@Override
public Promise<ResourceResponse, ResourceException> createInstance(
Context context, CreateRequest request) {
TokenGenerationServiceInvocationState invocationState;
try {
invocationState = TokenGenerationServiceInvocationState.fromJson(request.getContent());
} catch (Exception e) {
logger.error(
"Exception caught marshalling json into TokenGenerationServiceInvocationState instance: "
+ e);
return new BadRequestException(e.getMessage(), e).asPromise();
}
SSOToken subjectToken;
try {
subjectToken = validateAssertionSubjectSession(invocationState);
} catch (ForbiddenException e) {
return e.asPromise();
}
STSInstanceState stsInstanceState;
try {
stsInstanceState = getSTSInstanceState(invocationState);
} catch (ResourceException e) {
return e.asPromise();
}
if (TokenType.SAML2.equals(invocationState.getTokenType())) {
try {
final String assertion =
saml2TokenGeneration.generate(subjectToken, stsInstanceState, invocationState);
return newResultPromise(issuedTokenResource(assertion));
} catch (TokenCreationException e) {
logger.error("Exception caught generating saml2 token: " + e, e);
return e.asPromise();
} catch (Exception e) {
logger.error("Exception caught generating saml2 token: " + e, e);
return new InternalServerErrorException(e.toString(), e).asPromise();
}
} else if (TokenType.OPENIDCONNECT.equals(invocationState.getTokenType())) {
try {
final String assertion =
openIdConnectTokenGeneration.generate(subjectToken, stsInstanceState, invocationState);
return newResultPromise(issuedTokenResource(assertion));
} catch (TokenCreationException e) {
logger.error("Exception caught generating OpenIdConnect token: " + e, e);
return e.asPromise();
} catch (Exception e) {
logger.error("Exception caught generating OpenIdConnect token: " + e, e);
return new InternalServerErrorException(e.toString(), e).asPromise();
}
} else {
String message = "Bad request: unexpected token type:" + invocationState.getTokenType();
logger.error(message);
return new BadRequestException(message).asPromise();
}
}
/** {@inheritDoc} */
@Override
public void createInstance(
final ServerContext context,
final CreateRequest request,
final ResultHandler<Resource> handler) {
RealmContext realmContext = context.asContext(RealmContext.class);
String realmPath = realmContext.getResolvedRealm();
Resource resource;
String parentRealm;
String childRealm;
String realm = null;
try {
hasPermission(context);
final JsonValue jVal = request.getContent();
// get the realm
realm = jVal.get("realm").asString();
realm = checkForTopLevelRealm(realm);
if (realm == null || realm.isEmpty()) {
throw new BadRequestException("No realm name provided.");
} else if (!realm.startsWith("/")) {
realm = "/" + realm;
}
if (!realmPath.equalsIgnoreCase("/")) {
// build realm to comply with format if not top level
realm = realmPath + realm;
}
parentRealm = RealmUtils.getParentRealm(realm);
childRealm = RealmUtils.getChildRealm(realm);
OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), parentRealm);
Map defaultValues = createServicesMap(jVal);
ocm.createSubOrganization(childRealm, defaultValues);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
debug.message(
"RealmResource.createInstance :: CREATE of realm "
+ childRealm
+ " in realm "
+ parentRealm
+ " performed by "
+ principalName);
// create a resource for handler to return
OrganizationConfigManager realmCreated = new OrganizationConfigManager(getSSOToken(), realm);
resource =
new Resource(
childRealm,
String.valueOf(System.currentTimeMillis()),
createJsonMessage("realmCreated", realmCreated.getOrganizationName()));
handler.handleResult(resource);
} catch (SMSException smse) {
debug.error("RealmResource.createInstance() : Cannot find " + realm, smse);
try {
configureErrorMessage(smse);
} catch (NotFoundException nf) {
debug.error("RealmResource.createInstance() : Cannot find " + realm, nf);
handler.handleError(nf);
} catch (ForbiddenException fe) {
// User does not have authorization
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
handler.handleError(fe);
} catch (PermanentException pe) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
// Cannot recover from this exception
handler.handleError(pe);
} catch (ConflictException ce) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, ce);
handler.handleError(ce);
} catch (BadRequestException be) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
handler.handleError(be);
} catch (Exception e) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, e);
handler.handleError(new BadRequestException(e.getMessage(), e));
}
} catch (SSOException sso) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, sso);
handler.handleError(new PermanentException(401, "Access Denied", null));
} catch (ForbiddenException fe) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, fe);
handler.handleError(fe);
} catch (BadRequestException be) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, be);
handler.handleError(be);
} catch (PermanentException pe) {
debug.error("RealmResource.createInstance() : Cannot CREATE " + realm, pe);
// Cannot recover from this exception
handler.handleError(pe);
} catch (Exception e) {
debug.error("RealmResource.createInstance()" + realm + ":" + e);
handler.handleError(new BadRequestException(e.getMessage(), e));
}
}
/**
* Creates a new object in the object set.
*
* <p>This method sets the {@code _id} property to the assigned identifier for the object, and the
* {@code _rev} property to the revised object version (For optimistic concurrency)
*
* @param request the contents of the object to create in the object set.
* @throws NotFoundException if the specified id could not be resolved.
* @throws ForbiddenException if access to the object or object set is forbidden.
* @throws ConflictException if an object with the same ID already exists.
*/
@Override
public ResourceResponse create(CreateRequest request) throws ResourceException {
if (request.getResourcePathObject().isEmpty()) {
throw new NotFoundException(
"The object identifier did not include sufficient information to determine the object type: "
+ request.getResourcePath());
}
final String type = request.getResourcePath();
// TODO: should CREST support server side generation of ID itself?
final String localId =
(request.getNewResourceId() == null || "".equals(request.getNewResourceId()))
? UUID.randomUUID().toString() // Generate ID server side.
: request.getNewResourceId();
// Used currently for logging
String fullId = request.getResourcePathObject().child(localId).toString();
String orientClassName = typeToOrientClassName(type);
JsonValue obj = request.getContent();
obj.put(DocumentUtil.TAG_ID, localId);
ODatabaseDocumentTx db = getConnection();
try {
// Rather than using MVCC for insert, rely on primary key uniqueness constraints to detect
// duplicate create
ODocument newDoc = DocumentUtil.toDocument(obj, null, db, orientClassName);
logger.trace("Created doc for id: {} to save {}", fullId, newDoc);
newDoc.save();
obj.put(DocumentUtil.TAG_REV, Integer.toString(newDoc.getVersion()));
logger.debug("Completed create for id: {} revision: {}", fullId, newDoc.getVersion());
logger.trace("Create payload for id: {} doc: {}", fullId, newDoc);
return newResourceResponse(
obj.get(DocumentUtil.TAG_ID).asString(), obj.get(DocumentUtil.TAG_REV).asString(), obj);
} catch (ORecordDuplicatedException ex) {
// Because the OpenIDM ID is defined as unique, duplicate inserts must fail
throw new PreconditionFailedException(
"Create rejected as Object with same ID already exists. " + ex.getMessage(), ex);
} catch (OIndexException ex) {
// Because the OpenIDM ID is defined as unique, duplicate inserts must fail
throw new PreconditionFailedException(
"Create rejected as Object with same ID already exists. " + ex.getMessage(), ex);
} catch (ODatabaseException ex) {
// Because the OpenIDM ID is defined as unique, duplicate inserts must fail.
// OrientDB may wrap the IndexException root cause.
if (isCauseIndexException(ex, 10) || isCauseRecordDuplicatedException(ex, 10)) {
throw new PreconditionFailedException(
"Create rejected as Object with same ID already exists and was detected. "
+ ex.getMessage(),
ex);
} else {
throw ex;
}
} catch (RuntimeException e) {
throw e;
} finally {
if (db != null) {
db.close();
}
}
}
