/**
* Returns names of all realms included in the subtree rooted by the realm indicated in the query
* url.
*
* <p>Names are unsorted and given as full paths.
*
* <p>Filtering, sorting, and paging of results is not supported.
*
* <p>{@inheritDoc}
*/
@Override
public void queryCollection(
final ServerContext context, final QueryRequest request, final QueryResultHandler handler) {
final String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
final RealmContext realmContext = context.asContext(RealmContext.class);
final String realmPath = realmContext.getResolvedRealm();
try {
final SSOTokenManager mgr = SSOTokenManager.getInstance();
final SSOToken ssoToken = mgr.createSSOToken(getCookieFromServerContext(context));
final OrganizationConfigManager ocm = new OrganizationConfigManager(ssoToken, realmPath);
final List<String> realmsInSubTree = new ArrayList<String>();
realmsInSubTree.add(realmPath);
for (final Object subRealmRelativePath : ocm.getSubOrganizationNames("*", true)) {
if (realmPath.endsWith("/")) {
realmsInSubTree.add(realmPath + subRealmRelativePath);
} else {
realmsInSubTree.add(realmPath + "/" + subRealmRelativePath);
}
}
debug.message("RealmResource :: QUERY : performed by " + principalName);
for (final Object realmName : realmsInSubTree) {
JsonValue val = new JsonValue(realmName);
Resource resource = new Resource((String) realmName, "0", val);
handler.handleResource(resource);
}
handler.handleResult(new QueryResult());
} catch (SSOException ex) {
debug.error("RealmResource :: QUERY by " + principalName + " failed : " + ex);
handler.handleError(ResourceException.getException(ResourceException.FORBIDDEN));
} catch (SMSException ex) {
debug.error("RealmResource :: QUERY by " + principalName + " failed :" + ex);
switch (ex.getExceptionCode()) {
case STATUS_NO_PERMISSION:
// This exception will be thrown if permission to read realms from SMS has not been
// delegated
handler.handleError(ResourceException.getException(ResourceException.FORBIDDEN));
break;
default:
handler.handleError(ResourceException.getException(ResourceException.INTERNAL_ERROR));
break;
}
}
}
/**
* Records an 'access' audit event before and after the filtered CREST resource receives an action
* request.
*
* <p>If the 'before' audit event fails due to an error, the request is cancelled and an error
* response is returned. If the 'after' audit event fails due to an error, the request is not
* cancelled as it's affects may have already been applied.
*
* @param context {@inheritDoc}
* @param request {@inheritDoc}
* @param next {@inheritDoc}
*/
@Override
public Promise<ActionResponse, ResourceException> filterAction(
Context context, ActionRequest request, RequestHandler next) {
final AuditingResultHandler auditingHandler = newAuditingResultHandler(context, request);
try {
auditingHandler.auditAccessAttempt();
} catch (AuditException e) {
return newExceptionPromise(ResourceException.getException(ResourceException.INTERNAL_ERROR));
}
return auditResponse(next.handleAction(context, request), auditingHandler);
}
/**
* Adapts a {@code Throwable} to a {@code ResourceException}. If the {@code Throwable} is an JSON
* {@code JsonValueException} then an appropriate {@code ResourceException} is returned, otherwise
* an {@code InternalServerErrorException} is returned.
*
* @param t The {@code Throwable} to be converted.
* @return The equivalent resource exception.
*/
public ResourceException adapt(final Throwable t) {
int resourceResultCode;
try {
throw t;
} catch (OConcurrentModificationException ex) {
resourceResultCode = ResourceException.VERSION_MISMATCH;
} catch (final ResourceException e) {
return e;
} catch (final JsonValueException e) {
resourceResultCode = ResourceException.BAD_REQUEST;
} catch (final Throwable tmp) {
resourceResultCode = ResourceException.INTERNAL_ERROR;
}
return ResourceException.getException(resourceResultCode, t.getMessage(), t);
}
/**
* Records an 'access' audit event before and after the filtered CREST resource receives an action
* request.
*
* <p>If the 'before' audit event fails due to an error, the request is cancelled and an error
* response is returned. If the 'after' audit event fails due to an error, the request is not
* cancelled as it's affects may have already been applied.
*
* @param context {@inheritDoc}
* @param request {@inheritDoc}
* @param handler {@inheritDoc}
* @param next {@inheritDoc}
*/
@Override
public void filterAction(
ServerContext context,
ActionRequest request,
ResultHandler<JsonValue> handler,
RequestHandler next) {
AuditingResultHandler<JsonValue> auditingHandler =
newAuditingResultHandler(context, request, handler);
try {
auditingHandler.auditAccessAttempt();
} catch (AuditException e) {
handler.handleError(ResourceException.getException(ResourceException.INTERNAL_ERROR));
return;
}
next.handleAction(context, request, auditingHandler);
}
/**
* Records an 'access' audit event before and after the filtered CREST resource receives an query
* request.
*
* <p>If the 'before' audit event fails due to an error, the request is cancelled and an error
* response is returned. If the 'after' audit event fails due to an error, the request is not
* cancelled as it's affects may have already been applied.
*
* @param context {@inheritDoc}
* @param request {@inheritDoc}
* @param handler {@inheritDoc}
* @param next {@inheritDoc}
*/
@Override
public void filterQuery(
ServerContext context,
QueryRequest request,
QueryResultHandler handler,
RequestHandler next) {
AuditingQueryResultHandler auditingHandler =
newQueryAuditingResultHandler(context, request, handler);
try {
auditingHandler.auditAccessAttempt();
} catch (AuditException e) {
handler.handleError(ResourceException.getException(ResourceException.INTERNAL_ERROR));
return;
}
next.handleQuery(context, request, auditingHandler);
}
@Override
public void updateInstance(
ServerContext context, UpdateRequest request, ResultHandler<Resource> handler) {
handler.handleError(ResourceException.getException(ResourceException.NOT_SUPPORTED));
}
@Override
public void actionInstance(
ServerContext context, ActionRequest request, ResultHandler<JsonValue> handler) {
handler.handleError(ResourceException.getException(ResourceException.NOT_SUPPORTED));
}