/**
* Assigns Services to a realm
*
* @param ocm Organization Configuration Manager
* @param newServiceNames List of service names to be assigned/unassigned
* @throws SMSException
*/
private void assignServices(OrganizationConfigManager ocm, List newServiceNames)
throws SMSException {
try {
// include mandatory, otherwise pass in false
Set assignedServices = ocm.getAssignedServices();
// combine new services names with current assigned services
Set allServices = new HashSet(newServiceNames.size() + assignedServices.size());
// add all to make union of the two sets of service names
allServices.addAll(assignedServices);
allServices.addAll(newServiceNames);
// update services associated with realm
for (Object tmp : allServices) {
String serviceName = (String) tmp;
if (newServiceNames.contains(serviceName) && assignedServices.contains(serviceName)) {
// do nothing, keep current service name as it is for now
} else if (newServiceNames.contains(serviceName)
&& !assignedServices.contains(serviceName)) {
// assign the service to realm
ocm.assignService(serviceName, null);
} else if (!newServiceNames.contains(serviceName)
&& assignedServices.contains(serviceName)) {
// unassign the service from the realm if not mandatory
ocm.unassignService(serviceName);
}
}
} catch (SMSException smse) {
debug.error("RealmResource.assignServices() : Unable to assign services");
throw smse;
}
}
@AfterClass
public void cleanup() throws Exception {
if (orgAliasEnabled) {
OrganizationConfigManager ocm = new OrganizationConfigManager(adminToken, "/");
ocm.deleteSubOrganization(SUB_REALM1.substring(1), true);
}
}
@BeforeTest
public void setup() throws Exception {
OrganizationConfigManager orgMgr = new OrganizationConfigManager(adminToken, "/");
orgMgr.createSubOrganization(SUB_REALM.substring(1), Collections.EMPTY_MAP);
delegatedUser = IdRepoUtils.createUser(SUB_REALM, DELEGATED_USER);
delegatedUser1 = IdRepoUtils.createUser(SUB_REALM, DELEGATED_USER1);
orgMgr = new OrganizationConfigManager(adminToken, SUB_REALM);
orgMgr.createSubOrganization(SUB_SUB_REALM, Collections.EMPTY_MAP);
createReferral();
Application appl =
ApplicationManager.newApplication(
SUB_REALM,
APPLICATION_NAME,
ApplicationTypeManager.getAppplicationType(
PrivilegeManager.superAdminSubject,
ApplicationTypeManager.URL_APPLICATION_TYPE_NAME));
// Test disabled, unable to make model change.
// Set<String> resources = new HashSet<String>();
// resources.add(DELEGATED_RESOURCE);
// appl.setResources(resources);
appl.setEntitlementCombiner(DenyOverride.class);
ApplicationManager.saveApplication(SubjectUtils.createSuperAdminSubject(), SUB_REALM, appl);
}
/**
* Returns the authentication service or chain configured for the given organization.
*
* @param orgDN organization DN.
* @return the authentication service or chain configured for the given organization.
*/
public String getOrgConfiguredAuthenticationChain(String orgDN) {
String orgAuthConfig = null;
try {
OrganizationConfigManager orgConfigMgr = getOrgConfigManager(orgDN);
ServiceConfig svcConfig = orgConfigMgr.getServiceConfig(ISAuthConstants.AUTH_SERVICE_NAME);
Map attrs = svcConfig.getAttributes();
orgAuthConfig = Misc.getMapAttr(attrs, ISAuthConstants.AUTHCONFIG_ORG);
} catch (Exception e) {
debug.error("Error in getOrgConfiguredAuthenticationChain : ", e);
}
return orgAuthConfig;
}
@AfterClass
public void cleanup() throws Exception {
PolicyManager pm = new PolicyManager(adminToken, SUB_REALM1);
pm.removePolicy(POLICY_NAME);
pm = new PolicyManager(adminToken, "/");
pm.removePolicy(REFERRAL_POLICY_NAME1);
pm.removePolicy(REFERRAL_POLICY_NAME2);
OrganizationConfigManager ocm = new OrganizationConfigManager(adminToken, "/");
String subRealm = SUB_REALM1.substring(1);
ocm.deleteSubOrganization(subRealm, true);
}
private void createOrgs() throws Exception {
OrganizationConfigManager ocm = new OrganizationConfigManager(adminToken, "/");
String subRealm = SUB_REALM1.substring(1);
Map<String, Map<String, Set<String>>> map = new HashMap<String, Map<String, Set<String>>>();
Map<String, Set<String>> idRepoService = new HashMap<String, Set<String>>();
Set<String> set = new HashSet<String>();
set.add("www.OrgAliasReferralTest.com");
idRepoService.put(PolicyManager.ORG_ALIAS, set);
map.put(PolicyManager.ID_REPO_SERVICE, idRepoService);
ocm.createSubOrganization(subRealm, map);
}
/**
* Returns names of all realms included in the subtree rooted by the realm indicated in the query
* url.
*
* <p>Names are unsorted and given as full paths.
*
* <p>Filtering, sorting, and paging of results is not supported.
*
* <p>{@inheritDoc}
*/
@Override
public void queryCollection(
final ServerContext context, final QueryRequest request, final QueryResultHandler handler) {
final String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
final RealmContext realmContext = context.asContext(RealmContext.class);
final String realmPath = realmContext.getResolvedRealm();
try {
final SSOTokenManager mgr = SSOTokenManager.getInstance();
final SSOToken ssoToken = mgr.createSSOToken(getCookieFromServerContext(context));
final OrganizationConfigManager ocm = new OrganizationConfigManager(ssoToken, realmPath);
final List<String> realmsInSubTree = new ArrayList<String>();
realmsInSubTree.add(realmPath);
for (final Object subRealmRelativePath : ocm.getSubOrganizationNames("*", true)) {
if (realmPath.endsWith("/")) {
realmsInSubTree.add(realmPath + subRealmRelativePath);
} else {
realmsInSubTree.add(realmPath + "/" + subRealmRelativePath);
}
}
debug.message("RealmResource :: QUERY : performed by " + principalName);
for (final Object realmName : realmsInSubTree) {
JsonValue val = new JsonValue(realmName);
Resource resource = new Resource((String) realmName, "0", val);
handler.handleResource(resource);
}
handler.handleResult(new QueryResult());
} catch (SSOException ex) {
debug.error("RealmResource :: QUERY by " + principalName + " failed : " + ex);
handler.handleError(ResourceException.getException(ResourceException.FORBIDDEN));
} catch (SMSException ex) {
debug.error("RealmResource :: QUERY by " + principalName + " failed :" + ex);
switch (ex.getExceptionCode()) {
case STATUS_NO_PERMISSION:
// This exception will be thrown if permission to read realms from SMS has not been
// delegated
handler.handleError(ResourceException.getException(ResourceException.FORBIDDEN));
break;
default:
handler.handleError(ResourceException.getException(ResourceException.INTERNAL_ERROR));
break;
}
}
}
/**
* Returns a list of domains defined by iplanet-am-auth-valid-goto-domains in iPlanetAMAuthService
* plus organization aliases
*
* @param orgDN organization DN.
* @return a Set object containing a list of valid domains, null if
* iplanet-am-auth-valid-goto-domains is empty.
*/
private Set getValidGotoUrlDomains(String orgDN) {
Set validGotoUrlDomains = null;
try {
OrganizationConfigManager orgConfigMgr = getOrgConfigManager(orgDN);
ServiceConfig svcConfig = orgConfigMgr.getServiceConfig(ISAuthConstants.AUTH_SERVICE_NAME);
Map attrs = svcConfig.getAttributes();
validGotoUrlDomains = (Set) attrs.get(ISAuthConstants.AUTH_GOTO_DOMAINS);
if (debug.messageEnabled()) {
debug.message("AuthD.getValidGotoUrlDomains(): " + validGotoUrlDomains);
}
} catch (Exception e) {
debug.error("AuthD.getValidGotoUrlDomains():" + "Error in getValidGotoUrlDomains : ", e);
}
return validGotoUrlDomains;
}
/**
* Unassigns services from realm.
*
* @param realmName Name of Realm.
* @param names Names of services that are to be unassigned.
* @throws AMConsoleException if services cannot be unassigned.
*/
public void unassignServices(String realmName, Set names) throws AMConsoleException {
if ((names != null) && !names.isEmpty()) {
if ((realmName == null) || (realmName.trim().length() == 0)) {
realmName = "/";
}
String[] params = new String[2];
params[0] = realmName;
String curServiceName = "";
try {
OrganizationConfigManager scm = new OrganizationConfigManager(getUserSSOToken(), realmName);
AMIdentityRepository repo = new AMIdentityRepository(getUserSSOToken(), realmName);
AMIdentity realmIdentity = repo.getRealmIdentity();
Set realmServices = realmIdentity.getAssignedServices();
for (Iterator iter = names.iterator(); iter.hasNext(); ) {
String name = (String) iter.next();
curServiceName = name;
params[1] = name;
logEvent("ATTEMPT_UNASSIGN_SERVICE_FROM_REALM", params);
if (realmServices.contains(name)) {
realmIdentity.unassignService(name);
} else {
scm.unassignService(name);
}
logEvent("SUCCEED_UNASSIGN_SERVICE_FROM_REALM", params);
}
} catch (SMSException e) {
String strError = getErrorString(e);
String[] paramsEx = {realmName, curServiceName, strError};
logEvent("SMS_EXCEPTION_UNASSIGN_SERVICE_FROM_REALM", paramsEx);
throw new AMConsoleException(strError);
} catch (SSOException e) {
String strError = getErrorString(e);
String[] paramsEx = {realmName, curServiceName, strError};
logEvent("SSO_EXCEPTION_UNASSIGN_SERVICE_FROM_REALM", paramsEx);
throw new AMConsoleException(strError);
} catch (IdRepoException e) {
String strError = getErrorString(e);
String[] paramsEx = {realmName, curServiceName, strError};
logEvent("IDREPO_EXCEPTION_UNASSIGN_SERVICE_FROM_REALM", paramsEx);
throw new AMConsoleException(strError);
}
}
}
/**
* Creates Organization within OpenAM
*
* @param ocm Organization Configuration Manager
* @param jVal JSONvalue that contains the payload
* @param realm Name of the realm to be created
* @throws SMSException
* @throws Exception
*/
private void createOrganization(
OrganizationConfigManager ocm, JsonValue jVal, String realm, String realmPath)
throws Exception {
Map defaultValues = null;
OrganizationConfigManager realmCreatedOcm;
if (realmPath != null && !realmPath.endsWith("/")) {
realmPath = realmPath + "/";
}
try {
JsonValue realmDetails = jVal;
if (jVal != null) {
defaultValues = createServicesMap(jVal);
}
ocm.createSubOrganization(realm, defaultValues);
// Get the Organization Configuration Manager for the new Realm
realmCreatedOcm = new OrganizationConfigManager(getSSOToken(), realmPath + realm);
List newServiceNames = realmDetails.get(SERVICE_NAMES).asList();
if (newServiceNames != null && !newServiceNames.isEmpty()) {
// assign services to realm
assignServices(realmCreatedOcm, newServiceNames);
}
} catch (SMSException smse) {
debug.error("RealmResource.createOrganization()", smse);
throw smse;
} catch (Exception e) {
debug.error("RealmResource.createOrganization()", e);
throw e;
}
}
/**
* Update a service with new attributes
*
* @param ocm Organization Configuration Manager
* @param serviceNames Map of service names
* @throws SMSException
*/
private void updateConfiguredServices(OrganizationConfigManager ocm, Map serviceNames)
throws SMSException {
try {
ocm.setAttributes(IdConstants.REPO_SERVICE, (Map) serviceNames.get(IdConstants.REPO_SERVICE));
} catch (SMSException smse) {
throw smse;
}
}
@AfterTest
public void cleanup() throws Exception {
Set<AMIdentity> identities = new HashSet<AMIdentity>();
identities.add(delegatedUser);
identities.add(delegatedUser1);
IdRepoUtils.deleteIdentities(SUB_REALM, identities);
ApplicationManager.deleteApplication(
SubjectUtils.createSuperAdminSubject(), SUB_REALM, APPLICATION_NAME);
ReferralPrivilegeManager mgr =
new ReferralPrivilegeManager("/", SubjectUtils.createSuperAdminSubject());
mgr.remove(REFERRAL_NAME);
OrganizationConfigManager orgMgr = new OrganizationConfigManager(adminToken, "/");
orgMgr.deleteSubOrganization(SUB_REALM, true);
}
@AfterClass
public void cleanup() throws Exception {
if (!migrated) {
return;
}
ReferralPrivilegeManager mgr = new ReferralPrivilegeManager(SUB_REALM2, adminSubject);
mgr.delete(REFERRAL_NAME2);
mgr = new ReferralPrivilegeManager("/", adminSubject);
mgr.delete(REFERRAL_NAME1);
ApplicationManager.deleteApplication(adminSubject, "/", APPL_NAME);
OrganizationConfigManager ocm = new OrganizationConfigManager(adminToken, "/");
String subRealm = SUB_REALM1.substring(1);
ocm.deleteSubOrganization(subRealm, true);
subRealm = SUB_REALM2.substring(1);
ocm.deleteSubOrganization(subRealm, true);
subRealm = SUB_REALM3.substring(1);
ocm.deleteSubOrganization(subRealm, true);
}
/**
* Returns a map of assigned service name to its localized name under a realm.
*
* @param realmName Name of Realm.
* @return a map of assigned service name to its localized name under a realm.
* @throws AMConsoleException if service names cannot be obtained.
*/
public Map getAssignedServiceNames(String realmName) throws AMConsoleException {
String[] param = {realmName};
logEvent("ATTEMPT_GET_ASSIGNED_SERVICE_OF_REALM", param);
try {
OrganizationConfigManager orgCfgMgr =
new OrganizationConfigManager(getUserSSOToken(), realmName);
Set names = orgCfgMgr.getAssignedServices();
if ((names == null) || names.isEmpty()) {
names = new HashSet();
}
getIdentityServices(realmName, names);
/*
* Need to use adminSSOToken because policy admin does not
* have the correct privileges.
*/
AMAuthenticationManager mgr = new AMAuthenticationManager(adminSSOToken, realmName);
AMAdminUtils.removeAllCaseIgnore(names, mgr.getAuthenticationServiceNames());
removeNonDisplayableServices(names, SUPPORTED_SCHEMA_TYPE);
// remove auth configuration service too
names.remove(AMAdminConstants.AUTH_CONFIG_SERVICE);
names.remove(AMAdminConstants.CORE_AUTH_SERVICE);
/*
Creation and edit of instances of the Rest/Soap STS services handled by the STS tab.
*/
names.remove(AMAdminConstants.REST_STS_SERVICE);
names.remove(AMAdminConstants.SOAP_STS_SERVICE);
logEvent("SUCCEED_GET_ASSIGNED_SERVICE_OF_REALM", param);
return mapNameToDisplayName(names);
} catch (AMConfigurationException e) {
String strError = getErrorString(e);
String[] paramsEx = {realmName, strError};
logEvent("CONFIGURATION_EXCEPTION_GET_ASSIGNED_SERVICE_OF_REALM", paramsEx);
throw new AMConsoleException(strError);
} catch (SMSException e) {
String strError = getErrorString(e);
String[] paramsEx = {realmName, strError};
logEvent("SMS_EXCEPTION_GET_ASSIGNED_SERVICE_OF_REALM", paramsEx);
throw new AMConsoleException(strError);
}
}
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throw CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
ldapLogin();
SSOToken adminSSOToken = getAdminSSOToken();
String realm = getStringOptionValue(IArgument.REALM_NAME);
String pattern = getStringOptionValue(IArgument.FILTER);
boolean recursive = isOptionSet(IArgument.RECURSIVE);
String strRecursive = (recursive) ? "recursive" : "non recursive";
if ((pattern == null) || (pattern.trim().length() == 0)) {
pattern = "*";
}
String[] params = {realm, pattern, strRecursive};
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_SEARCH_REALM", params);
try {
OrganizationConfigManager ocm = new OrganizationConfigManager(adminSSOToken, realm);
Set results = ocm.getSubOrganizationNames(pattern, recursive);
IOutput outputWriter = getOutputWriter();
if ((results != null) && !results.isEmpty()) {
String template = getResourceString("search-realm-results");
String[] arg = new String[1];
for (Iterator i = results.iterator(); i.hasNext(); ) {
arg[0] = (String) i.next();
outputWriter.printlnMessage(MessageFormat.format(template, (Object[]) arg));
}
outputWriter.printlnMessage(getResourceString("search-realm-succeed"));
} else {
outputWriter.printlnMessage(getResourceString("search-realm-no-results"));
}
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_SEARCH_REALM", params);
} catch (SMSException e) {
String[] args = {realm, strRecursive, e.getMessage()};
debugError("SearchRealms.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_SEARCH_REALM", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
ldapLogin();
SSOToken adminSSOToken = getAdminSSOToken();
String realm = getStringOptionValue(IArgument.REALM_NAME);
boolean recursive = isOptionSet(IArgument.RECURSIVE);
String strRecursive = (recursive) ? "recursive" : "non recursive";
String[] params = {realm, strRecursive};
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_DELETE_REALM", params);
try {
OrganizationConfigManager ocm = new OrganizationConfigManager(adminSSOToken, realm);
ocm.deleteSubOrganization(null, recursive);
getOutputWriter().printlnMessage(getResourceString("delete-realm-succeed"));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_DELETE_REALM", params);
} catch (SMSException e) {
String[] args = {realm, strRecursive, e.getMessage()};
debugError("DeleteRealm.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_DELETE_REALM", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
/**
* Returns a map of service name to its display name that can be assigned to a realm.
*
* @param realmName Name of Realm.
* @return a map of service name to its display name that can be assigned to a realm.
* @throws AMConsoleException if service names cannot be obtained.
*/
public Map getAssignableServiceNames(String realmName) throws AMConsoleException {
String[] param = {realmName};
logEvent("ATTEMPT_GET_ASSIGNABLE_SERVICE_OF_REALM", param);
try {
OrganizationConfigManager orgCfgMgr =
new OrganizationConfigManager(getUserSSOToken(), realmName);
Set names = orgCfgMgr.getAssignableServices();
addIdentityUnassignedServices(realmName, names);
names.removeAll(orgCfgMgr.getAssignedServices());
AMAuthenticationManager mgr = new AMAuthenticationManager(getUserSSOToken(), realmName);
AMAdminUtils.removeAllCaseIgnore(names, mgr.getAuthenticationServiceNames());
removeNonDisplayableServices(names, SUPPORTED_SCHEMA_TYPE);
names.remove(AMAdminConstants.CORE_AUTH_SERVICE);
/*
Creation and edit of instances of the Rest/Soap STS services handled by the STS tab.
*/
names.remove(AMAdminConstants.REST_STS_SERVICE);
names.remove(AMAdminConstants.SOAP_STS_SERVICE);
logEvent("SUCCEED_GET_ASSIGNABLE_SERVICE_OF_REALM", param);
return mapNameToDisplayName(names);
} catch (AMConfigurationException e) {
String strError = getErrorString(e);
String[] paramsEx = {realmName, strError};
logEvent("CONFIGURATION_EXCEPTION_GET_ASSIGNABLE_SERVICE_OF_REALM", paramsEx);
if (debug.warningEnabled()) {
debug.warning("ServicesModel.getAssignableServiceNames " + strError);
}
throw new AMConsoleException("no.properties");
} catch (SMSException e) {
String strError = getErrorString(e);
String[] paramsEx = {realmName, strError};
logEvent("SMS_EXCEPTION_GET_ASSIGNABLE_SERVICE_OF_REALM", paramsEx);
throw new AMConsoleException(strError);
}
}
/**
* Returns a JsonValue containing Service Names and Values
*
* @param ocm The organization configuration manager
* @param serviceNames Names of the services available to the organization
* @return The JsonValue Object containing attributes assigned to the services
*/
private JsonValue serviceNamesToJSON(OrganizationConfigManager ocm, Set serviceNames)
throws SMSException {
JsonValue realmServices = new JsonValue(new LinkedHashMap<String, Object>(1));
try {
for (Object service : serviceNames) {
String tmp = (String) service;
Object holdAttrForService = ocm.getAttributes(tmp);
realmServices.add(tmp, holdAttrForService);
}
} catch (SMSException e) {
debug.error("RealmResource.serviceNamesToJSON :: " + e);
throw e;
}
return realmServices;
}
private void createOrgs() throws Exception {
OrganizationConfigManager ocm = new OrganizationConfigManager(adminToken, "/");
String subRealm = SUB_REALM1.substring(1);
ocm.createSubOrganization(subRealm, Collections.EMPTY_MAP);
}
/** {@inheritDoc} */
@Override
public void createInstance(
final ServerContext context,
final CreateRequest request,
final ResultHandler<Resource> handler) {
RealmContext realmContext = context.asContext(RealmContext.class);
String realmPath = realmContext.getResolvedRealm();
Resource resource;
String parentRealm;
String childRealm;
String realm = null;
try {
hasPermission(context);
final JsonValue jVal = request.getContent();
// get the realm
realm = jVal.get("realm").asString();
realm = checkForTopLevelRealm(realm);
if (realm == null || realm.isEmpty()) {
throw new BadRequestException("No realm name provided.");
} else if (!realm.startsWith("/")) {
realm = "/" + realm;
}
if (!realmPath.equalsIgnoreCase("/")) {
// build realm to comply with format if not top level
realm = realmPath + realm;
}
parentRealm = RealmUtils.getParentRealm(realm);
childRealm = RealmUtils.getChildRealm(realm);
OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), parentRealm);
Map defaultValues = createServicesMap(jVal);
ocm.createSubOrganization(childRealm, defaultValues);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
debug.message(
"RealmResource.createInstance :: CREATE of realm "
+ childRealm
+ " in realm "
+ parentRealm
+ " performed by "
+ principalName);
// create a resource for handler to return
OrganizationConfigManager realmCreated = new OrganizationConfigManager(getSSOToken(), realm);
resource =
new Resource(
childRealm,
String.valueOf(System.currentTimeMillis()),
createJsonMessage("realmCreated", realmCreated.getOrganizationName()));
handler.handleResult(resource);
} catch (SMSException smse) {
debug.error("RealmResource.createInstance() : Cannot find " + realm, smse);
try {
configureErrorMessage(smse);
} catch (NotFoundException nf) {
debug.error("RealmResource.createInstance() : Cannot find " + realm, nf);
handler.handleError(nf);
} catch (ForbiddenException fe) {
// User does not have authorization
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
handler.handleError(fe);
} catch (PermanentException pe) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
// Cannot recover from this exception
handler.handleError(pe);
} catch (ConflictException ce) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, ce);
handler.handleError(ce);
} catch (BadRequestException be) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
handler.handleError(be);
} catch (Exception e) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, e);
handler.handleError(new BadRequestException(e.getMessage(), e));
}
} catch (SSOException sso) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, sso);
handler.handleError(new PermanentException(401, "Access Denied", null));
} catch (ForbiddenException fe) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
handler.handleError(fe);
} catch (BadRequestException be) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
handler.handleError(be);
} catch (PermanentException pe) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
// Cannot recover from this exception
handler.handleError(pe);
} catch (Exception e) {
debug.error("RealmResource.createInstance()" + realm + ":" + e);
handler.handleError(new BadRequestException(e.getMessage(), e));
}
}
/** {@inheritDoc} */
@Override
public void updateInstance(
final ServerContext context,
final String resourceId,
final UpdateRequest request,
final ResultHandler<Resource> handler) {
RealmContext realmContext = context.asContext(RealmContext.class);
String realmPath = realmContext.getResolvedRealm();
final JsonValue realmDetails = request.getContent();
Resource resource;
String realm = null;
OrganizationConfigManager ocm;
OrganizationConfigManager realmCreatedOcm;
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
try {
hasPermission(context);
realm = checkForTopLevelRealm(resourceId);
if (realm != null && !realm.startsWith("/")) {
realm = "/" + realm;
}
if (!realmPath.equalsIgnoreCase("/")) {
realm = realmPath + realm;
}
// The initial attempt to UPDATE a realm,
// if the realm does not exist it must be created
ocm = new OrganizationConfigManager(getSSOToken(), realm);
List newServiceNames;
// update ID_REPO attributes
updateConfiguredServices(ocm, createServicesMap(realmDetails));
newServiceNames = realmDetails.get(SERVICE_NAMES).asList();
if (newServiceNames == null || newServiceNames.isEmpty()) {
debug.error("RealmResource.updateInstance() : No Services defined.");
} else {
assignServices(ocm, newServiceNames); // assign services to realm
}
// READ THE REALM
realmCreatedOcm = new OrganizationConfigManager(getSSOToken(), realm);
debug.message(
"RealmResource.updateInstance :: UPDATE of realm "
+ realm
+ " performed by "
+ principalName);
// create a resource for handler to return
resource =
new Resource(
realm,
String.valueOf(System.currentTimeMillis()),
createJsonMessage("realmUpdated", realmCreatedOcm.getOrganizationName()));
handler.handleResult(resource);
} catch (SMSException e) {
try {
configureErrorMessage(e);
} catch (NotFoundException nfe) {
if (debug.errorEnabled()) {
debug.error(
"RealmResource.updateInstance()"
+ "Cannot find "
+ resourceId
+ ":"
+ e
+ "\n"
+ "CREATING "
+ resourceId);
}
// Realm was NOT found, therefore create the realm
try {
String parentRealm = RealmUtils.getParentRealm(realm);
String childRealm = RealmUtils.getChildRealm(realm);
ocm = new OrganizationConfigManager(getSSOToken(), parentRealm);
// create the realm
createOrganization(ocm, realmDetails, childRealm, realmPath);
// read the realm to make sure that it has been created...
realmCreatedOcm = new OrganizationConfigManager(getSSOToken(), realm);
if (debug.messageEnabled()) {
debug.message(
"RealmResource.updateInstance :: UPDATE of realm "
+ realm
+ " performed by "
+ principalName);
}
resource =
new Resource(
childRealm,
String.valueOf(System.currentTimeMillis()),
createJsonMessage("realmCreated", realmCreatedOcm.getOrganizationName()));
if (debug.messageEnabled()) {
debug.message("RealmResource :: UPDATE : Updated resource with ID, " + resourceId);
}
handler.handleResult(resource);
} catch (SMSException smse) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, smse);
try {
configureErrorMessage(smse);
} catch (NotFoundException nf) {
debug.error("RealmResource.updateInstance() : Cannot find " + resourceId, nf);
handler.handleError(nf);
} catch (ForbiddenException fe) {
// User does not have authorization
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe);
handler.handleError(fe);
} catch (PermanentException pe) {
debug.error("RealmResource.updateInstance() Cannot UPDATE " + resourceId, pe);
// Cannot recover from this exception
handler.handleError(pe);
} catch (ConflictException ce) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ce);
handler.handleError(ce);
} catch (BadRequestException be) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, be);
handler.handleError(be);
}
} catch (Exception ex) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex);
handler.handleError(new NotFoundException("Cannot update realm.", ex));
}
} catch (ForbiddenException fe) {
// User does not have authorization
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe);
handler.handleError(fe);
} catch (PermanentException pe) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, pe);
// Cannot recover from this exception
handler.handleError(pe);
} catch (ConflictException ce) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ce);
handler.handleError(ce);
} catch (BadRequestException be) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, be);
handler.handleError(be);
} catch (Exception ex) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex);
handler.handleError(new NotFoundException("Cannot update realm.", ex));
}
} catch (SSOException sso) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, sso);
handler.handleError(new PermanentException(401, "Access Denied", null));
} catch (ForbiddenException fe) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe);
handler.handleError(fe);
} catch (PermanentException pe) {
debug.error("RealmResource.Instance() : Cannot UPDATE " + resourceId, pe);
// Cannot recover from this exception
handler.handleError(pe);
} catch (Exception ex) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex);
handler.handleError(new NotFoundException("Cannot update realm.", ex));
}
}
/** {@inheritDoc} */
@Override
public void deleteInstance(
final ServerContext context,
final String resourceId,
final DeleteRequest request,
final ResultHandler<Resource> handler) {
RealmContext realmContext = context.asContext(RealmContext.class);
String realmPath = realmContext.getResolvedRealm();
boolean recursive = false;
Resource resource;
String holdResourceId = checkForTopLevelRealm(resourceId);
try {
hasPermission(context);
if (holdResourceId != null && !holdResourceId.startsWith("/")) {
holdResourceId = "/" + holdResourceId;
}
if (!realmPath.equalsIgnoreCase("/")) {
holdResourceId = realmPath + holdResourceId;
}
OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), holdResourceId);
ocm.deleteSubOrganization(null, recursive);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
debug.message(
"RealmResource.deleteInstance :: DELETE of realm "
+ holdResourceId
+ " performed by "
+ principalName);
// handle resource
resource = new Resource(resourceId, "0", createJsonMessage("success", "true"));
handler.handleResult(resource);
} catch (SMSException smse) {
try {
configureErrorMessage(smse);
} catch (NotFoundException nf) {
debug.error("RealmResource.deleteInstance() : Cannot find " + resourceId + ":" + smse);
handler.handleError(nf);
} catch (ForbiddenException fe) {
// User does not have authorization
debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
handler.handleError(fe);
} catch (PermanentException pe) {
debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
// Cannot recover from this exception
handler.handleError(pe);
} catch (ConflictException ce) {
debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
handler.handleError(ce);
} catch (BadRequestException be) {
debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
handler.handleError(be);
} catch (Exception e) {
handler.handleError(new BadRequestException(e.getMessage(), e));
}
} catch (SSOException sso) {
debug.error("RealmResource.updateInstance() : Cannot DELETE " + resourceId + ":" + sso);
handler.handleError(new PermanentException(401, "Access Denied", null));
} catch (ForbiddenException fe) {
debug.error("RealmResource.updateInstance() : Cannot DELETE " + resourceId + ":" + fe);
handler.handleError(fe);
} catch (Exception e) {
handler.handleError(new BadRequestException(e.getMessage(), e));
}
}
/** {@inheritDoc} */
@Override
public void readInstance(
final ServerContext context,
final String resourceId,
final ReadRequest request,
final ResultHandler<Resource> handler) {
RealmContext realmContext = context.asContext(RealmContext.class);
String realmPath = realmContext.getResolvedRealm();
Resource resource;
JsonValue jval;
String holdResourceId = checkForTopLevelRealm(resourceId);
try {
hasPermission(context);
if (holdResourceId != null && !holdResourceId.startsWith("/")) {
holdResourceId = "/" + holdResourceId;
}
if (!realmPath.equalsIgnoreCase("/")) {
holdResourceId = realmPath + holdResourceId;
}
OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), holdResourceId);
// get associated services for this realm , include mandatory service names.
Set serviceNames = ocm.getAssignedServices();
jval = createJsonMessage(SERVICE_NAMES, serviceNames);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
resource = new Resource(resourceId, String.valueOf(System.currentTimeMillis()), jval);
if (debug.messageEnabled()) {
debug.message(
"RealmResource.readInstance :: READ : Successfully read realm, "
+ resourceId
+ " performed by "
+ principalName);
}
handler.handleResult(resource);
} catch (SSOException sso) {
debug.error("RealmResource.updateInstance() : Cannot READ " + resourceId, sso);
handler.handleError(new PermanentException(401, "Access Denied", null));
} catch (ForbiddenException fe) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId + ":" + fe);
handler.handleError(fe);
} catch (SMSException smse) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, smse);
try {
configureErrorMessage(smse);
} catch (NotFoundException nf) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, nf);
handler.handleError(nf);
} catch (ForbiddenException fe) {
// User does not have authorization
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, fe);
handler.handleError(fe);
} catch (PermanentException pe) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, pe);
// Cannot recover from this exception
handler.handleError(pe);
} catch (ConflictException ce) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, ce);
handler.handleError(ce);
} catch (BadRequestException be) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, be);
handler.handleError(be);
} catch (Exception e) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, e);
handler.handleError(new BadRequestException(e.getMessage(), e));
}
} catch (Exception e) {
handler.handleError(new BadRequestException(e.getMessage(), e));
}
}
