);
      }
    }
  }
Beispiel #10
0
  /**
   * Creates Organization within OpenAM
   *
   * @param ocm Organization Configuration Manager
   * @param jVal JSONvalue that contains the payload
   * @param realm Name of the realm to be created
   * @throws SMSException
   * @throws Exception
   */
  private void createOrganization(
      OrganizationConfigManager ocm, JsonValue jVal, String realm, String realmPath)
      throws Exception {

    Map defaultValues = null;
    OrganizationConfigManager realmCreatedOcm;
    if (realmPath != null && !realmPath.endsWith("/")) {
      realmPath = realmPath + "/";
    }
    try {
      JsonValue realmDetails = jVal;
      if (jVal != null) {
        defaultValues = createServicesMap(jVal);
      }
      ocm.createSubOrganization(realm, defaultValues);
      // Get the Organization Configuration Manager for the new Realm
      realmCreatedOcm = new OrganizationConfigManager(getSSOToken(), realmPath + realm);
      List newServiceNames = realmDetails.get(SERVICE_NAMES).asList();
      if (newServiceNames != null && !newServiceNames.isEmpty()) {
        // assign services to realm
        assignServices(realmCreatedOcm, newServiceNames);
      }
    } catch (SMSException smse) {
      debug.error("RealmResource.createOrganization()", smse);
      throw smse;
    } catch (Exception e) {
      debug.error("RealmResource.createOrganization()", e);
      throw e;
    }
  }
Beispiel #11
0
 /**
  * Update a service with new attributes
  *
  * @param ocm Organization Configuration Manager
  * @param serviceNames Map of service names
  * @throws SMSException
  */
 private void updateConfiguredServices(OrganizationConfigManager ocm, Map serviceNames)
     throws SMSException {
   try {
     ocm.setAttributes(IdConstants.REPO_SERVICE, (Map) serviceNames.get(IdConstants.REPO_SERVICE));
   } catch (SMSException smse) {
     throw smse;
   }
 }
  @AfterTest
  public void cleanup() throws Exception {
    Set<AMIdentity> identities = new HashSet<AMIdentity>();
    identities.add(delegatedUser);
    identities.add(delegatedUser1);
    IdRepoUtils.deleteIdentities(SUB_REALM, identities);

    ApplicationManager.deleteApplication(
        SubjectUtils.createSuperAdminSubject(), SUB_REALM, APPLICATION_NAME);

    ReferralPrivilegeManager mgr =
        new ReferralPrivilegeManager("/", SubjectUtils.createSuperAdminSubject());
    mgr.remove(REFERRAL_NAME);

    OrganizationConfigManager orgMgr = new OrganizationConfigManager(adminToken, "/");
    orgMgr.deleteSubOrganization(SUB_REALM, true);
  }
  @AfterClass
  public void cleanup() throws Exception {
    if (!migrated) {
      return;
    }
    ReferralPrivilegeManager mgr = new ReferralPrivilegeManager(SUB_REALM2, adminSubject);
    mgr.delete(REFERRAL_NAME2);
    mgr = new ReferralPrivilegeManager("/", adminSubject);
    mgr.delete(REFERRAL_NAME1);

    ApplicationManager.deleteApplication(adminSubject, "/", APPL_NAME);
    OrganizationConfigManager ocm = new OrganizationConfigManager(adminToken, "/");
    String subRealm = SUB_REALM1.substring(1);
    ocm.deleteSubOrganization(subRealm, true);
    subRealm = SUB_REALM2.substring(1);
    ocm.deleteSubOrganization(subRealm, true);
    subRealm = SUB_REALM3.substring(1);
    ocm.deleteSubOrganization(subRealm, true);
  }
  /**
   * Returns a map of assigned service name to its localized name under a realm.
   *
   * @param realmName Name of Realm.
   * @return a map of assigned service name to its localized name under a realm.
   * @throws AMConsoleException if service names cannot be obtained.
   */
  public Map getAssignedServiceNames(String realmName) throws AMConsoleException {
    String[] param = {realmName};
    logEvent("ATTEMPT_GET_ASSIGNED_SERVICE_OF_REALM", param);

    try {
      OrganizationConfigManager orgCfgMgr =
          new OrganizationConfigManager(getUserSSOToken(), realmName);
      Set names = orgCfgMgr.getAssignedServices();
      if ((names == null) || names.isEmpty()) {
        names = new HashSet();
      }
      getIdentityServices(realmName, names);

      /*
       * Need to use adminSSOToken because policy admin does not
       * have the correct privileges.
       */
      AMAuthenticationManager mgr = new AMAuthenticationManager(adminSSOToken, realmName);
      AMAdminUtils.removeAllCaseIgnore(names, mgr.getAuthenticationServiceNames());
      removeNonDisplayableServices(names, SUPPORTED_SCHEMA_TYPE);
      // remove auth configuration service too
      names.remove(AMAdminConstants.AUTH_CONFIG_SERVICE);
      names.remove(AMAdminConstants.CORE_AUTH_SERVICE);
      /*
      Creation and edit of instances of the Rest/Soap STS services handled by the STS tab.
       */
      names.remove(AMAdminConstants.REST_STS_SERVICE);
      names.remove(AMAdminConstants.SOAP_STS_SERVICE);

      logEvent("SUCCEED_GET_ASSIGNED_SERVICE_OF_REALM", param);
      return mapNameToDisplayName(names);
    } catch (AMConfigurationException e) {
      String strError = getErrorString(e);
      String[] paramsEx = {realmName, strError};
      logEvent("CONFIGURATION_EXCEPTION_GET_ASSIGNED_SERVICE_OF_REALM", paramsEx);
      throw new AMConsoleException(strError);
    } catch (SMSException e) {
      String strError = getErrorString(e);
      String[] paramsEx = {realmName, strError};
      logEvent("SMS_EXCEPTION_GET_ASSIGNED_SERVICE_OF_REALM", paramsEx);
      throw new AMConsoleException(strError);
    }
  }
Beispiel #15
0
  /**
   * Services a Commandline Request.
   *
   * @param rc Request Context.
   * @throw CLIException if the request cannot serviced.
   */
  public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    ldapLogin();
    SSOToken adminSSOToken = getAdminSSOToken();
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    String pattern = getStringOptionValue(IArgument.FILTER);
    boolean recursive = isOptionSet(IArgument.RECURSIVE);
    String strRecursive = (recursive) ? "recursive" : "non recursive";

    if ((pattern == null) || (pattern.trim().length() == 0)) {
      pattern = "*";
    }

    String[] params = {realm, pattern, strRecursive};
    writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_SEARCH_REALM", params);

    try {
      OrganizationConfigManager ocm = new OrganizationConfigManager(adminSSOToken, realm);
      Set results = ocm.getSubOrganizationNames(pattern, recursive);

      IOutput outputWriter = getOutputWriter();
      if ((results != null) && !results.isEmpty()) {
        String template = getResourceString("search-realm-results");
        String[] arg = new String[1];

        for (Iterator i = results.iterator(); i.hasNext(); ) {
          arg[0] = (String) i.next();
          outputWriter.printlnMessage(MessageFormat.format(template, (Object[]) arg));
        }

        outputWriter.printlnMessage(getResourceString("search-realm-succeed"));
      } else {
        outputWriter.printlnMessage(getResourceString("search-realm-no-results"));
      }

      writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_SEARCH_REALM", params);
    } catch (SMSException e) {
      String[] args = {realm, strRecursive, e.getMessage()};
      debugError("SearchRealms.handleRequest", e);
      writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_SEARCH_REALM", args);
      throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
  }
Beispiel #16
0
  /**
   * Services a Commandline Request.
   *
   * @param rc Request Context.
   * @throws CLIException if the request cannot serviced.
   */
  public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    ldapLogin();
    SSOToken adminSSOToken = getAdminSSOToken();
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    boolean recursive = isOptionSet(IArgument.RECURSIVE);
    String strRecursive = (recursive) ? "recursive" : "non recursive";

    String[] params = {realm, strRecursive};
    writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_DELETE_REALM", params);

    try {
      OrganizationConfigManager ocm = new OrganizationConfigManager(adminSSOToken, realm);
      ocm.deleteSubOrganization(null, recursive);
      getOutputWriter().printlnMessage(getResourceString("delete-realm-succeed"));
      writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_DELETE_REALM", params);
    } catch (SMSException e) {
      String[] args = {realm, strRecursive, e.getMessage()};
      debugError("DeleteRealm.handleRequest", e);
      writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_DELETE_REALM", args);
      throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
  }
  /**
   * Returns a map of service name to its display name that can be assigned to a realm.
   *
   * @param realmName Name of Realm.
   * @return a map of service name to its display name that can be assigned to a realm.
   * @throws AMConsoleException if service names cannot be obtained.
   */
  public Map getAssignableServiceNames(String realmName) throws AMConsoleException {
    String[] param = {realmName};
    logEvent("ATTEMPT_GET_ASSIGNABLE_SERVICE_OF_REALM", param);

    try {
      OrganizationConfigManager orgCfgMgr =
          new OrganizationConfigManager(getUserSSOToken(), realmName);
      Set names = orgCfgMgr.getAssignableServices();
      addIdentityUnassignedServices(realmName, names);
      names.removeAll(orgCfgMgr.getAssignedServices());

      AMAuthenticationManager mgr = new AMAuthenticationManager(getUserSSOToken(), realmName);
      AMAdminUtils.removeAllCaseIgnore(names, mgr.getAuthenticationServiceNames());
      removeNonDisplayableServices(names, SUPPORTED_SCHEMA_TYPE);
      names.remove(AMAdminConstants.CORE_AUTH_SERVICE);
      /*
      Creation and edit of instances of the Rest/Soap STS services handled by the STS tab.
       */
      names.remove(AMAdminConstants.REST_STS_SERVICE);
      names.remove(AMAdminConstants.SOAP_STS_SERVICE);
      logEvent("SUCCEED_GET_ASSIGNABLE_SERVICE_OF_REALM", param);
      return mapNameToDisplayName(names);
    } catch (AMConfigurationException e) {
      String strError = getErrorString(e);
      String[] paramsEx = {realmName, strError};
      logEvent("CONFIGURATION_EXCEPTION_GET_ASSIGNABLE_SERVICE_OF_REALM", paramsEx);
      if (debug.warningEnabled()) {
        debug.warning("ServicesModel.getAssignableServiceNames " + strError);
      }
      throw new AMConsoleException("no.properties");
    } catch (SMSException e) {
      String strError = getErrorString(e);
      String[] paramsEx = {realmName, strError};
      logEvent("SMS_EXCEPTION_GET_ASSIGNABLE_SERVICE_OF_REALM", paramsEx);
      throw new AMConsoleException(strError);
    }
  }
Beispiel #18
0
 /**
  * Returns a JsonValue containing Service Names and Values
  *
  * @param ocm The organization configuration manager
  * @param serviceNames Names of the services available to the organization
  * @return The JsonValue Object containing attributes assigned to the services
  */
 private JsonValue serviceNamesToJSON(OrganizationConfigManager ocm, Set serviceNames)
     throws SMSException {
   JsonValue realmServices = new JsonValue(new LinkedHashMap<String, Object>(1));
   try {
     for (Object service : serviceNames) {
       String tmp = (String) service;
       Object holdAttrForService = ocm.getAttributes(tmp);
       realmServices.add(tmp, holdAttrForService);
     }
   } catch (SMSException e) {
     debug.error("RealmResource.serviceNamesToJSON :: " + e);
     throw e;
   }
   return realmServices;
 }
Beispiel #19
0
 private void createOrgs() throws Exception {
   OrganizationConfigManager ocm = new OrganizationConfigManager(adminToken, "/");
   String subRealm = SUB_REALM1.substring(1);
   ocm.createSubOrganization(subRealm, Collections.EMPTY_MAP);
 }
Beispiel #20
0
  /** {@inheritDoc} */
  @Override
  public void createInstance(
      final ServerContext context,
      final CreateRequest request,
      final ResultHandler<Resource> handler) {

    RealmContext realmContext = context.asContext(RealmContext.class);
    String realmPath = realmContext.getResolvedRealm();

    Resource resource;
    String parentRealm;
    String childRealm;
    String realm = null;

    try {
      hasPermission(context);
      final JsonValue jVal = request.getContent();
      // get the realm
      realm = jVal.get("realm").asString();
      realm = checkForTopLevelRealm(realm);
      if (realm == null || realm.isEmpty()) {
        throw new BadRequestException("No realm name provided.");
      } else if (!realm.startsWith("/")) {
        realm = "/" + realm;
      }
      if (!realmPath.equalsIgnoreCase("/")) {
        // build realm to comply with format if not top level
        realm = realmPath + realm;
      }

      parentRealm = RealmUtils.getParentRealm(realm);
      childRealm = RealmUtils.getChildRealm(realm);

      OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), parentRealm);

      Map defaultValues = createServicesMap(jVal);
      ocm.createSubOrganization(childRealm, defaultValues);
      String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
      debug.message(
          "RealmResource.createInstance :: CREATE of realm "
              + childRealm
              + " in realm "
              + parentRealm
              + " performed by "
              + principalName);

      // create a resource for handler to return
      OrganizationConfigManager realmCreated = new OrganizationConfigManager(getSSOToken(), realm);
      resource =
          new Resource(
              childRealm,
              String.valueOf(System.currentTimeMillis()),
              createJsonMessage("realmCreated", realmCreated.getOrganizationName()));
      handler.handleResult(resource);

    } catch (SMSException smse) {

      debug.error("RealmResource.createInstance() : Cannot find " + realm, smse);

      try {
        configureErrorMessage(smse);
      } catch (NotFoundException nf) {
        debug.error("RealmResource.createInstance() : Cannot find " + realm, nf);
        handler.handleError(nf);
      } catch (ForbiddenException fe) {
        // User does not have authorization
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
        handler.handleError(fe);
      } catch (PermanentException pe) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
        // Cannot recover from this exception
        handler.handleError(pe);
      } catch (ConflictException ce) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, ce);
        handler.handleError(ce);
      } catch (BadRequestException be) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
        handler.handleError(be);
      } catch (Exception e) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, e);
        handler.handleError(new BadRequestException(e.getMessage(), e));
      }
    } catch (SSOException sso) {
      debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, sso);
      handler.handleError(new PermanentException(401, "Access Denied", null));
    } catch (ForbiddenException fe) {
      debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
      handler.handleError(fe);
    } catch (BadRequestException be) {
      debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
      handler.handleError(be);
    } catch (PermanentException pe) {
      debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
      // Cannot recover from this exception
      handler.handleError(pe);
    } catch (Exception e) {
      debug.error("RealmResource.createInstance()" + realm + ":" + e);
      handler.handleError(new BadRequestException(e.getMessage(), e));
    }
  }
Beispiel #21
0
  /** {@inheritDoc} */
  @Override
  public void updateInstance(
      final ServerContext context,
      final String resourceId,
      final UpdateRequest request,
      final ResultHandler<Resource> handler) {

    RealmContext realmContext = context.asContext(RealmContext.class);
    String realmPath = realmContext.getResolvedRealm();

    final JsonValue realmDetails = request.getContent();
    Resource resource;
    String realm = null;
    OrganizationConfigManager ocm;
    OrganizationConfigManager realmCreatedOcm;

    String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);

    try {

      hasPermission(context);
      realm = checkForTopLevelRealm(resourceId);
      if (realm != null && !realm.startsWith("/")) {
        realm = "/" + realm;
      }
      if (!realmPath.equalsIgnoreCase("/")) {
        realm = realmPath + realm;
      }
      // The initial attempt to UPDATE a realm,
      // if the realm does not exist it must be created
      ocm = new OrganizationConfigManager(getSSOToken(), realm);
      List newServiceNames;
      // update ID_REPO attributes
      updateConfiguredServices(ocm, createServicesMap(realmDetails));
      newServiceNames = realmDetails.get(SERVICE_NAMES).asList();
      if (newServiceNames == null || newServiceNames.isEmpty()) {
        debug.error("RealmResource.updateInstance() : No Services defined.");
      } else {
        assignServices(ocm, newServiceNames); // assign services to realm
      }
      // READ THE REALM
      realmCreatedOcm = new OrganizationConfigManager(getSSOToken(), realm);

      debug.message(
          "RealmResource.updateInstance :: UPDATE of realm "
              + realm
              + " performed by "
              + principalName);

      // create a resource for handler to return
      resource =
          new Resource(
              realm,
              String.valueOf(System.currentTimeMillis()),
              createJsonMessage("realmUpdated", realmCreatedOcm.getOrganizationName()));
      handler.handleResult(resource);
    } catch (SMSException e) {
      try {
        configureErrorMessage(e);
      } catch (NotFoundException nfe) {
        if (debug.errorEnabled()) {
          debug.error(
              "RealmResource.updateInstance()"
                  + "Cannot find "
                  + resourceId
                  + ":"
                  + e
                  + "\n"
                  + "CREATING "
                  + resourceId);
        }
        // Realm was NOT found, therefore create the realm
        try {
          String parentRealm = RealmUtils.getParentRealm(realm);
          String childRealm = RealmUtils.getChildRealm(realm);
          ocm = new OrganizationConfigManager(getSSOToken(), parentRealm);
          // create the realm
          createOrganization(ocm, realmDetails, childRealm, realmPath);

          // read the realm to make sure that it has been created...
          realmCreatedOcm = new OrganizationConfigManager(getSSOToken(), realm);

          if (debug.messageEnabled()) {
            debug.message(
                "RealmResource.updateInstance :: UPDATE of realm "
                    + realm
                    + " performed by "
                    + principalName);
          }

          resource =
              new Resource(
                  childRealm,
                  String.valueOf(System.currentTimeMillis()),
                  createJsonMessage("realmCreated", realmCreatedOcm.getOrganizationName()));
          if (debug.messageEnabled()) {
            debug.message("RealmResource :: UPDATE : Updated resource with ID, " + resourceId);
          }
          handler.handleResult(resource);
        } catch (SMSException smse) {

          debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, smse);

          try {
            configureErrorMessage(smse);
          } catch (NotFoundException nf) {
            debug.error("RealmResource.updateInstance() : Cannot find " + resourceId, nf);
            handler.handleError(nf);
          } catch (ForbiddenException fe) {
            // User does not have authorization
            debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe);
            handler.handleError(fe);
          } catch (PermanentException pe) {
            debug.error("RealmResource.updateInstance() Cannot UPDATE " + resourceId, pe);
            // Cannot recover from this exception
            handler.handleError(pe);
          } catch (ConflictException ce) {
            debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ce);
            handler.handleError(ce);
          } catch (BadRequestException be) {
            debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, be);
            handler.handleError(be);
          }
        } catch (Exception ex) {
          debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex);
          handler.handleError(new NotFoundException("Cannot update realm.", ex));
        }

      } catch (ForbiddenException fe) {
        // User does not have authorization
        debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe);
        handler.handleError(fe);
      } catch (PermanentException pe) {
        debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, pe);
        // Cannot recover from this exception
        handler.handleError(pe);
      } catch (ConflictException ce) {
        debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ce);
        handler.handleError(ce);
      } catch (BadRequestException be) {
        debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, be);
        handler.handleError(be);
      } catch (Exception ex) {
        debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex);
        handler.handleError(new NotFoundException("Cannot update realm.", ex));
      }
    } catch (SSOException sso) {
      debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, sso);
      handler.handleError(new PermanentException(401, "Access Denied", null));
    } catch (ForbiddenException fe) {
      debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe);
      handler.handleError(fe);
    } catch (PermanentException pe) {
      debug.error("RealmResource.Instance() : Cannot UPDATE " + resourceId, pe);
      // Cannot recover from this exception
      handler.handleError(pe);
    } catch (Exception ex) {
      debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex);
      handler.handleError(new NotFoundException("Cannot update realm.", ex));
    }
  }
Beispiel #22
0
  /** {@inheritDoc} */
  @Override
  public void deleteInstance(
      final ServerContext context,
      final String resourceId,
      final DeleteRequest request,
      final ResultHandler<Resource> handler) {

    RealmContext realmContext = context.asContext(RealmContext.class);
    String realmPath = realmContext.getResolvedRealm();

    boolean recursive = false;
    Resource resource;
    String holdResourceId = checkForTopLevelRealm(resourceId);

    try {
      hasPermission(context);

      if (holdResourceId != null && !holdResourceId.startsWith("/")) {
        holdResourceId = "/" + holdResourceId;
      }
      if (!realmPath.equalsIgnoreCase("/")) {
        holdResourceId = realmPath + holdResourceId;
      }
      OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), holdResourceId);
      ocm.deleteSubOrganization(null, recursive);
      String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
      debug.message(
          "RealmResource.deleteInstance :: DELETE of realm "
              + holdResourceId
              + " performed by "
              + principalName);
      // handle resource
      resource = new Resource(resourceId, "0", createJsonMessage("success", "true"));
      handler.handleResult(resource);
    } catch (SMSException smse) {
      try {
        configureErrorMessage(smse);
      } catch (NotFoundException nf) {
        debug.error("RealmResource.deleteInstance() : Cannot find " + resourceId + ":" + smse);
        handler.handleError(nf);
      } catch (ForbiddenException fe) {
        // User does not have authorization
        debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
        handler.handleError(fe);
      } catch (PermanentException pe) {
        debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
        // Cannot recover from this exception
        handler.handleError(pe);
      } catch (ConflictException ce) {
        debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
        handler.handleError(ce);
      } catch (BadRequestException be) {
        debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
        handler.handleError(be);
      } catch (Exception e) {
        handler.handleError(new BadRequestException(e.getMessage(), e));
      }
    } catch (SSOException sso) {
      debug.error("RealmResource.updateInstance() : Cannot DELETE " + resourceId + ":" + sso);
      handler.handleError(new PermanentException(401, "Access Denied", null));
    } catch (ForbiddenException fe) {
      debug.error("RealmResource.updateInstance() : Cannot DELETE " + resourceId + ":" + fe);
      handler.handleError(fe);
    } catch (Exception e) {
      handler.handleError(new BadRequestException(e.getMessage(), e));
    }
  }
Beispiel #23
0
  /** {@inheritDoc} */
  @Override
  public void readInstance(
      final ServerContext context,
      final String resourceId,
      final ReadRequest request,
      final ResultHandler<Resource> handler) {

    RealmContext realmContext = context.asContext(RealmContext.class);
    String realmPath = realmContext.getResolvedRealm();

    Resource resource;
    JsonValue jval;
    String holdResourceId = checkForTopLevelRealm(resourceId);

    try {
      hasPermission(context);
      if (holdResourceId != null && !holdResourceId.startsWith("/")) {
        holdResourceId = "/" + holdResourceId;
      }
      if (!realmPath.equalsIgnoreCase("/")) {
        holdResourceId = realmPath + holdResourceId;
      }
      OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), holdResourceId);
      // get associated services for this realm , include mandatory service names.
      Set serviceNames = ocm.getAssignedServices();
      jval = createJsonMessage(SERVICE_NAMES, serviceNames);

      String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);

      resource = new Resource(resourceId, String.valueOf(System.currentTimeMillis()), jval);
      if (debug.messageEnabled()) {
        debug.message(
            "RealmResource.readInstance :: READ : Successfully read realm, "
                + resourceId
                + " performed by "
                + principalName);
      }
      handler.handleResult(resource);

    } catch (SSOException sso) {
      debug.error("RealmResource.updateInstance() : Cannot READ " + resourceId, sso);
      handler.handleError(new PermanentException(401, "Access Denied", null));
    } catch (ForbiddenException fe) {
      debug.error("RealmResource.readInstance() : Cannot READ " + resourceId + ":" + fe);
      handler.handleError(fe);
    } catch (SMSException smse) {

      debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, smse);

      try {
        configureErrorMessage(smse);
      } catch (NotFoundException nf) {
        debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, nf);
        handler.handleError(nf);
      } catch (ForbiddenException fe) {
        // User does not have authorization
        debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, fe);
        handler.handleError(fe);
      } catch (PermanentException pe) {
        debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, pe);
        // Cannot recover from this exception
        handler.handleError(pe);
      } catch (ConflictException ce) {
        debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, ce);
        handler.handleError(ce);
      } catch (BadRequestException be) {
        debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, be);
        handler.handleError(be);
      } catch (Exception e) {
        debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, e);
        handler.handleError(new BadRequestException(e.getMessage(), e));
      }
    } catch (Exception e) {
      handler.handleError(new BadRequestException(e.getMessage(), e));
    }
  }