/** * Records an 'access' audit event before and after the filtered CREST resource receives an action * request. * * <p>If the 'before' audit event fails due to an error, the request is cancelled and an error * response is returned. If the 'after' audit event fails due to an error, the request is not * cancelled as it's affects may have already been applied. * * @param context {@inheritDoc} * @param request {@inheritDoc} * @param handler {@inheritDoc} * @param next {@inheritDoc} */ @Override public void filterAction( ServerContext context, ActionRequest request, ResultHandler<JsonValue> handler, RequestHandler next) { AuditingResultHandler<JsonValue> auditingHandler = newAuditingResultHandler(context, request, handler); try { auditingHandler.auditAccessAttempt(); } catch (AuditException e) { handler.handleError(ResourceException.getException(ResourceException.INTERNAL_ERROR)); return; } next.handleAction(context, request, auditingHandler); }
/** {@inheritDoc} */ @Override public void createInstance( final ServerContext context, final CreateRequest request, final ResultHandler<Resource> handler) { RealmContext realmContext = context.asContext(RealmContext.class); String realmPath = realmContext.getResolvedRealm(); Resource resource; String parentRealm; String childRealm; String realm = null; try { hasPermission(context); final JsonValue jVal = request.getContent(); // get the realm realm = jVal.get("realm").asString(); realm = checkForTopLevelRealm(realm); if (realm == null || realm.isEmpty()) { throw new BadRequestException("No realm name provided."); } else if (!realm.startsWith("/")) { realm = "/" + realm; } if (!realmPath.equalsIgnoreCase("/")) { // build realm to comply with format if not top level realm = realmPath + realm; } parentRealm = RealmUtils.getParentRealm(realm); childRealm = RealmUtils.getChildRealm(realm); OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), parentRealm); Map defaultValues = createServicesMap(jVal); ocm.createSubOrganization(childRealm, defaultValues); String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context); debug.message( "RealmResource.createInstance :: CREATE of realm " + childRealm + " in realm " + parentRealm + " performed by " + principalName); // create a resource for handler to return OrganizationConfigManager realmCreated = new OrganizationConfigManager(getSSOToken(), realm); resource = new Resource( childRealm, String.valueOf(System.currentTimeMillis()), createJsonMessage("realmCreated", realmCreated.getOrganizationName())); handler.handleResult(resource); } catch (SMSException smse) { debug.error("RealmResource.createInstance() : Cannot find " + realm, smse); try { configureErrorMessage(smse); } catch (NotFoundException nf) { debug.error("RealmResource.createInstance() : Cannot find " + realm, nf); handler.handleError(nf); } catch (ForbiddenException fe) { // User does not have authorization debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe); handler.handleError(fe); } catch (PermanentException pe) { debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe); // Cannot recover from this exception handler.handleError(pe); } catch (ConflictException ce) { debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, ce); handler.handleError(ce); } catch (BadRequestException be) { debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be); handler.handleError(be); } catch (Exception e) { debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, e); handler.handleError(new BadRequestException(e.getMessage(), e)); } } catch (SSOException sso) { debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, sso); handler.handleError(new PermanentException(401, "Access Denied", null)); } catch (ForbiddenException fe) { debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe); handler.handleError(fe); } catch (BadRequestException be) { debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be); handler.handleError(be); } catch (PermanentException pe) { debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe); // Cannot recover from this exception handler.handleError(pe); } catch (Exception e) { debug.error("RealmResource.createInstance()" + realm + ":" + e); handler.handleError(new BadRequestException(e.getMessage(), e)); } }
/** {@inheritDoc} */ @Override public void updateInstance( final ServerContext context, final String resourceId, final UpdateRequest request, final ResultHandler<Resource> handler) { RealmContext realmContext = context.asContext(RealmContext.class); String realmPath = realmContext.getResolvedRealm(); final JsonValue realmDetails = request.getContent(); Resource resource; String realm = null; OrganizationConfigManager ocm; OrganizationConfigManager realmCreatedOcm; String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context); try { hasPermission(context); realm = checkForTopLevelRealm(resourceId); if (realm != null && !realm.startsWith("/")) { realm = "/" + realm; } if (!realmPath.equalsIgnoreCase("/")) { realm = realmPath + realm; } // The initial attempt to UPDATE a realm, // if the realm does not exist it must be created ocm = new OrganizationConfigManager(getSSOToken(), realm); List newServiceNames; // update ID_REPO attributes updateConfiguredServices(ocm, createServicesMap(realmDetails)); newServiceNames = realmDetails.get(SERVICE_NAMES).asList(); if (newServiceNames == null || newServiceNames.isEmpty()) { debug.error("RealmResource.updateInstance() : No Services defined."); } else { assignServices(ocm, newServiceNames); // assign services to realm } // READ THE REALM realmCreatedOcm = new OrganizationConfigManager(getSSOToken(), realm); debug.message( "RealmResource.updateInstance :: UPDATE of realm " + realm + " performed by " + principalName); // create a resource for handler to return resource = new Resource( realm, String.valueOf(System.currentTimeMillis()), createJsonMessage("realmUpdated", realmCreatedOcm.getOrganizationName())); handler.handleResult(resource); } catch (SMSException e) { try { configureErrorMessage(e); } catch (NotFoundException nfe) { if (debug.errorEnabled()) { debug.error( "RealmResource.updateInstance()" + "Cannot find " + resourceId + ":" + e + "\n" + "CREATING " + resourceId); } // Realm was NOT found, therefore create the realm try { String parentRealm = RealmUtils.getParentRealm(realm); String childRealm = RealmUtils.getChildRealm(realm); ocm = new OrganizationConfigManager(getSSOToken(), parentRealm); // create the realm createOrganization(ocm, realmDetails, childRealm, realmPath); // read the realm to make sure that it has been created... realmCreatedOcm = new OrganizationConfigManager(getSSOToken(), realm); if (debug.messageEnabled()) { debug.message( "RealmResource.updateInstance :: UPDATE of realm " + realm + " performed by " + principalName); } resource = new Resource( childRealm, String.valueOf(System.currentTimeMillis()), createJsonMessage("realmCreated", realmCreatedOcm.getOrganizationName())); if (debug.messageEnabled()) { debug.message("RealmResource :: UPDATE : Updated resource with ID, " + resourceId); } handler.handleResult(resource); } catch (SMSException smse) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, smse); try { configureErrorMessage(smse); } catch (NotFoundException nf) { debug.error("RealmResource.updateInstance() : Cannot find " + resourceId, nf); handler.handleError(nf); } catch (ForbiddenException fe) { // User does not have authorization debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe); handler.handleError(fe); } catch (PermanentException pe) { debug.error("RealmResource.updateInstance() Cannot UPDATE " + resourceId, pe); // Cannot recover from this exception handler.handleError(pe); } catch (ConflictException ce) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ce); handler.handleError(ce); } catch (BadRequestException be) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, be); handler.handleError(be); } } catch (Exception ex) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex); handler.handleError(new NotFoundException("Cannot update realm.", ex)); } } catch (ForbiddenException fe) { // User does not have authorization debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe); handler.handleError(fe); } catch (PermanentException pe) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, pe); // Cannot recover from this exception handler.handleError(pe); } catch (ConflictException ce) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ce); handler.handleError(ce); } catch (BadRequestException be) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, be); handler.handleError(be); } catch (Exception ex) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex); handler.handleError(new NotFoundException("Cannot update realm.", ex)); } } catch (SSOException sso) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, sso); handler.handleError(new PermanentException(401, "Access Denied", null)); } catch (ForbiddenException fe) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe); handler.handleError(fe); } catch (PermanentException pe) { debug.error("RealmResource.Instance() : Cannot UPDATE " + resourceId, pe); // Cannot recover from this exception handler.handleError(pe); } catch (Exception ex) { debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex); handler.handleError(new NotFoundException("Cannot update realm.", ex)); } }
/** {@inheritDoc} */ @Override public void readInstance( final ServerContext context, final String resourceId, final ReadRequest request, final ResultHandler<Resource> handler) { RealmContext realmContext = context.asContext(RealmContext.class); String realmPath = realmContext.getResolvedRealm(); Resource resource; JsonValue jval; String holdResourceId = checkForTopLevelRealm(resourceId); try { hasPermission(context); if (holdResourceId != null && !holdResourceId.startsWith("/")) { holdResourceId = "/" + holdResourceId; } if (!realmPath.equalsIgnoreCase("/")) { holdResourceId = realmPath + holdResourceId; } OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), holdResourceId); // get associated services for this realm , include mandatory service names. Set serviceNames = ocm.getAssignedServices(); jval = createJsonMessage(SERVICE_NAMES, serviceNames); String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context); resource = new Resource(resourceId, String.valueOf(System.currentTimeMillis()), jval); if (debug.messageEnabled()) { debug.message( "RealmResource.readInstance :: READ : Successfully read realm, " + resourceId + " performed by " + principalName); } handler.handleResult(resource); } catch (SSOException sso) { debug.error("RealmResource.updateInstance() : Cannot READ " + resourceId, sso); handler.handleError(new PermanentException(401, "Access Denied", null)); } catch (ForbiddenException fe) { debug.error("RealmResource.readInstance() : Cannot READ " + resourceId + ":" + fe); handler.handleError(fe); } catch (SMSException smse) { debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, smse); try { configureErrorMessage(smse); } catch (NotFoundException nf) { debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, nf); handler.handleError(nf); } catch (ForbiddenException fe) { // User does not have authorization debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, fe); handler.handleError(fe); } catch (PermanentException pe) { debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, pe); // Cannot recover from this exception handler.handleError(pe); } catch (ConflictException ce) { debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, ce); handler.handleError(ce); } catch (BadRequestException be) { debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, be); handler.handleError(be); } catch (Exception e) { debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, e); handler.handleError(new BadRequestException(e.getMessage(), e)); } } catch (Exception e) { handler.handleError(new BadRequestException(e.getMessage(), e)); } }
/** {@inheritDoc} */ @Override public void deleteInstance( final ServerContext context, final String resourceId, final DeleteRequest request, final ResultHandler<Resource> handler) { RealmContext realmContext = context.asContext(RealmContext.class); String realmPath = realmContext.getResolvedRealm(); boolean recursive = false; Resource resource; String holdResourceId = checkForTopLevelRealm(resourceId); try { hasPermission(context); if (holdResourceId != null && !holdResourceId.startsWith("/")) { holdResourceId = "/" + holdResourceId; } if (!realmPath.equalsIgnoreCase("/")) { holdResourceId = realmPath + holdResourceId; } OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), holdResourceId); ocm.deleteSubOrganization(null, recursive); String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context); debug.message( "RealmResource.deleteInstance :: DELETE of realm " + holdResourceId + " performed by " + principalName); // handle resource resource = new Resource(resourceId, "0", createJsonMessage("success", "true")); handler.handleResult(resource); } catch (SMSException smse) { try { configureErrorMessage(smse); } catch (NotFoundException nf) { debug.error("RealmResource.deleteInstance() : Cannot find " + resourceId + ":" + smse); handler.handleError(nf); } catch (ForbiddenException fe) { // User does not have authorization debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse); handler.handleError(fe); } catch (PermanentException pe) { debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse); // Cannot recover from this exception handler.handleError(pe); } catch (ConflictException ce) { debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse); handler.handleError(ce); } catch (BadRequestException be) { debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse); handler.handleError(be); } catch (Exception e) { handler.handleError(new BadRequestException(e.getMessage(), e)); } } catch (SSOException sso) { debug.error("RealmResource.updateInstance() : Cannot DELETE " + resourceId + ":" + sso); handler.handleError(new PermanentException(401, "Access Denied", null)); } catch (ForbiddenException fe) { debug.error("RealmResource.updateInstance() : Cannot DELETE " + resourceId + ":" + fe); handler.handleError(fe); } catch (Exception e) { handler.handleError(new BadRequestException(e.getMessage(), e)); } }
@Override public void updateInstance( ServerContext context, UpdateRequest request, ResultHandler<Resource> handler) { handler.handleError(ResourceException.getException(ResourceException.NOT_SUPPORTED)); }
@Override public void actionInstance( ServerContext context, ActionRequest request, ResultHandler<JsonValue> handler) { handler.handleError(ResourceException.getException(ResourceException.NOT_SUPPORTED)); }