/**
* Assigns Services to a realm
*
* @param ocm Organization Configuration Manager
* @param newServiceNames List of service names to be assigned/unassigned
* @throws SMSException
*/
private void assignServices(OrganizationConfigManager ocm, List newServiceNames)
throws SMSException {
try {
// include mandatory, otherwise pass in false
Set assignedServices = ocm.getAssignedServices();
// combine new services names with current assigned services
Set allServices = new HashSet(newServiceNames.size() + assignedServices.size());
// add all to make union of the two sets of service names
allServices.addAll(assignedServices);
allServices.addAll(newServiceNames);
// update services associated with realm
for (Object tmp : allServices) {
String serviceName = (String) tmp;
if (newServiceNames.contains(serviceName) && assignedServices.contains(serviceName)) {
// do nothing, keep current service name as it is for now
} else if (newServiceNames.contains(serviceName)
&& !assignedServices.contains(serviceName)) {
// assign the service to realm
ocm.assignService(serviceName, null);
} else if (!newServiceNames.contains(serviceName)
&& assignedServices.contains(serviceName)) {
// unassign the service from the realm if not mandatory
ocm.unassignService(serviceName);
}
}
} catch (SMSException smse) {
debug.error("RealmResource.assignServices() : Unable to assign services");
throw smse;
}
}
/**
* Returns a map of assigned service name to its localized name under a realm.
*
* @param realmName Name of Realm.
* @return a map of assigned service name to its localized name under a realm.
* @throws AMConsoleException if service names cannot be obtained.
*/
public Map getAssignedServiceNames(String realmName) throws AMConsoleException {
String[] param = {realmName};
logEvent("ATTEMPT_GET_ASSIGNED_SERVICE_OF_REALM", param);
try {
OrganizationConfigManager orgCfgMgr =
new OrganizationConfigManager(getUserSSOToken(), realmName);
Set names = orgCfgMgr.getAssignedServices();
if ((names == null) || names.isEmpty()) {
names = new HashSet();
}
getIdentityServices(realmName, names);
/*
* Need to use adminSSOToken because policy admin does not
* have the correct privileges.
*/
AMAuthenticationManager mgr = new AMAuthenticationManager(adminSSOToken, realmName);
AMAdminUtils.removeAllCaseIgnore(names, mgr.getAuthenticationServiceNames());
removeNonDisplayableServices(names, SUPPORTED_SCHEMA_TYPE);
// remove auth configuration service too
names.remove(AMAdminConstants.AUTH_CONFIG_SERVICE);
names.remove(AMAdminConstants.CORE_AUTH_SERVICE);
/*
Creation and edit of instances of the Rest/Soap STS services handled by the STS tab.
*/
names.remove(AMAdminConstants.REST_STS_SERVICE);
names.remove(AMAdminConstants.SOAP_STS_SERVICE);
logEvent("SUCCEED_GET_ASSIGNED_SERVICE_OF_REALM", param);
return mapNameToDisplayName(names);
} catch (AMConfigurationException e) {
String strError = getErrorString(e);
String[] paramsEx = {realmName, strError};
logEvent("CONFIGURATION_EXCEPTION_GET_ASSIGNED_SERVICE_OF_REALM", paramsEx);
throw new AMConsoleException(strError);
} catch (SMSException e) {
String strError = getErrorString(e);
String[] paramsEx = {realmName, strError};
logEvent("SMS_EXCEPTION_GET_ASSIGNED_SERVICE_OF_REALM", paramsEx);
throw new AMConsoleException(strError);
}
}
/**
* Returns a map of service name to its display name that can be assigned to a realm.
*
* @param realmName Name of Realm.
* @return a map of service name to its display name that can be assigned to a realm.
* @throws AMConsoleException if service names cannot be obtained.
*/
public Map getAssignableServiceNames(String realmName) throws AMConsoleException {
String[] param = {realmName};
logEvent("ATTEMPT_GET_ASSIGNABLE_SERVICE_OF_REALM", param);
try {
OrganizationConfigManager orgCfgMgr =
new OrganizationConfigManager(getUserSSOToken(), realmName);
Set names = orgCfgMgr.getAssignableServices();
addIdentityUnassignedServices(realmName, names);
names.removeAll(orgCfgMgr.getAssignedServices());
AMAuthenticationManager mgr = new AMAuthenticationManager(getUserSSOToken(), realmName);
AMAdminUtils.removeAllCaseIgnore(names, mgr.getAuthenticationServiceNames());
removeNonDisplayableServices(names, SUPPORTED_SCHEMA_TYPE);
names.remove(AMAdminConstants.CORE_AUTH_SERVICE);
/*
Creation and edit of instances of the Rest/Soap STS services handled by the STS tab.
*/
names.remove(AMAdminConstants.REST_STS_SERVICE);
names.remove(AMAdminConstants.SOAP_STS_SERVICE);
logEvent("SUCCEED_GET_ASSIGNABLE_SERVICE_OF_REALM", param);
return mapNameToDisplayName(names);
} catch (AMConfigurationException e) {
String strError = getErrorString(e);
String[] paramsEx = {realmName, strError};
logEvent("CONFIGURATION_EXCEPTION_GET_ASSIGNABLE_SERVICE_OF_REALM", paramsEx);
if (debug.warningEnabled()) {
debug.warning("ServicesModel.getAssignableServiceNames " + strError);
}
throw new AMConsoleException("no.properties");
} catch (SMSException e) {
String strError = getErrorString(e);
String[] paramsEx = {realmName, strError};
logEvent("SMS_EXCEPTION_GET_ASSIGNABLE_SERVICE_OF_REALM", paramsEx);
throw new AMConsoleException(strError);
}
}
/** {@inheritDoc} */
@Override
public void readInstance(
final ServerContext context,
final String resourceId,
final ReadRequest request,
final ResultHandler<Resource> handler) {
RealmContext realmContext = context.asContext(RealmContext.class);
String realmPath = realmContext.getResolvedRealm();
Resource resource;
JsonValue jval;
String holdResourceId = checkForTopLevelRealm(resourceId);
try {
hasPermission(context);
if (holdResourceId != null && !holdResourceId.startsWith("/")) {
holdResourceId = "/" + holdResourceId;
}
if (!realmPath.equalsIgnoreCase("/")) {
holdResourceId = realmPath + holdResourceId;
}
OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), holdResourceId);
// get associated services for this realm , include mandatory service names.
Set serviceNames = ocm.getAssignedServices();
jval = createJsonMessage(SERVICE_NAMES, serviceNames);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
resource = new Resource(resourceId, String.valueOf(System.currentTimeMillis()), jval);
if (debug.messageEnabled()) {
debug.message(
"RealmResource.readInstance :: READ : Successfully read realm, "
+ resourceId
+ " performed by "
+ principalName);
}
handler.handleResult(resource);
} catch (SSOException sso) {
debug.error("RealmResource.updateInstance() : Cannot READ " + resourceId, sso);
handler.handleError(new PermanentException(401, "Access Denied", null));
} catch (ForbiddenException fe) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId + ":" + fe);
handler.handleError(fe);
} catch (SMSException smse) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, smse);
try {
configureErrorMessage(smse);
} catch (NotFoundException nf) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, nf);
handler.handleError(nf);
} catch (ForbiddenException fe) {
// User does not have authorization
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, fe);
handler.handleError(fe);
} catch (PermanentException pe) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, pe);
// Cannot recover from this exception
handler.handleError(pe);
} catch (ConflictException ce) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, ce);
handler.handleError(ce);
} catch (BadRequestException be) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, be);
handler.handleError(be);
} catch (Exception e) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, e);
handler.handleError(new BadRequestException(e.getMessage(), e));
}
} catch (Exception e) {
handler.handleError(new BadRequestException(e.getMessage(), e));
}
}
