/**
* Records an 'access' audit event before and after the filtered CREST resource receives an action
* request.
*
* <p>If the 'before' audit event fails due to an error, the request is cancelled and an error
* response is returned. If the 'after' audit event fails due to an error, the request is not
* cancelled as it's affects may have already been applied.
*
* @param context {@inheritDoc}
* @param request {@inheritDoc}
* @param handler {@inheritDoc}
* @param next {@inheritDoc}
*/
@Override
public void filterAction(
ServerContext context,
ActionRequest request,
ResultHandler<JsonValue> handler,
RequestHandler next) {
AuditingResultHandler<JsonValue> auditingHandler =
newAuditingResultHandler(context, request, handler);
try {
auditingHandler.auditAccessAttempt();
} catch (AuditException e) {
handler.handleError(ResourceException.getException(ResourceException.INTERNAL_ERROR));
return;
}
next.handleAction(context, request, auditingHandler);
}
/** {@inheritDoc} */
@Override
public void createInstance(
final ServerContext context,
final CreateRequest request,
final ResultHandler<Resource> handler) {
RealmContext realmContext = context.asContext(RealmContext.class);
String realmPath = realmContext.getResolvedRealm();
Resource resource;
String parentRealm;
String childRealm;
String realm = null;
try {
hasPermission(context);
final JsonValue jVal = request.getContent();
// get the realm
realm = jVal.get("realm").asString();
realm = checkForTopLevelRealm(realm);
if (realm == null || realm.isEmpty()) {
throw new BadRequestException("No realm name provided.");
} else if (!realm.startsWith("/")) {
realm = "/" + realm;
}
if (!realmPath.equalsIgnoreCase("/")) {
// build realm to comply with format if not top level
realm = realmPath + realm;
}
parentRealm = RealmUtils.getParentRealm(realm);
childRealm = RealmUtils.getChildRealm(realm);
OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), parentRealm);
Map defaultValues = createServicesMap(jVal);
ocm.createSubOrganization(childRealm, defaultValues);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
debug.message(
"RealmResource.createInstance :: CREATE of realm "
+ childRealm
+ " in realm "
+ parentRealm
+ " performed by "
+ principalName);
// create a resource for handler to return
OrganizationConfigManager realmCreated = new OrganizationConfigManager(getSSOToken(), realm);
resource =
new Resource(
childRealm,
String.valueOf(System.currentTimeMillis()),
createJsonMessage("realmCreated", realmCreated.getOrganizationName()));
handler.handleResult(resource);
} catch (SMSException smse) {
debug.error("RealmResource.createInstance() : Cannot find " + realm, smse);
try {
configureErrorMessage(smse);
} catch (NotFoundException nf) {
debug.error("RealmResource.createInstance() : Cannot find " + realm, nf);
handler.handleError(nf);
} catch (ForbiddenException fe) {
// User does not have authorization
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
handler.handleError(fe);
} catch (PermanentException pe) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
// Cannot recover from this exception
handler.handleError(pe);
} catch (ConflictException ce) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, ce);
handler.handleError(ce);
} catch (BadRequestException be) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
handler.handleError(be);
} catch (Exception e) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, e);
handler.handleError(new BadRequestException(e.getMessage(), e));
}
} catch (SSOException sso) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, sso);
handler.handleError(new PermanentException(401, "Access Denied", null));
} catch (ForbiddenException fe) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
handler.handleError(fe);
} catch (BadRequestException be) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
handler.handleError(be);
} catch (PermanentException pe) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
// Cannot recover from this exception
handler.handleError(pe);
} catch (Exception e) {
debug.error("RealmResource.createInstance()" + realm + ":" + e);
handler.handleError(new BadRequestException(e.getMessage(), e));
}
}
/** {@inheritDoc} */
@Override
public void updateInstance(
final ServerContext context,
final String resourceId,
final UpdateRequest request,
final ResultHandler<Resource> handler) {
RealmContext realmContext = context.asContext(RealmContext.class);
String realmPath = realmContext.getResolvedRealm();
final JsonValue realmDetails = request.getContent();
Resource resource;
String realm = null;
OrganizationConfigManager ocm;
OrganizationConfigManager realmCreatedOcm;
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
try {
hasPermission(context);
realm = checkForTopLevelRealm(resourceId);
if (realm != null && !realm.startsWith("/")) {
realm = "/" + realm;
}
if (!realmPath.equalsIgnoreCase("/")) {
realm = realmPath + realm;
}
// The initial attempt to UPDATE a realm,
// if the realm does not exist it must be created
ocm = new OrganizationConfigManager(getSSOToken(), realm);
List newServiceNames;
// update ID_REPO attributes
updateConfiguredServices(ocm, createServicesMap(realmDetails));
newServiceNames = realmDetails.get(SERVICE_NAMES).asList();
if (newServiceNames == null || newServiceNames.isEmpty()) {
debug.error("RealmResource.updateInstance() : No Services defined.");
} else {
assignServices(ocm, newServiceNames); // assign services to realm
}
// READ THE REALM
realmCreatedOcm = new OrganizationConfigManager(getSSOToken(), realm);
debug.message(
"RealmResource.updateInstance :: UPDATE of realm "
+ realm
+ " performed by "
+ principalName);
// create a resource for handler to return
resource =
new Resource(
realm,
String.valueOf(System.currentTimeMillis()),
createJsonMessage("realmUpdated", realmCreatedOcm.getOrganizationName()));
handler.handleResult(resource);
} catch (SMSException e) {
try {
configureErrorMessage(e);
} catch (NotFoundException nfe) {
if (debug.errorEnabled()) {
debug.error(
"RealmResource.updateInstance()"
+ "Cannot find "
+ resourceId
+ ":"
+ e
+ "\n"
+ "CREATING "
+ resourceId);
}
// Realm was NOT found, therefore create the realm
try {
String parentRealm = RealmUtils.getParentRealm(realm);
String childRealm = RealmUtils.getChildRealm(realm);
ocm = new OrganizationConfigManager(getSSOToken(), parentRealm);
// create the realm
createOrganization(ocm, realmDetails, childRealm, realmPath);
// read the realm to make sure that it has been created...
realmCreatedOcm = new OrganizationConfigManager(getSSOToken(), realm);
if (debug.messageEnabled()) {
debug.message(
"RealmResource.updateInstance :: UPDATE of realm "
+ realm
+ " performed by "
+ principalName);
}
resource =
new Resource(
childRealm,
String.valueOf(System.currentTimeMillis()),
createJsonMessage("realmCreated", realmCreatedOcm.getOrganizationName()));
if (debug.messageEnabled()) {
debug.message("RealmResource :: UPDATE : Updated resource with ID, " + resourceId);
}
handler.handleResult(resource);
} catch (SMSException smse) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, smse);
try {
configureErrorMessage(smse);
} catch (NotFoundException nf) {
debug.error("RealmResource.updateInstance() : Cannot find " + resourceId, nf);
handler.handleError(nf);
} catch (ForbiddenException fe) {
// User does not have authorization
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe);
handler.handleError(fe);
} catch (PermanentException pe) {
debug.error("RealmResource.updateInstance() Cannot UPDATE " + resourceId, pe);
// Cannot recover from this exception
handler.handleError(pe);
} catch (ConflictException ce) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ce);
handler.handleError(ce);
} catch (BadRequestException be) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, be);
handler.handleError(be);
}
} catch (Exception ex) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex);
handler.handleError(new NotFoundException("Cannot update realm.", ex));
}
} catch (ForbiddenException fe) {
// User does not have authorization
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe);
handler.handleError(fe);
} catch (PermanentException pe) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, pe);
// Cannot recover from this exception
handler.handleError(pe);
} catch (ConflictException ce) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ce);
handler.handleError(ce);
} catch (BadRequestException be) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, be);
handler.handleError(be);
} catch (Exception ex) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex);
handler.handleError(new NotFoundException("Cannot update realm.", ex));
}
} catch (SSOException sso) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, sso);
handler.handleError(new PermanentException(401, "Access Denied", null));
} catch (ForbiddenException fe) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe);
handler.handleError(fe);
} catch (PermanentException pe) {
debug.error("RealmResource.Instance() : Cannot UPDATE " + resourceId, pe);
// Cannot recover from this exception
handler.handleError(pe);
} catch (Exception ex) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex);
handler.handleError(new NotFoundException("Cannot update realm.", ex));
}
}
/** {@inheritDoc} */
@Override
public void readInstance(
final ServerContext context,
final String resourceId,
final ReadRequest request,
final ResultHandler<Resource> handler) {
RealmContext realmContext = context.asContext(RealmContext.class);
String realmPath = realmContext.getResolvedRealm();
Resource resource;
JsonValue jval;
String holdResourceId = checkForTopLevelRealm(resourceId);
try {
hasPermission(context);
if (holdResourceId != null && !holdResourceId.startsWith("/")) {
holdResourceId = "/" + holdResourceId;
}
if (!realmPath.equalsIgnoreCase("/")) {
holdResourceId = realmPath + holdResourceId;
}
OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), holdResourceId);
// get associated services for this realm , include mandatory service names.
Set serviceNames = ocm.getAssignedServices();
jval = createJsonMessage(SERVICE_NAMES, serviceNames);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
resource = new Resource(resourceId, String.valueOf(System.currentTimeMillis()), jval);
if (debug.messageEnabled()) {
debug.message(
"RealmResource.readInstance :: READ : Successfully read realm, "
+ resourceId
+ " performed by "
+ principalName);
}
handler.handleResult(resource);
} catch (SSOException sso) {
debug.error("RealmResource.updateInstance() : Cannot READ " + resourceId, sso);
handler.handleError(new PermanentException(401, "Access Denied", null));
} catch (ForbiddenException fe) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId + ":" + fe);
handler.handleError(fe);
} catch (SMSException smse) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, smse);
try {
configureErrorMessage(smse);
} catch (NotFoundException nf) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, nf);
handler.handleError(nf);
} catch (ForbiddenException fe) {
// User does not have authorization
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, fe);
handler.handleError(fe);
} catch (PermanentException pe) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, pe);
// Cannot recover from this exception
handler.handleError(pe);
} catch (ConflictException ce) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, ce);
handler.handleError(ce);
} catch (BadRequestException be) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, be);
handler.handleError(be);
} catch (Exception e) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, e);
handler.handleError(new BadRequestException(e.getMessage(), e));
}
} catch (Exception e) {
handler.handleError(new BadRequestException(e.getMessage(), e));
}
}
/** {@inheritDoc} */
@Override
public void deleteInstance(
final ServerContext context,
final String resourceId,
final DeleteRequest request,
final ResultHandler<Resource> handler) {
RealmContext realmContext = context.asContext(RealmContext.class);
String realmPath = realmContext.getResolvedRealm();
boolean recursive = false;
Resource resource;
String holdResourceId = checkForTopLevelRealm(resourceId);
try {
hasPermission(context);
if (holdResourceId != null && !holdResourceId.startsWith("/")) {
holdResourceId = "/" + holdResourceId;
}
if (!realmPath.equalsIgnoreCase("/")) {
holdResourceId = realmPath + holdResourceId;
}
OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), holdResourceId);
ocm.deleteSubOrganization(null, recursive);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
debug.message(
"RealmResource.deleteInstance :: DELETE of realm "
+ holdResourceId
+ " performed by "
+ principalName);
// handle resource
resource = new Resource(resourceId, "0", createJsonMessage("success", "true"));
handler.handleResult(resource);
} catch (SMSException smse) {
try {
configureErrorMessage(smse);
} catch (NotFoundException nf) {
debug.error("RealmResource.deleteInstance() : Cannot find " + resourceId + ":" + smse);
handler.handleError(nf);
} catch (ForbiddenException fe) {
// User does not have authorization
debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
handler.handleError(fe);
} catch (PermanentException pe) {
debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
// Cannot recover from this exception
handler.handleError(pe);
} catch (ConflictException ce) {
debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
handler.handleError(ce);
} catch (BadRequestException be) {
debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
handler.handleError(be);
} catch (Exception e) {
handler.handleError(new BadRequestException(e.getMessage(), e));
}
} catch (SSOException sso) {
debug.error("RealmResource.updateInstance() : Cannot DELETE " + resourceId + ":" + sso);
handler.handleError(new PermanentException(401, "Access Denied", null));
} catch (ForbiddenException fe) {
debug.error("RealmResource.updateInstance() : Cannot DELETE " + resourceId + ":" + fe);
handler.handleError(fe);
} catch (Exception e) {
handler.handleError(new BadRequestException(e.getMessage(), e));
}
}
@Override
public void updateInstance(
ServerContext context, UpdateRequest request, ResultHandler<Resource> handler) {
handler.handleError(ResourceException.getException(ResourceException.NOT_SUPPORTED));
}
@Override
public void readInstance(
ServerContext context, ReadRequest request, ResultHandler<Resource> handler) {
JsonValue json = JsonValue.json(JsonValue.object(JsonValue.field("State", "AVAILABLE")));
handler.handleResult(new Resource("Endpoint", "0", json));
}
@Override
public void actionInstance(
ServerContext context, ActionRequest request, ResultHandler<JsonValue> handler) {
handler.handleError(ResourceException.getException(ResourceException.NOT_SUPPORTED));
}