/** * Assigns Services to a realm * * @param ocm Organization Configuration Manager * @param newServiceNames List of service names to be assigned/unassigned * @throws SMSException */ private void assignServices(OrganizationConfigManager ocm, List newServiceNames) throws SMSException { try { // include mandatory, otherwise pass in false Set assignedServices = ocm.getAssignedServices(); // combine new services names with current assigned services Set allServices = new HashSet(newServiceNames.size() + assignedServices.size()); // add all to make union of the two sets of service names allServices.addAll(assignedServices); allServices.addAll(newServiceNames); // update services associated with realm for (Object tmp : allServices) { String serviceName = (String) tmp; if (newServiceNames.contains(serviceName) && assignedServices.contains(serviceName)) { // do nothing, keep current service name as it is for now } else if (newServiceNames.contains(serviceName) && !assignedServices.contains(serviceName)) { // assign the service to realm ocm.assignService(serviceName, null); } else if (!newServiceNames.contains(serviceName) && assignedServices.contains(serviceName)) { // unassign the service from the realm if not mandatory ocm.unassignService(serviceName); } } } catch (SMSException smse) { debug.error("RealmResource.assignServices() : Unable to assign services"); throw smse; } }
@AfterClass public void cleanup() throws Exception { if (orgAliasEnabled) { OrganizationConfigManager ocm = new OrganizationConfigManager(adminToken, "/"); ocm.deleteSubOrganization(SUB_REALM1.substring(1), true); } }
@BeforeTest public void setup() throws Exception { OrganizationConfigManager orgMgr = new OrganizationConfigManager(adminToken, "/"); orgMgr.createSubOrganization(SUB_REALM.substring(1), Collections.EMPTY_MAP); delegatedUser = IdRepoUtils.createUser(SUB_REALM, DELEGATED_USER); delegatedUser1 = IdRepoUtils.createUser(SUB_REALM, DELEGATED_USER1); orgMgr = new OrganizationConfigManager(adminToken, SUB_REALM); orgMgr.createSubOrganization(SUB_SUB_REALM, Collections.EMPTY_MAP); createReferral(); Application appl = ApplicationManager.newApplication( SUB_REALM, APPLICATION_NAME, ApplicationTypeManager.getAppplicationType( PrivilegeManager.superAdminSubject, ApplicationTypeManager.URL_APPLICATION_TYPE_NAME)); // Test disabled, unable to make model change. // Set<String> resources = new HashSet<String>(); // resources.add(DELEGATED_RESOURCE); // appl.setResources(resources); appl.setEntitlementCombiner(DenyOverride.class); ApplicationManager.saveApplication(SubjectUtils.createSuperAdminSubject(), SUB_REALM, appl); }
/** * Returns the authentication service or chain configured for the given organization. * * @param orgDN organization DN. * @return the authentication service or chain configured for the given organization. */ public String getOrgConfiguredAuthenticationChain(String orgDN) { String orgAuthConfig = null; try { OrganizationConfigManager orgConfigMgr = getOrgConfigManager(orgDN); ServiceConfig svcConfig = orgConfigMgr.getServiceConfig(ISAuthConstants.AUTH_SERVICE_NAME); Map attrs = svcConfig.getAttributes(); orgAuthConfig = Misc.getMapAttr(attrs, ISAuthConstants.AUTHCONFIG_ORG); } catch (Exception e) { debug.error("Error in getOrgConfiguredAuthenticationChain : ", e); } return orgAuthConfig; }
@AfterClass public void cleanup() throws Exception { PolicyManager pm = new PolicyManager(adminToken, SUB_REALM1); pm.removePolicy(POLICY_NAME); pm = new PolicyManager(adminToken, "/"); pm.removePolicy(REFERRAL_POLICY_NAME1); pm.removePolicy(REFERRAL_POLICY_NAME2); OrganizationConfigManager ocm = new OrganizationConfigManager(adminToken, "/"); String subRealm = SUB_REALM1.substring(1); ocm.deleteSubOrganization(subRealm, true); }
private void createOrgs() throws Exception { OrganizationConfigManager ocm = new OrganizationConfigManager(adminToken, "/"); String subRealm = SUB_REALM1.substring(1); Map<String, Map<String, Set<String>>> map = new HashMap<String, Map<String, Set<String>>>(); Map<String, Set<String>> idRepoService = new HashMap<String, Set<String>>(); Set<String> set = new HashSet<String>(); set.add("www.OrgAliasReferralTest.com"); idRepoService.put(PolicyManager.ORG_ALIAS, set); map.put(PolicyManager.ID_REPO_SERVICE, idRepoService); ocm.createSubOrganization(subRealm, map); }
/** * Returns names of all realms included in the subtree rooted by the realm indicated in the query * url. * * <p>Names are unsorted and given as full paths. * * <p>Filtering, sorting, and paging of results is not supported. * * <p>{@inheritDoc} */ @Override public void queryCollection( final ServerContext context, final QueryRequest request, final QueryResultHandler handler) { final String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context); final RealmContext realmContext = context.asContext(RealmContext.class); final String realmPath = realmContext.getResolvedRealm(); try { final SSOTokenManager mgr = SSOTokenManager.getInstance(); final SSOToken ssoToken = mgr.createSSOToken(getCookieFromServerContext(context)); final OrganizationConfigManager ocm = new OrganizationConfigManager(ssoToken, realmPath); final List<String> realmsInSubTree = new ArrayList<String>(); realmsInSubTree.add(realmPath); for (final Object subRealmRelativePath : ocm.getSubOrganizationNames("*", true)) { if (realmPath.endsWith("/")) { realmsInSubTree.add(realmPath + subRealmRelativePath); } else { realmsInSubTree.add(realmPath + "/" + subRealmRelativePath); } } debug.message("RealmResource :: QUERY : performed by " + principalName); for (final Object realmName : realmsInSubTree) { JsonValue val = new JsonValue(realmName); Resource resource = new Resource((String) realmName, "0", val); handler.handleResource(resource); } handler.handleResult(new QueryResult()); } catch (SSOException ex) { debug.error("RealmResource :: QUERY by " + principalName + " failed : " + ex); handler.handleError(ResourceException.getException(ResourceException.FORBIDDEN)); } catch (SMSException ex) { debug.error("RealmResource :: QUERY by " + principalName + " failed :" + ex); switch (ex.getExceptionCode()) { case STATUS_NO_PERMISSION: // This exception will be thrown if permission to read realms from SMS has not been // delegated handler.handleError(ResourceException.getException(ResourceException.FORBIDDEN)); break; default: handler.handleError(ResourceException.getException(ResourceException.INTERNAL_ERROR)); break; } } }
/** * Returns a list of domains defined by iplanet-am-auth-valid-goto-domains in iPlanetAMAuthService * plus organization aliases * * @param orgDN organization DN. * @return a Set object containing a list of valid domains, null if * iplanet-am-auth-valid-goto-domains is empty. */ private Set getValidGotoUrlDomains(String orgDN) { Set validGotoUrlDomains = null; try { OrganizationConfigManager orgConfigMgr = getOrgConfigManager(orgDN); ServiceConfig svcConfig = orgConfigMgr.getServiceConfig(ISAuthConstants.AUTH_SERVICE_NAME); Map attrs = svcConfig.getAttributes(); validGotoUrlDomains = (Set) attrs.get(ISAuthConstants.AUTH_GOTO_DOMAINS); if (debug.messageEnabled()) { debug.message("AuthD.getValidGotoUrlDomains(): " + validGotoUrlDomains); } } catch (Exception e) { debug.error("AuthD.getValidGotoUrlDomains():" + "Error in getValidGotoUrlDomains : ", e); } return validGotoUrlDomains; }
/** * Unassigns services from realm. * * @param realmName Name of Realm. * @param names Names of services that are to be unassigned. * @throws AMConsoleException if services cannot be unassigned. */ public void unassignServices(String realmName, Set names) throws AMConsoleException { if ((names != null) && !names.isEmpty()) { if ((realmName == null) || (realmName.trim().length() == 0)) { realmName = "/"; } String[] params = new String[2]; params[0] = realmName; String curServiceName = ""; try { OrganizationConfigManager scm = new OrganizationConfigManager(getUserSSOToken(), realmName); AMIdentityRepository repo = new AMIdentityRepository(getUserSSOToken(), realmName); AMIdentity realmIdentity = repo.getRealmIdentity(); Set realmServices = realmIdentity.getAssignedServices(); for (Iterator iter = names.iterator(); iter.hasNext(); ) { String name = (String) iter.next(); curServiceName = name; params[1] = name; logEvent("ATTEMPT_UNASSIGN_SERVICE_FROM_REALM", params); if (realmServices.contains(name)) { realmIdentity.unassignService(name); } else { scm.unassignService(name); } logEvent("SUCCEED_UNASSIGN_SERVICE_FROM_REALM", params); } } catch (SMSException e) { String strError = getErrorString(e); String[] paramsEx = {realmName, curServiceName, strError}; logEvent("SMS_EXCEPTION_UNASSIGN_SERVICE_FROM_REALM", paramsEx); throw new AMConsoleException(strError); } catch (SSOException e) { String strError = getErrorString(e); String[] paramsEx = {realmName, curServiceName, strError}; logEvent("SSO_EXCEPTION_UNASSIGN_SERVICE_FROM_REALM", paramsEx); throw new AMConsoleException(strError); } catch (IdRepoException e) { String strError = getErrorString(e); String[] paramsEx = {realmName, curServiceName, strError}; logEvent("IDREPO_EXCEPTION_UNASSIGN_SERVICE_FROM_REALM", paramsEx); throw new AMConsoleException(strError); } } }
/** * Creates Organization within OpenAM * * @param ocm Organization Configuration Manager * @param jVal JSONvalue that contains the payload * @param realm Name of the realm to be created * @throws SMSException * @throws Exception */ private void createOrganization( OrganizationConfigManager ocm, JsonValue jVal, String realm, String realmPath) throws Exception { Map defaultValues = null; OrganizationConfigManager realmCreatedOcm; if (realmPath != null && !realmPath.endsWith("/")) { realmPath = realmPath + "/"; } try { JsonValue realmDetails = jVal; if (jVal != null) { defaultValues = createServicesMap(jVal); } ocm.createSubOrganization(realm, defaultValues); // Get the Organization Configuration Manager for the new Realm realmCreatedOcm = new OrganizationConfigManager(getSSOToken(), realmPath + realm); List newServiceNames = realmDetails.get(SERVICE_NAMES).asList(); if (newServiceNames != null && !newServiceNames.isEmpty()) { // assign services to realm assignServices(realmCreatedOcm, newServiceNames); } } catch (SMSException smse) { debug.error("RealmResource.createOrganization()", smse); throw smse; } catch (Exception e) { debug.error("RealmResource.createOrganization()", e); throw e; } }
/** * Update a service with new attributes * * @param ocm Organization Configuration Manager * @param serviceNames Map of service names * @throws SMSException */ private void updateConfiguredServices(OrganizationConfigManager ocm, Map serviceNames) throws SMSException { try { ocm.setAttributes(IdConstants.REPO_SERVICE, (Map) serviceNames.get(IdConstants.REPO_SERVICE)); } catch (SMSException smse) { throw smse; } }
@AfterTest public void cleanup() throws Exception { Set<AMIdentity> identities = new HashSet<AMIdentity>(); identities.add(delegatedUser); identities.add(delegatedUser1); IdRepoUtils.deleteIdentities(SUB_REALM, identities); ApplicationManager.deleteApplication( SubjectUtils.createSuperAdminSubject(), SUB_REALM, APPLICATION_NAME); ReferralPrivilegeManager mgr = new ReferralPrivilegeManager("/", SubjectUtils.createSuperAdminSubject()); mgr.remove(REFERRAL_NAME); OrganizationConfigManager orgMgr = new OrganizationConfigManager(adminToken, "/"); orgMgr.deleteSubOrganization(SUB_REALM, true); }
@AfterClass public void cleanup() throws Exception { if (!migrated) { return; } ReferralPrivilegeManager mgr = new ReferralPrivilegeManager(SUB_REALM2, adminSubject); mgr.delete(REFERRAL_NAME2); mgr = new ReferralPrivilegeManager("/", adminSubject); mgr.delete(REFERRAL_NAME1); ApplicationManager.deleteApplication(adminSubject, "/", APPL_NAME); OrganizationConfigManager ocm = new OrganizationConfigManager(adminToken, "/"); String subRealm = SUB_REALM1.substring(1); ocm.deleteSubOrganization(subRealm, true); subRealm = SUB_REALM2.substring(1); ocm.deleteSubOrganization(subRealm, true); subRealm = SUB_REALM3.substring(1); ocm.deleteSubOrganization(subRealm, true); }
/** * Returns a map of assigned service name to its localized name under a realm. * * @param realmName Name of Realm. * @return a map of assigned service name to its localized name under a realm. * @throws AMConsoleException if service names cannot be obtained. */ public Map getAssignedServiceNames(String realmName) throws AMConsoleException { String[] param = {realmName}; logEvent("ATTEMPT_GET_ASSIGNED_SERVICE_OF_REALM", param); try { OrganizationConfigManager orgCfgMgr = new OrganizationConfigManager(getUserSSOToken(), realmName); Set names = orgCfgMgr.getAssignedServices(); if ((names == null) || names.isEmpty()) { names = new HashSet(); } getIdentityServices(realmName, names); /* * Need to use adminSSOToken because policy admin does not * have the correct privileges. */ AMAuthenticationManager mgr = new AMAuthenticationManager(adminSSOToken, realmName); AMAdminUtils.removeAllCaseIgnore(names, mgr.getAuthenticationServiceNames()); removeNonDisplayableServices(names, SUPPORTED_SCHEMA_TYPE); // remove auth configuration service too names.remove(AMAdminConstants.AUTH_CONFIG_SERVICE); names.remove(AMAdminConstants.CORE_AUTH_SERVICE); /* Creation and edit of instances of the Rest/Soap STS services handled by the STS tab. */ names.remove(AMAdminConstants.REST_STS_SERVICE); names.remove(AMAdminConstants.SOAP_STS_SERVICE); logEvent("SUCCEED_GET_ASSIGNED_SERVICE_OF_REALM", param); return mapNameToDisplayName(names); } catch (AMConfigurationException e) { String strError = getErrorString(e); String[] paramsEx = {realmName, strError}; logEvent("CONFIGURATION_EXCEPTION_GET_ASSIGNED_SERVICE_OF_REALM", paramsEx); throw new AMConsoleException(strError); } catch (SMSException e) { String strError = getErrorString(e); String[] paramsEx = {realmName, strError}; logEvent("SMS_EXCEPTION_GET_ASSIGNED_SERVICE_OF_REALM", paramsEx); throw new AMConsoleException(strError); } }
/** * Services a Commandline Request. * * @param rc Request Context. * @throw CLIException if the request cannot serviced. */ public void handleRequest(RequestContext rc) throws CLIException { super.handleRequest(rc); ldapLogin(); SSOToken adminSSOToken = getAdminSSOToken(); String realm = getStringOptionValue(IArgument.REALM_NAME); String pattern = getStringOptionValue(IArgument.FILTER); boolean recursive = isOptionSet(IArgument.RECURSIVE); String strRecursive = (recursive) ? "recursive" : "non recursive"; if ((pattern == null) || (pattern.trim().length() == 0)) { pattern = "*"; } String[] params = {realm, pattern, strRecursive}; writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_SEARCH_REALM", params); try { OrganizationConfigManager ocm = new OrganizationConfigManager(adminSSOToken, realm); Set results = ocm.getSubOrganizationNames(pattern, recursive); IOutput outputWriter = getOutputWriter(); if ((results != null) && !results.isEmpty()) { String template = getResourceString("search-realm-results"); String[] arg = new String[1]; for (Iterator i = results.iterator(); i.hasNext(); ) { arg[0] = (String) i.next(); outputWriter.printlnMessage(MessageFormat.format(template, (Object[]) arg)); } outputWriter.printlnMessage(getResourceString("search-realm-succeed")); } else { outputWriter.printlnMessage(getResourceString("search-realm-no-results")); } writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_SEARCH_REALM", params); } catch (SMSException e) { String[] args = {realm, strRecursive, e.getMessage()}; debugError("SearchRealms.handleRequest", e); writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_SEARCH_REALM", args); throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED); } }
/** * Services a Commandline Request. * * @param rc Request Context. * @throws CLIException if the request cannot serviced. */ public void handleRequest(RequestContext rc) throws CLIException { super.handleRequest(rc); ldapLogin(); SSOToken adminSSOToken = getAdminSSOToken(); String realm = getStringOptionValue(IArgument.REALM_NAME); boolean recursive = isOptionSet(IArgument.RECURSIVE); String strRecursive = (recursive) ? "recursive" : "non recursive"; String[] params = {realm, strRecursive}; writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_DELETE_REALM", params); try { OrganizationConfigManager ocm = new OrganizationConfigManager(adminSSOToken, realm); ocm.deleteSubOrganization(null, recursive); getOutputWriter().printlnMessage(getResourceString("delete-realm-succeed")); writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_DELETE_REALM", params); } catch (SMSException e) { String[] args = {realm, strRecursive, e.getMessage()}; debugError("DeleteRealm.handleRequest", e); writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_DELETE_REALM", args); throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED); } }
/** * Returns a map of service name to its display name that can be assigned to a realm. * * @param realmName Name of Realm. * @return a map of service name to its display name that can be assigned to a realm. * @throws AMConsoleException if service names cannot be obtained. */ public Map getAssignableServiceNames(String realmName) throws AMConsoleException { String[] param = {realmName}; logEvent("ATTEMPT_GET_ASSIGNABLE_SERVICE_OF_REALM", param); try { OrganizationConfigManager orgCfgMgr = new OrganizationConfigManager(getUserSSOToken(), realmName); Set names = orgCfgMgr.getAssignableServices(); addIdentityUnassignedServices(realmName, names); names.removeAll(orgCfgMgr.getAssignedServices()); AMAuthenticationManager mgr = new AMAuthenticationManager(getUserSSOToken(), realmName); AMAdminUtils.removeAllCaseIgnore(names, mgr.getAuthenticationServiceNames()); removeNonDisplayableServices(names, SUPPORTED_SCHEMA_TYPE); names.remove(AMAdminConstants.CORE_AUTH_SERVICE); /* Creation and edit of instances of the Rest/Soap STS services handled by the STS tab. */ names.remove(AMAdminConstants.REST_STS_SERVICE); names.remove(AMAdminConstants.SOAP_STS_SERVICE); logEvent("SUCCEED_GET_ASSIGNABLE_SERVICE_OF_REALM", param); return mapNameToDisplayName(names); } catch (AMConfigurationException e) { String strError = getErrorString(e); String[] paramsEx = {realmName, strError}; logEvent("CONFIGURATION_EXCEPTION_GET_ASSIGNABLE_SERVICE_OF_REALM", paramsEx); if (debug.warningEnabled()) { debug.warning("ServicesModel.getAssignableServiceNames " + strError); } throw new AMConsoleException("no.properties"); } catch (SMSException e) { String strError = getErrorString(e); String[] paramsEx = {realmName, strError}; logEvent("SMS_EXCEPTION_GET_ASSIGNABLE_SERVICE_OF_REALM", paramsEx); throw new AMConsoleException(strError); } }
/** * Returns a JsonValue containing Service Names and Values * * @param ocm The organization configuration manager * @param serviceNames Names of the services available to the organization * @return The JsonValue Object containing attributes assigned to the services */ private JsonValue serviceNamesToJSON(OrganizationConfigManager ocm, Set serviceNames) throws SMSException { JsonValue realmServices = new JsonValue(new LinkedHashMap<String, Object>(1)); try { for (Object service : serviceNames) { String tmp = (String) service; Object holdAttrForService = ocm.getAttributes(tmp); realmServices.add(tmp, holdAttrForService); } } catch (SMSException e) { debug.error("RealmResource.serviceNamesToJSON :: " + e); throw e; } return realmServices; }
private void createOrgs() throws Exception { OrganizationConfigManager ocm = new OrganizationConfigManager(adminToken, "/"); String subRealm = SUB_REALM1.substring(1); ocm.createSubOrganization(subRealm, Collections.EMPTY_MAP); }
/** {@inheritDoc} */ @Override public void createInstance( final ServerContext context, final CreateRequest request, final ResultHandler<Resource> handler) { RealmContext realmContext = context.asContext(RealmContext.class); String realmPath = realmContext.getResolvedRealm(); Resource resource; String parentRealm; String childRealm; String realm = null; try { hasPermission(context); final JsonValue jVal = request.getContent(); // get the realm realm = jVal.get("realm").asString(); realm = checkForTopLevelRealm(realm); if (realm == null || realm.isEmpty()) { throw new BadRequestException("No realm name provided."); } else if (!realm.startsWith("/")) { realm = "/" + realm; } if (!realmPath.equalsIgnoreCase("/")) { // build realm to comply with format if not top level realm = realmPath + realm; } parentRealm = RealmUtils.getParentRealm(realm); childRealm = RealmUtils.getChildRealm(realm); OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), parentRealm); Map defaultValues = createServicesMap(jVal); ocm.createSubOrganization(childRealm, defaultValues); String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context); debug.message( "RealmResource.createInstance :: CREATE of realm " + childRealm + " in realm " + parentRealm + " performed by " + principalName); // create a resource for handler to return OrganizationConfigManager realmCreated = new OrganizationConfigManager(getSSOToken(), realm); resource = new Resource( childRealm, String.valueOf(System.currentTimeMillis()), createJsonMessage("realmCreated", realmCreated.getOrganizationName())); handler.handleResult(resource); } catch (SMSException smse) { debug.error("RealmResource.createInstance() : Cannot find " + realm, smse); try { configureErrorMessage(smse); } catch (NotFoundException nf) { debug.error("RealmResource.createInstance() : Cannot find " + realm, nf); handler.handleError(nf); } catch (ForbiddenException fe) { // User does not have authorization debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe); handler.handleError(fe); } catch (PermanentException pe) { debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe); // Cannot recover from this exception handler.handleError(pe); } catch (ConflictException ce) { debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, ce); handler.handleError(ce); } catch (BadRequestException be) { debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be); handler.handleError(be); } catch (Exception e) { debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, e); handler.handleError(new BadRequestException(e.getMessage(), e)); } } catch (SSOException sso) { debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, sso); handler.handleError(new PermanentException(401, "Access Denied", null)); } catch (ForbiddenException fe) { debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe); handler.handleError(fe); } catch (BadRequestException be) { debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be); handler.handleError(be); } catch (PermanentException pe) { debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe); // Cannot recover from this exception handler.handleError(pe); } catch (Exception e) { debug.error("RealmResource.createInstance()" + realm + ":" + e); handler.handleError(new BadRequestException(e.getMessage(), e)); } }
/** {@inheritDoc} */ @Override public void updateInstance( final ServerContext context, final String resourceId, final UpdateRequest request, final ResultHandler<Resource> handler) { RealmContext realmContext = context.asContext(RealmContext.class); String realmPath = realmContext.getResolvedRealm(); final JsonValue realmDetails = request.getContent(); Resource resource; String realm = null; OrganizationConfigManager ocm; OrganizationConfigManager realmCreatedOcm; String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context); try { hasPermission(context); realm = checkForTopLevelRealm(resourceId); if (realm != null && !realm.startsWith("/")) { realm = "/" + realm; } if (!realmPath.equalsIgnoreCase("/")) { realm = realmPath + realm; } // The initial attempt to UPDATE a realm, // if the realm does not exist it must be created ocm = new OrganizationConfigManager(getSSOToken(), realm); List newServiceNames; // update ID_REPO attributes updateConfiguredServices(ocm, createServicesMap(realmDetails)); newServiceNames = realmDetails.get(SERVICE_NAMES).asList(); if (newServiceNames == null || newServiceNames.isEmpty()) { debug.error("RealmResource.updateInstance() : No Services defined."); } else { assignServices(ocm, newServiceNames); // assign services to realm } // READ THE REALM realmCreatedOcm = new OrganizationConfigManager(getSSOToken(), realm); debug.message( "RealmResource.updateInstance :: UPDATE of realm " + realm + " performed by " + principalName); // create a resource for handler to return resource = new Resource( realm, String.valueOf(System.currentTimeMillis()), createJsonMessage("realmUpdated", realmCreatedOcm.getOrganizationName())); handler.handleResult(resource); } catch (SMSException e) { try { configureErrorMessage(e); } catch (NotFoundException nfe) { if (debug.errorEnabled()) { debug.error( "RealmResource.updateInstance()" + "Cannot find " + resourceId + ":" + e + "\n" + "CREATING " + resourceId); } // Realm was NOT found, therefore create the realm try { String parentRealm = RealmUtils.getParentRealm(realm); String childRealm = RealmUtils.getChildRealm(realm); ocm = new OrganizationConfigManager(getSSOToken(), parentRealm); // create the realm createOrganization(ocm, realmDetails, childRealm, realmPath); // read the realm to make sure that it has been created... realmCreatedOcm = new OrganizationConfigManager(getSSOToken(), realm); if (debug.messageEnabled()) { debug.message( "RealmResource.updateInstance :: UPDATE of realm " + realm + " performed by " + principalName); } resource = new Resource( childRealm, String.valueOf(System.currentTimeMillis()), createJsonMessage("realmCreated", realmCreatedOcm.getOrganizationName())); if (debug.messageEnabled()) { debug.message("RealmResource :: UPDATE : Updated resource with ID, " + resourceId); } handler.handleResult(resource); } catch (SMSException smse) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, smse); try { configureErrorMessage(smse); } catch (NotFoundException nf) { debug.error("RealmResource.updateInstance() : Cannot find " + resourceId, nf); handler.handleError(nf); } catch (ForbiddenException fe) { // User does not have authorization debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe); handler.handleError(fe); } catch (PermanentException pe) { debug.error("RealmResource.updateInstance() Cannot UPDATE " + resourceId, pe); // Cannot recover from this exception handler.handleError(pe); } catch (ConflictException ce) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ce); handler.handleError(ce); } catch (BadRequestException be) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, be); handler.handleError(be); } } catch (Exception ex) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex); handler.handleError(new NotFoundException("Cannot update realm.", ex)); } } catch (ForbiddenException fe) { // User does not have authorization debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe); handler.handleError(fe); } catch (PermanentException pe) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, pe); // Cannot recover from this exception handler.handleError(pe); } catch (ConflictException ce) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ce); handler.handleError(ce); } catch (BadRequestException be) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, be); handler.handleError(be); } catch (Exception ex) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex); handler.handleError(new NotFoundException("Cannot update realm.", ex)); } } catch (SSOException sso) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, sso); handler.handleError(new PermanentException(401, "Access Denied", null)); } catch (ForbiddenException fe) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe); handler.handleError(fe); } catch (PermanentException pe) { debug.error("RealmResource.Instance() : Cannot UPDATE " + resourceId, pe); // Cannot recover from this exception handler.handleError(pe); } catch (Exception ex) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex); handler.handleError(new NotFoundException("Cannot update realm.", ex)); } }
/** {@inheritDoc} */ @Override public void deleteInstance( final ServerContext context, final String resourceId, final DeleteRequest request, final ResultHandler<Resource> handler) { RealmContext realmContext = context.asContext(RealmContext.class); String realmPath = realmContext.getResolvedRealm(); boolean recursive = false; Resource resource; String holdResourceId = checkForTopLevelRealm(resourceId); try { hasPermission(context); if (holdResourceId != null && !holdResourceId.startsWith("/")) { holdResourceId = "/" + holdResourceId; } if (!realmPath.equalsIgnoreCase("/")) { holdResourceId = realmPath + holdResourceId; } OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), holdResourceId); ocm.deleteSubOrganization(null, recursive); String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context); debug.message( "RealmResource.deleteInstance :: DELETE of realm " + holdResourceId + " performed by " + principalName); // handle resource resource = new Resource(resourceId, "0", createJsonMessage("success", "true")); handler.handleResult(resource); } catch (SMSException smse) { try { configureErrorMessage(smse); } catch (NotFoundException nf) { debug.error("RealmResource.deleteInstance() : Cannot find " + resourceId + ":" + smse); handler.handleError(nf); } catch (ForbiddenException fe) { // User does not have authorization debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse); handler.handleError(fe); } catch (PermanentException pe) { debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse); // Cannot recover from this exception handler.handleError(pe); } catch (ConflictException ce) { debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse); handler.handleError(ce); } catch (BadRequestException be) { debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse); handler.handleError(be); } catch (Exception e) { handler.handleError(new BadRequestException(e.getMessage(), e)); } } catch (SSOException sso) { debug.error("RealmResource.updateInstance() : Cannot DELETE " + resourceId + ":" + sso); handler.handleError(new PermanentException(401, "Access Denied", null)); } catch (ForbiddenException fe) { debug.error("RealmResource.updateInstance() : Cannot DELETE " + resourceId + ":" + fe); handler.handleError(fe); } catch (Exception e) { handler.handleError(new BadRequestException(e.getMessage(), e)); } }
/** {@inheritDoc} */ @Override public void readInstance( final ServerContext context, final String resourceId, final ReadRequest request, final ResultHandler<Resource> handler) { RealmContext realmContext = context.asContext(RealmContext.class); String realmPath = realmContext.getResolvedRealm(); Resource resource; JsonValue jval; String holdResourceId = checkForTopLevelRealm(resourceId); try { hasPermission(context); if (holdResourceId != null && !holdResourceId.startsWith("/")) { holdResourceId = "/" + holdResourceId; } if (!realmPath.equalsIgnoreCase("/")) { holdResourceId = realmPath + holdResourceId; } OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), holdResourceId); // get associated services for this realm , include mandatory service names. Set serviceNames = ocm.getAssignedServices(); jval = createJsonMessage(SERVICE_NAMES, serviceNames); String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context); resource = new Resource(resourceId, String.valueOf(System.currentTimeMillis()), jval); if (debug.messageEnabled()) { debug.message( "RealmResource.readInstance :: READ : Successfully read realm, " + resourceId + " performed by " + principalName); } handler.handleResult(resource); } catch (SSOException sso) { debug.error("RealmResource.updateInstance() : Cannot READ " + resourceId, sso); handler.handleError(new PermanentException(401, "Access Denied", null)); } catch (ForbiddenException fe) { debug.error("RealmResource.readInstance() : Cannot READ " + resourceId + ":" + fe); handler.handleError(fe); } catch (SMSException smse) { debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, smse); try { configureErrorMessage(smse); } catch (NotFoundException nf) { debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, nf); handler.handleError(nf); } catch (ForbiddenException fe) { // User does not have authorization debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, fe); handler.handleError(fe); } catch (PermanentException pe) { debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, pe); // Cannot recover from this exception handler.handleError(pe); } catch (ConflictException ce) { debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, ce); handler.handleError(ce); } catch (BadRequestException be) { debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, be); handler.handleError(be); } catch (Exception e) { debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, e); handler.handleError(new BadRequestException(e.getMessage(), e)); } } catch (Exception e) { handler.handleError(new BadRequestException(e.getMessage(), e)); } }