void doPost(final HttpServletRequest req, final HttpServletResponse resp) {
    try {
      // Parse out the required API versions.
      final AcceptAPIVersion acceptVersion = parseAcceptAPIVersion(req);

      // Prepare response.
      prepareResponse(req, resp);

      // Validate request.
      preprocessRequest(req);
      rejectIfNoneMatch(req);
      rejectIfMatch(req);

      final Map<String, String[]> parameters = req.getParameterMap();
      final String action = asSingleValue(PARAM_ACTION, getParameter(req, PARAM_ACTION));
      if (action.equalsIgnoreCase(ACTION_ID_CREATE)) {
        final JsonValue content = getJsonContent(req);
        final CreateRequest request = Requests.newCreateRequest(getResourceName(req), content);
        for (final Map.Entry<String, String[]> p : parameters.entrySet()) {
          final String name = p.getKey();
          final String[] values = p.getValue();
          if (parseCommonParameter(name, values, request)) {
            continue;
          } else if (name.equalsIgnoreCase(PARAM_ACTION)) {
            // Ignore - already handled.
          } else if (HttpUtils.isMultiPartRequest(req.getContentType())) {
            // Ignore - multipart content adds form parts to the parameter set
          } else {
            request.setAdditionalParameter(name, asSingleValue(name, values));
          }
        }
        doRequest(req, resp, acceptVersion, request);
      } else {
        // Action request.
        final JsonValue content = getJsonActionContent(req);
        final ActionRequest request =
            Requests.newActionRequest(getResourceName(req), action).setContent(content);
        for (final Map.Entry<String, String[]> p : parameters.entrySet()) {
          final String name = p.getKey();
          final String[] values = p.getValue();
          if (parseCommonParameter(name, values, request)) {
            continue;
          } else if (name.equalsIgnoreCase(PARAM_ACTION)) {
            // Ignore - already handled.
          } else if (HttpUtils.isMultiPartRequest(req.getContentType())) {
            // Ignore - multipart content adds form parts to the parameter set
          } else {
            request.setAdditionalParameter(name, asSingleValue(name, values));
          }
        }
        doRequest(req, resp, acceptVersion, request);
      }
    } catch (final Exception e) {
      fail(req, resp, e);
    }
  }
  /**
   * Persist the supplied {@link JsonValue} {@code value} as the new state of this singleton
   * relationship on {@code resourceId}.
   *
   * <p><em>This is currently the only means of creating an instance of this singleton</em>
   *
   * @param context The context of this request
   * @param resourceId Id of the resource relation fields in value are to be memebers of
   * @param value A {@link JsonValue} map of relationship fields and their values
   * @return The persisted instance of {@code value}
   */
  @Override
  public Promise<JsonValue, ResourceException> setRelationshipValueForResource(
      Context context, String resourceId, JsonValue value) {
    if (value.isNotNull()) {
      try {
        final JsonValue id = value.get(FIELD_ID);

        // Update if we got an id, otherwise replace
        if (id != null && id.isNotNull()) {
          final UpdateRequest updateRequest = Requests.newUpdateRequest("", value);
          updateRequest.setAdditionalParameter(PARAM_FIRST_ID, resourceId);
          return updateInstance(context, value.get(FIELD_ID).asString(), updateRequest)
              .then(
                  new Function<ResourceResponse, JsonValue, ResourceException>() {
                    @Override
                    public JsonValue apply(ResourceResponse resourceResponse)
                        throws ResourceException {
                      return resourceResponse.getContent();
                    }
                  });
        } else { // no id, replace current instance
          clear(context, resourceId);

          final CreateRequest createRequest = Requests.newCreateRequest("", value);
          createRequest.setAdditionalParameter(PARAM_FIRST_ID, resourceId);
          return createInstance(context, createRequest)
              .then(
                  new Function<ResourceResponse, JsonValue, ResourceException>() {
                    @Override
                    public JsonValue apply(ResourceResponse resourceResponse)
                        throws ResourceException {
                      return resourceResponse.getContent();
                    }
                  });
        }
      } catch (ResourceException e) {
        return e.asPromise();
      }

    } else {
      clear(context, resourceId);
      return newResultPromise(json(null));
    }
  }
  @Override
  public Promise<ResourceResponse, ResourceException> createInstance(
      Context context, CreateRequest request) {
    TokenGenerationServiceInvocationState invocationState;
    try {
      invocationState = TokenGenerationServiceInvocationState.fromJson(request.getContent());
    } catch (Exception e) {
      logger.error(
          "Exception caught marshalling json into TokenGenerationServiceInvocationState instance: "
              + e);
      return new BadRequestException(e.getMessage(), e).asPromise();
    }
    SSOToken subjectToken;
    try {
      subjectToken = validateAssertionSubjectSession(invocationState);
    } catch (ForbiddenException e) {
      return e.asPromise();
    }

    STSInstanceState stsInstanceState;
    try {
      stsInstanceState = getSTSInstanceState(invocationState);
    } catch (ResourceException e) {
      return e.asPromise();
    }

    if (TokenType.SAML2.equals(invocationState.getTokenType())) {
      try {
        final String assertion =
            saml2TokenGeneration.generate(subjectToken, stsInstanceState, invocationState);
        return newResultPromise(issuedTokenResource(assertion));
      } catch (TokenCreationException e) {
        logger.error("Exception caught generating saml2 token: " + e, e);
        return e.asPromise();
      } catch (Exception e) {
        logger.error("Exception caught generating saml2 token: " + e, e);
        return new InternalServerErrorException(e.toString(), e).asPromise();
      }
    } else if (TokenType.OPENIDCONNECT.equals(invocationState.getTokenType())) {
      try {
        final String assertion =
            openIdConnectTokenGeneration.generate(subjectToken, stsInstanceState, invocationState);
        return newResultPromise(issuedTokenResource(assertion));
      } catch (TokenCreationException e) {
        logger.error("Exception caught generating OpenIdConnect token: " + e, e);
        return e.asPromise();
      } catch (Exception e) {
        logger.error("Exception caught generating OpenIdConnect token: " + e, e);
        return new InternalServerErrorException(e.toString(), e).asPromise();
      }
    } else {
      String message = "Bad request: unexpected token type:" + invocationState.getTokenType();
      logger.error(message);
      return new BadRequestException(message).asPromise();
    }
  }
Beispiel #4
0
  /** {@inheritDoc} */
  @Override
  public void createInstance(
      final ServerContext context,
      final CreateRequest request,
      final ResultHandler<Resource> handler) {

    RealmContext realmContext = context.asContext(RealmContext.class);
    String realmPath = realmContext.getResolvedRealm();

    Resource resource;
    String parentRealm;
    String childRealm;
    String realm = null;

    try {
      hasPermission(context);
      final JsonValue jVal = request.getContent();
      // get the realm
      realm = jVal.get("realm").asString();
      realm = checkForTopLevelRealm(realm);
      if (realm == null || realm.isEmpty()) {
        throw new BadRequestException("No realm name provided.");
      } else if (!realm.startsWith("/")) {
        realm = "/" + realm;
      }
      if (!realmPath.equalsIgnoreCase("/")) {
        // build realm to comply with format if not top level
        realm = realmPath + realm;
      }

      parentRealm = RealmUtils.getParentRealm(realm);
      childRealm = RealmUtils.getChildRealm(realm);

      OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), parentRealm);

      Map defaultValues = createServicesMap(jVal);
      ocm.createSubOrganization(childRealm, defaultValues);
      String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
      debug.message(
          "RealmResource.createInstance :: CREATE of realm "
              + childRealm
              + " in realm "
              + parentRealm
              + " performed by "
              + principalName);

      // create a resource for handler to return
      OrganizationConfigManager realmCreated = new OrganizationConfigManager(getSSOToken(), realm);
      resource =
          new Resource(
              childRealm,
              String.valueOf(System.currentTimeMillis()),
              createJsonMessage("realmCreated", realmCreated.getOrganizationName()));
      handler.handleResult(resource);

    } catch (SMSException smse) {

      debug.error("RealmResource.createInstance() : Cannot find " + realm, smse);

      try {
        configureErrorMessage(smse);
      } catch (NotFoundException nf) {
        debug.error("RealmResource.createInstance() : Cannot find " + realm, nf);
        handler.handleError(nf);
      } catch (ForbiddenException fe) {
        // User does not have authorization
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
        handler.handleError(fe);
      } catch (PermanentException pe) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
        // Cannot recover from this exception
        handler.handleError(pe);
      } catch (ConflictException ce) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, ce);
        handler.handleError(ce);
      } catch (BadRequestException be) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
        handler.handleError(be);
      } catch (Exception e) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, e);
        handler.handleError(new BadRequestException(e.getMessage(), e));
      }
    } catch (SSOException sso) {
      debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, sso);
      handler.handleError(new PermanentException(401, "Access Denied", null));
    } catch (ForbiddenException fe) {
      debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
      handler.handleError(fe);
    } catch (BadRequestException be) {
      debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
      handler.handleError(be);
    } catch (PermanentException pe) {
      debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
      // Cannot recover from this exception
      handler.handleError(pe);
    } catch (Exception e) {
      debug.error("RealmResource.createInstance()" + realm + ":" + e);
      handler.handleError(new BadRequestException(e.getMessage(), e));
    }
  }
  /**
   * Creates a new object in the object set.
   *
   * <p>This method sets the {@code _id} property to the assigned identifier for the object, and the
   * {@code _rev} property to the revised object version (For optimistic concurrency)
   *
   * @param request the contents of the object to create in the object set.
   * @throws NotFoundException if the specified id could not be resolved.
   * @throws ForbiddenException if access to the object or object set is forbidden.
   * @throws ConflictException if an object with the same ID already exists.
   */
  @Override
  public ResourceResponse create(CreateRequest request) throws ResourceException {
    if (request.getResourcePathObject().isEmpty()) {
      throw new NotFoundException(
          "The object identifier did not include sufficient information to determine the object type: "
              + request.getResourcePath());
    }

    final String type = request.getResourcePath();
    // TODO: should CREST support server side generation of ID itself?
    final String localId =
        (request.getNewResourceId() == null || "".equals(request.getNewResourceId()))
            ? UUID.randomUUID().toString() // Generate ID server side.
            : request.getNewResourceId();

    // Used currently for logging
    String fullId = request.getResourcePathObject().child(localId).toString();

    String orientClassName = typeToOrientClassName(type);
    JsonValue obj = request.getContent();

    obj.put(DocumentUtil.TAG_ID, localId);

    ODatabaseDocumentTx db = getConnection();
    try {
      // Rather than using MVCC for insert, rely on primary key uniqueness constraints to detect
      // duplicate create
      ODocument newDoc = DocumentUtil.toDocument(obj, null, db, orientClassName);
      logger.trace("Created doc for id: {} to save {}", fullId, newDoc);
      newDoc.save();

      obj.put(DocumentUtil.TAG_REV, Integer.toString(newDoc.getVersion()));
      logger.debug("Completed create for id: {} revision: {}", fullId, newDoc.getVersion());
      logger.trace("Create payload for id: {} doc: {}", fullId, newDoc);
      return newResourceResponse(
          obj.get(DocumentUtil.TAG_ID).asString(), obj.get(DocumentUtil.TAG_REV).asString(), obj);
    } catch (ORecordDuplicatedException ex) {
      // Because the OpenIDM ID is defined as unique, duplicate inserts must fail
      throw new PreconditionFailedException(
          "Create rejected as Object with same ID already exists. " + ex.getMessage(), ex);
    } catch (OIndexException ex) {
      // Because the OpenIDM ID is defined as unique, duplicate inserts must fail
      throw new PreconditionFailedException(
          "Create rejected as Object with same ID already exists. " + ex.getMessage(), ex);
    } catch (ODatabaseException ex) {
      // Because the OpenIDM ID is defined as unique, duplicate inserts must fail.
      // OrientDB may wrap the IndexException root cause.
      if (isCauseIndexException(ex, 10) || isCauseRecordDuplicatedException(ex, 10)) {
        throw new PreconditionFailedException(
            "Create rejected as Object with same ID already exists and was detected. "
                + ex.getMessage(),
            ex);
      } else {
        throw ex;
      }
    } catch (RuntimeException e) {
      throw e;
    } finally {
      if (db != null) {
        db.close();
      }
    }
  }
  void doPut(final HttpServletRequest req, final HttpServletResponse resp) {
    try {
      // Parse out the required API versions.
      final AcceptAPIVersion acceptVersion = parseAcceptAPIVersion(req);

      // Prepare response.
      prepareResponse(req, resp);

      // Validate request.
      preprocessRequest(req);

      if (req.getHeader(HEADER_IF_MATCH) != null && req.getHeader(HEADER_IF_NONE_MATCH) != null) {
        // FIXME: i18n
        throw new PreconditionFailedException(
            "Simultaneous use of If-Match and If-None-Match not " + "supported for PUT requests");
      }

      final Map<String, String[]> parameters = req.getParameterMap();
      final JsonValue content = getJsonContent(req);

      final String rev = getIfNoneMatch(req);
      if (ETAG_ANY.equals(rev)) {
        // This is a create with a user provided resource ID: split the
        // path into the parent resource name and resource ID.
        final String resourceName = getResourceName(req);
        final int i = resourceName.lastIndexOf('/');
        final CreateRequest request;
        if (resourceName.isEmpty()) {
          // FIXME: i18n.
          throw new BadRequestException("No new resource ID in HTTP PUT request");
        } else if (i < 0) {
          // We have a pathInfo of the form "{id}"
          request = Requests.newCreateRequest(EMPTY_STRING, content);
          request.setNewResourceId(resourceName);
        } else {
          // We have a pathInfo of the form "{container}/{id}"
          request = Requests.newCreateRequest(resourceName.substring(0, i), content);
          request.setNewResourceId(resourceName.substring(i + 1));
        }
        for (final Map.Entry<String, String[]> p : parameters.entrySet()) {
          final String name = p.getKey();
          final String[] values = p.getValue();
          if (HttpUtils.isMultiPartRequest(req.getContentType())) {
            // Ignore - multipart content adds form parts to the parameter set
          } else if (parseCommonParameter(name, values, request)) {
            continue;
          } else {
            request.setAdditionalParameter(name, asSingleValue(name, values));
          }
        }
        doRequest(req, resp, acceptVersion, request);
      } else {
        final UpdateRequest request =
            Requests.newUpdateRequest(getResourceName(req), content).setRevision(getIfMatch(req));
        for (final Map.Entry<String, String[]> p : parameters.entrySet()) {
          final String name = p.getKey();
          final String[] values = p.getValue();
          if (HttpUtils.isMultiPartRequest(req.getContentType())) {
            // Ignore - multipart content adds form parts to the parameter set
          } else if (parseCommonParameter(name, values, request)) {
            continue;
          } else {
            request.setAdditionalParameter(name, asSingleValue(name, values));
          }
        }
        doRequest(req, resp, acceptVersion, request);
      }
    } catch (final Exception e) {
      fail(req, resp, e);
    }
  }
  /**
   * Stores the <code>Dictionary</code> under the given <code>pid</code>.
   *
   * @param pid The identifier of the dictionary.
   * @param properties The <code>Dictionary</code> to store.
   * @throws IOException If an error occurrs storing the dictionary. If this exception is thrown, it
   *     is expected, that {@link #exists(String) exists(pid} returns <code>false</code>.
   */
  public void store(String pid, Dictionary properties) throws IOException {
    logger.debug("Store call for {} {}", pid, properties);

    // Store config handling settings in memory
    if (pid.startsWith("org.apache.felix.fileinstall")) {
      tempStore.put(pid, properties);
      return;
    }

    try {
      if (isReady(0) && requireRepository) {
        String id = pidToId(pid);

        Map<String, Object> obj = dictToMap(properties);
        JsonValue content = new JsonValue(obj);
        String configResourceId =
            ConfigBootstrapHelper.getId(
                content.get(ConfigBootstrapHelper.CONFIG_ALIAS).asString(),
                content.get(ConfigBootstrapHelper.SERVICE_PID).asString(),
                content.get(ConfigBootstrapHelper.SERVICE_FACTORY_PID).asString());
        String configString = (String) obj.get(JSONEnhancedConfig.JSON_CONFIG_PROPERTY);
        Map<Object, Object> configMap = deserializeConfig(configString);
        if (configMap != null) {
          configMap.put("_id", configResourceId);
        }
        obj.put(JSONEnhancedConfig.JSON_CONFIG_PROPERTY, configMap);

        Map<String, Object> existing = null;
        try {
          ReadRequest readRequest = Requests.newReadRequest(id);
          existing = repo.read(readRequest).getContent().asMap();
        } catch (NotFoundException ex) {
          // Just detect that it doesn't exist
        }
        if (existing != null) {
          String rev = (String) existing.get("_rev");

          existing.remove("_rev");
          existing.remove("_id");
          obj.remove("_rev"); // beware, this means _id and _rev should not be in config file
          obj.remove("_id"); // beware, this means _id and _rev should not be in config file
          obj.remove(RepoPersistenceManager.BUNDLE_LOCATION);
          obj.remove(RepoPersistenceManager.FELIX_FILEINSTALL_FILENAME);
          if (!existing.equals(obj)) {
            logger.trace("Not matching {} {}", existing, obj);
            boolean retry;
            do {
              retry = false;
              try {
                UpdateRequest r = Requests.newUpdateRequest(id, new JsonValue(obj));
                r.setRevision(rev);
                repo.update(r);
              } catch (PreconditionFailedException ex) {
                logger.debug("Concurrent change during update, retrying {} {}", pid, rev);
                ReadRequest readRequest = Requests.newReadRequest(id);
                existing = repo.read(readRequest).getContent().asMap();
                retry = true;
              }
            } while (retry);
            logger.debug("Updated existing config {} {} {}", new Object[] {pid, rev, obj});
          } else {
            logger.debug(
                "Existing config same as store request, ignoring {} {} {}",
                new Object[] {pid, rev, obj});
          }
        } else {
          logger.trace("Creating: {} {} ", id, obj);
          // This may create a new (empty) configuration, which felix marks with
          // _felix___cm__newConfiguration=true
          String newResourceId = id.substring(CONFIG_CONTEXT_PREFIX.length());
          CreateRequest createRequest =
              Requests.newCreateRequest(CONFIG_CONTEXT_PREFIX, new JsonValue(obj));
          createRequest.setNewResourceId(newResourceId);
          obj = repo.create(createRequest).getContent().asMap();
          logger.debug("Stored new config in repository {} {}", pid, obj);
        }
      } else {
        tempStore.put(pid, properties);
        logger.debug("Stored in memory {} {}", pid, properties);
      }
    } catch (ResourceException ex) {
      throw new IOException("Failed to store configuration in repository: " + ex.getMessage(), ex);
    }
  }