예제 #1
0
  /**
   * Records an 'access' audit event before and after the filtered CREST resource receives an action
   * request.
   *
   * <p>If the 'before' audit event fails due to an error, the request is cancelled and an error
   * response is returned. If the 'after' audit event fails due to an error, the request is not
   * cancelled as it's affects may have already been applied.
   *
   * @param context {@inheritDoc}
   * @param request {@inheritDoc}
   * @param handler {@inheritDoc}
   * @param next {@inheritDoc}
   */
  @Override
  public void filterAction(
      ServerContext context,
      ActionRequest request,
      ResultHandler<JsonValue> handler,
      RequestHandler next) {

    AuditingResultHandler<JsonValue> auditingHandler =
        newAuditingResultHandler(context, request, handler);
    try {
      auditingHandler.auditAccessAttempt();
    } catch (AuditException e) {
      handler.handleError(ResourceException.getException(ResourceException.INTERNAL_ERROR));
      return;
    }

    next.handleAction(context, request, auditingHandler);
  }
예제 #2
0
  /** {@inheritDoc} */
  @Override
  public void createInstance(
      final ServerContext context,
      final CreateRequest request,
      final ResultHandler<Resource> handler) {

    RealmContext realmContext = context.asContext(RealmContext.class);
    String realmPath = realmContext.getResolvedRealm();

    Resource resource;
    String parentRealm;
    String childRealm;
    String realm = null;

    try {
      hasPermission(context);
      final JsonValue jVal = request.getContent();
      // get the realm
      realm = jVal.get("realm").asString();
      realm = checkForTopLevelRealm(realm);
      if (realm == null || realm.isEmpty()) {
        throw new BadRequestException("No realm name provided.");
      } else if (!realm.startsWith("/")) {
        realm = "/" + realm;
      }
      if (!realmPath.equalsIgnoreCase("/")) {
        // build realm to comply with format if not top level
        realm = realmPath + realm;
      }

      parentRealm = RealmUtils.getParentRealm(realm);
      childRealm = RealmUtils.getChildRealm(realm);

      OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), parentRealm);

      Map defaultValues = createServicesMap(jVal);
      ocm.createSubOrganization(childRealm, defaultValues);
      String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
      debug.message(
          "RealmResource.createInstance :: CREATE of realm "
              + childRealm
              + " in realm "
              + parentRealm
              + " performed by "
              + principalName);

      // create a resource for handler to return
      OrganizationConfigManager realmCreated = new OrganizationConfigManager(getSSOToken(), realm);
      resource =
          new Resource(
              childRealm,
              String.valueOf(System.currentTimeMillis()),
              createJsonMessage("realmCreated", realmCreated.getOrganizationName()));
      handler.handleResult(resource);

    } catch (SMSException smse) {

      debug.error("RealmResource.createInstance() : Cannot find " + realm, smse);

      try {
        configureErrorMessage(smse);
      } catch (NotFoundException nf) {
        debug.error("RealmResource.createInstance() : Cannot find " + realm, nf);
        handler.handleError(nf);
      } catch (ForbiddenException fe) {
        // User does not have authorization
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
        handler.handleError(fe);
      } catch (PermanentException pe) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
        // Cannot recover from this exception
        handler.handleError(pe);
      } catch (ConflictException ce) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, ce);
        handler.handleError(ce);
      } catch (BadRequestException be) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
        handler.handleError(be);
      } catch (Exception e) {
        debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, e);
        handler.handleError(new BadRequestException(e.getMessage(), e));
      }
    } catch (SSOException sso) {
      debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, sso);
      handler.handleError(new PermanentException(401, "Access Denied", null));
    } catch (ForbiddenException fe) {
      debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
      handler.handleError(fe);
    } catch (BadRequestException be) {
      debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
      handler.handleError(be);
    } catch (PermanentException pe) {
      debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
      // Cannot recover from this exception
      handler.handleError(pe);
    } catch (Exception e) {
      debug.error("RealmResource.createInstance()" + realm + ":" + e);
      handler.handleError(new BadRequestException(e.getMessage(), e));
    }
  }
예제 #3
0
  /** {@inheritDoc} */
  @Override
  public void updateInstance(
      final ServerContext context,
      final String resourceId,
      final UpdateRequest request,
      final ResultHandler<Resource> handler) {

    RealmContext realmContext = context.asContext(RealmContext.class);
    String realmPath = realmContext.getResolvedRealm();

    final JsonValue realmDetails = request.getContent();
    Resource resource;
    String realm = null;
    OrganizationConfigManager ocm;
    OrganizationConfigManager realmCreatedOcm;

    String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);

    try {

      hasPermission(context);
      realm = checkForTopLevelRealm(resourceId);
      if (realm != null && !realm.startsWith("/")) {
        realm = "/" + realm;
      }
      if (!realmPath.equalsIgnoreCase("/")) {
        realm = realmPath + realm;
      }
      // The initial attempt to UPDATE a realm,
      // if the realm does not exist it must be created
      ocm = new OrganizationConfigManager(getSSOToken(), realm);
      List newServiceNames;
      // update ID_REPO attributes
      updateConfiguredServices(ocm, createServicesMap(realmDetails));
      newServiceNames = realmDetails.get(SERVICE_NAMES).asList();
      if (newServiceNames == null || newServiceNames.isEmpty()) {
        debug.error("RealmResource.updateInstance() : No Services defined.");
      } else {
        assignServices(ocm, newServiceNames); // assign services to realm
      }
      // READ THE REALM
      realmCreatedOcm = new OrganizationConfigManager(getSSOToken(), realm);

      debug.message(
          "RealmResource.updateInstance :: UPDATE of realm "
              + realm
              + " performed by "
              + principalName);

      // create a resource for handler to return
      resource =
          new Resource(
              realm,
              String.valueOf(System.currentTimeMillis()),
              createJsonMessage("realmUpdated", realmCreatedOcm.getOrganizationName()));
      handler.handleResult(resource);
    } catch (SMSException e) {
      try {
        configureErrorMessage(e);
      } catch (NotFoundException nfe) {
        if (debug.errorEnabled()) {
          debug.error(
              "RealmResource.updateInstance()"
                  + "Cannot find "
                  + resourceId
                  + ":"
                  + e
                  + "\n"
                  + "CREATING "
                  + resourceId);
        }
        // Realm was NOT found, therefore create the realm
        try {
          String parentRealm = RealmUtils.getParentRealm(realm);
          String childRealm = RealmUtils.getChildRealm(realm);
          ocm = new OrganizationConfigManager(getSSOToken(), parentRealm);
          // create the realm
          createOrganization(ocm, realmDetails, childRealm, realmPath);

          // read the realm to make sure that it has been created...
          realmCreatedOcm = new OrganizationConfigManager(getSSOToken(), realm);

          if (debug.messageEnabled()) {
            debug.message(
                "RealmResource.updateInstance :: UPDATE of realm "
                    + realm
                    + " performed by "
                    + principalName);
          }

          resource =
              new Resource(
                  childRealm,
                  String.valueOf(System.currentTimeMillis()),
                  createJsonMessage("realmCreated", realmCreatedOcm.getOrganizationName()));
          if (debug.messageEnabled()) {
            debug.message("RealmResource :: UPDATE : Updated resource with ID, " + resourceId);
          }
          handler.handleResult(resource);
        } catch (SMSException smse) {

          debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, smse);

          try {
            configureErrorMessage(smse);
          } catch (NotFoundException nf) {
            debug.error("RealmResource.updateInstance() : Cannot find " + resourceId, nf);
            handler.handleError(nf);
          } catch (ForbiddenException fe) {
            // User does not have authorization
            debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe);
            handler.handleError(fe);
          } catch (PermanentException pe) {
            debug.error("RealmResource.updateInstance() Cannot UPDATE " + resourceId, pe);
            // Cannot recover from this exception
            handler.handleError(pe);
          } catch (ConflictException ce) {
            debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ce);
            handler.handleError(ce);
          } catch (BadRequestException be) {
            debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, be);
            handler.handleError(be);
          }
        } catch (Exception ex) {
          debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex);
          handler.handleError(new NotFoundException("Cannot update realm.", ex));
        }

      } catch (ForbiddenException fe) {
        // User does not have authorization
        debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe);
        handler.handleError(fe);
      } catch (PermanentException pe) {
        debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, pe);
        // Cannot recover from this exception
        handler.handleError(pe);
      } catch (ConflictException ce) {
        debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ce);
        handler.handleError(ce);
      } catch (BadRequestException be) {
        debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, be);
        handler.handleError(be);
      } catch (Exception ex) {
        debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex);
        handler.handleError(new NotFoundException("Cannot update realm.", ex));
      }
    } catch (SSOException sso) {
      debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, sso);
      handler.handleError(new PermanentException(401, "Access Denied", null));
    } catch (ForbiddenException fe) {
      debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe);
      handler.handleError(fe);
    } catch (PermanentException pe) {
      debug.error("RealmResource.Instance() : Cannot UPDATE " + resourceId, pe);
      // Cannot recover from this exception
      handler.handleError(pe);
    } catch (Exception ex) {
      debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex);
      handler.handleError(new NotFoundException("Cannot update realm.", ex));
    }
  }
예제 #4
0
  /** {@inheritDoc} */
  @Override
  public void readInstance(
      final ServerContext context,
      final String resourceId,
      final ReadRequest request,
      final ResultHandler<Resource> handler) {

    RealmContext realmContext = context.asContext(RealmContext.class);
    String realmPath = realmContext.getResolvedRealm();

    Resource resource;
    JsonValue jval;
    String holdResourceId = checkForTopLevelRealm(resourceId);

    try {
      hasPermission(context);
      if (holdResourceId != null && !holdResourceId.startsWith("/")) {
        holdResourceId = "/" + holdResourceId;
      }
      if (!realmPath.equalsIgnoreCase("/")) {
        holdResourceId = realmPath + holdResourceId;
      }
      OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), holdResourceId);
      // get associated services for this realm , include mandatory service names.
      Set serviceNames = ocm.getAssignedServices();
      jval = createJsonMessage(SERVICE_NAMES, serviceNames);

      String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);

      resource = new Resource(resourceId, String.valueOf(System.currentTimeMillis()), jval);
      if (debug.messageEnabled()) {
        debug.message(
            "RealmResource.readInstance :: READ : Successfully read realm, "
                + resourceId
                + " performed by "
                + principalName);
      }
      handler.handleResult(resource);

    } catch (SSOException sso) {
      debug.error("RealmResource.updateInstance() : Cannot READ " + resourceId, sso);
      handler.handleError(new PermanentException(401, "Access Denied", null));
    } catch (ForbiddenException fe) {
      debug.error("RealmResource.readInstance() : Cannot READ " + resourceId + ":" + fe);
      handler.handleError(fe);
    } catch (SMSException smse) {

      debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, smse);

      try {
        configureErrorMessage(smse);
      } catch (NotFoundException nf) {
        debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, nf);
        handler.handleError(nf);
      } catch (ForbiddenException fe) {
        // User does not have authorization
        debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, fe);
        handler.handleError(fe);
      } catch (PermanentException pe) {
        debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, pe);
        // Cannot recover from this exception
        handler.handleError(pe);
      } catch (ConflictException ce) {
        debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, ce);
        handler.handleError(ce);
      } catch (BadRequestException be) {
        debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, be);
        handler.handleError(be);
      } catch (Exception e) {
        debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, e);
        handler.handleError(new BadRequestException(e.getMessage(), e));
      }
    } catch (Exception e) {
      handler.handleError(new BadRequestException(e.getMessage(), e));
    }
  }
예제 #5
0
  /** {@inheritDoc} */
  @Override
  public void deleteInstance(
      final ServerContext context,
      final String resourceId,
      final DeleteRequest request,
      final ResultHandler<Resource> handler) {

    RealmContext realmContext = context.asContext(RealmContext.class);
    String realmPath = realmContext.getResolvedRealm();

    boolean recursive = false;
    Resource resource;
    String holdResourceId = checkForTopLevelRealm(resourceId);

    try {
      hasPermission(context);

      if (holdResourceId != null && !holdResourceId.startsWith("/")) {
        holdResourceId = "/" + holdResourceId;
      }
      if (!realmPath.equalsIgnoreCase("/")) {
        holdResourceId = realmPath + holdResourceId;
      }
      OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), holdResourceId);
      ocm.deleteSubOrganization(null, recursive);
      String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
      debug.message(
          "RealmResource.deleteInstance :: DELETE of realm "
              + holdResourceId
              + " performed by "
              + principalName);
      // handle resource
      resource = new Resource(resourceId, "0", createJsonMessage("success", "true"));
      handler.handleResult(resource);
    } catch (SMSException smse) {
      try {
        configureErrorMessage(smse);
      } catch (NotFoundException nf) {
        debug.error("RealmResource.deleteInstance() : Cannot find " + resourceId + ":" + smse);
        handler.handleError(nf);
      } catch (ForbiddenException fe) {
        // User does not have authorization
        debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
        handler.handleError(fe);
      } catch (PermanentException pe) {
        debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
        // Cannot recover from this exception
        handler.handleError(pe);
      } catch (ConflictException ce) {
        debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
        handler.handleError(ce);
      } catch (BadRequestException be) {
        debug.error("RealmResource.deleteInstance() : Cannot DELETE " + resourceId + ":" + smse);
        handler.handleError(be);
      } catch (Exception e) {
        handler.handleError(new BadRequestException(e.getMessage(), e));
      }
    } catch (SSOException sso) {
      debug.error("RealmResource.updateInstance() : Cannot DELETE " + resourceId + ":" + sso);
      handler.handleError(new PermanentException(401, "Access Denied", null));
    } catch (ForbiddenException fe) {
      debug.error("RealmResource.updateInstance() : Cannot DELETE " + resourceId + ":" + fe);
      handler.handleError(fe);
    } catch (Exception e) {
      handler.handleError(new BadRequestException(e.getMessage(), e));
    }
  }
 @Override
 public void updateInstance(
     ServerContext context, UpdateRequest request, ResultHandler<Resource> handler) {
   handler.handleError(ResourceException.getException(ResourceException.NOT_SUPPORTED));
 }
 @Override
 public void actionInstance(
     ServerContext context, ActionRequest request, ResultHandler<JsonValue> handler) {
   handler.handleError(ResourceException.getException(ResourceException.NOT_SUPPORTED));
 }