private Set<String> getWithoutTranslations(String key, Set<String> cached)
throws ServerException {
if (cached != null) {
return cached;
}
Set<String> claims = new HashSet<>();
try {
synchronized (attributeCache) {
for (String claim : getSetting(realm, key)) {
int pipe = claim.indexOf('|');
if (pipe > -1) {
claims.add(claim.substring(0, pipe));
} else {
claims.add(claim);
}
}
return claims;
}
} catch (SMSException e) {
logger.error(e.getMessage());
throw new ServerException(e);
} catch (SSOException e) {
logger.error(e.getMessage());
throw new ServerException(e);
}
}
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throw CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
ldapLogin();
String serviceName = getStringOptionValue(IArgument.SERVICE_NAME);
String i18nKey = getStringOptionValue(ARGUMENT_I18N_KEY);
ServiceSchemaManager ssm = getServiceSchemaManager();
IOutput outputWriter = getOutputWriter();
try {
String[] params = {serviceName, i18nKey};
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_SET_SERVICE_SCHEMA_I18N_KEY", params);
ssm.setI18NKey(i18nKey);
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_SET_SERVICE_SCHEMA_I18N_KEY", params);
outputWriter.printlnMessage(
MessageFormat.format(
getResourceString("service-schema-set-i18n-key-succeed"), (Object[]) params));
} catch (SSOException e) {
String[] args = {serviceName, i18nKey, e.getMessage()};
debugError("SetServiceSchemaI18nKey.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_SET_SERVICE_SCHEMA_I18N_KEY", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SMSException e) {
String[] args = {serviceName, i18nKey, e.getMessage()};
debugError("SetServiceSchemaI18nKey.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_SET_SERVICE_SCHEMA_I18N_KEY", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
/** {@inheritDoc} */
public Map<String, ResponseTypeHandler> getAllowedResponseTypes()
throws UnsupportedResponseTypeException, ServerException {
try {
Set<String> responseTypeSet = getSetting(realm, OAuth2ProviderService.RESPONSE_TYPE_LIST);
if (responseTypeSet == null || responseTypeSet.isEmpty()) {
return Collections.emptyMap();
}
Map<String, ResponseTypeHandler> responseTypes = new HashMap<String, ResponseTypeHandler>();
for (String responseType : responseTypeSet) {
String[] parts = responseType.split("\\|");
if (parts.length != 2) {
logger.error("Response type wrong format for realm: " + realm);
continue;
}
responseTypes.put(parts[0], wrap(parts[0], parts[1]));
}
return responseTypes;
} catch (SMSException e) {
logger.error(e.getMessage());
throw new ServerException(e);
} catch (SSOException e) {
logger.error(e.getMessage());
throw new ServerException(e);
}
}
private void deleteSubConfigToRoot(String serviceName, String subConfigName) throws CLIException {
SSOToken adminSSOToken = getAdminSSOToken();
IOutput outputWriter = getOutputWriter();
String[] params = {subConfigName, serviceName};
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_DELETE_SUB_CONFIGURATION", params);
try {
ServiceConfigManager scm = new ServiceConfigManager(serviceName, adminSSOToken);
ServiceConfig sc = scm.getGlobalConfig(null);
deleteSubConfig(sc, subConfigName);
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_DELETE_SUB_CONFIGURATION", params);
outputWriter.printlnMessage(
MessageFormat.format(
getResourceString("delete-sub-configuration-succeed"), (Object[]) params));
} catch (SSOException e) {
String[] args = {subConfigName, serviceName, e.getMessage()};
debugError("DeleteSubConfiguration.deleteSubConfigToRoot", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_DELETE_SUB_CONFIGURATION", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SMSException e) {
String[] args = {subConfigName, serviceName, e.getMessage()};
debugError("DeleteSubConfiguration.deleteSubConfigToRoot", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_DELETE_SUB_CONFIGURATION", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
/** {@inheritDoc} */
public KeyPair getServerKeyPair() throws ServerException {
try {
return getServerKeyPair(realm);
} catch (SMSException e) {
logger.error(e.getMessage());
throw new ServerException(e);
} catch (SSOException e) {
logger.error(e.getMessage());
throw new ServerException(e);
}
}
/** {@inheritDoc} */
public boolean issueRefreshTokens() throws ServerException {
try {
return getBooleanSetting(realm, OAuth2ProviderService.ISSUE_REFRESH_TOKEN);
} catch (SMSException e) {
logger.error(e.getMessage());
throw new ServerException(e);
} catch (SSOException e) {
logger.error(e.getMessage());
throw new ServerException(e);
}
}
private Set<String> getSettingStrings(String key) throws ServerException {
try {
return getSetting(realm, key);
} catch (SMSException e) {
logger.error(e.getMessage());
throw new ServerException(e);
} catch (SSOException e) {
logger.error(e.getMessage());
throw new ServerException(e);
}
}
@Override
public boolean isOpenDynamicClientRegistrationAllowed() throws ServerException {
try {
return getBooleanSetting(realm, OAuth2ProviderService.OPEN_DYNAMIC_REGISTRATION_ALLOWED);
} catch (SSOException e) {
logger.message(e.getMessage());
throw new ServerException(e);
} catch (SMSException e) {
logger.message(e.getMessage());
throw new ServerException(e);
}
}
@Override
public Map<String, String> getAMRAuthModuleMappings() throws ServerException {
try {
return getMapSetting(realm, OAuth2ProviderService.AMR_VALUE_MAPPING);
} catch (SSOException e) {
logger.message(e.getMessage());
throw new ServerException(e);
} catch (SMSException e) {
logger.message(e.getMessage());
throw new ServerException(e);
}
}
@Override
public boolean isRegistrationAccessTokenGenerationEnabled() throws ServerException {
try {
return getBooleanSetting(realm, OAuth2ProviderService.GENERATE_REGISTRATION_ACCESS_TOKENS);
} catch (SSOException e) {
logger.message(e.getMessage());
throw new ServerException(e);
} catch (SMSException e) {
logger.message(e.getMessage());
throw new ServerException(e);
}
}
@Override
public boolean getClaimsParameterSupported() throws ServerException {
try {
return getBooleanSetting(realm, OAuth2ProviderService.CLAIMS_PARAMETER_SUPPORTED);
} catch (SSOException e) {
logger.error(e.getMessage());
throw new ServerException(e);
} catch (SMSException e) {
logger.error(e.getMessage());
}
return false;
}
public Map getAttributeValues(String universalId) throws AMConsoleException {
try {
AMIdentity amid = IdUtils.getIdentity(adminSSOToken, universalId);
Map values = AgentConfiguration.getAgentAttributes(amid, true);
return values;
} catch (IdRepoException re) {
throw new AMConsoleException(re.getMessage());
} catch (SMSException se) {
throw new AMConsoleException(se.getMessage());
} catch (SSOException ssoe) {
throw new AMConsoleException(ssoe.getMessage());
}
}
/**
* Returns names of all realms included in the subtree rooted by the realm indicated in the query
* url.
*
* <p>Names are unsorted and given as full paths.
*
* <p>Filtering, sorting, and paging of results is not supported.
*
* <p>{@inheritDoc}
*/
@Override
public void queryCollection(
final ServerContext context, final QueryRequest request, final QueryResultHandler handler) {
final String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
final RealmContext realmContext = context.asContext(RealmContext.class);
final String realmPath = realmContext.getResolvedRealm();
try {
final SSOTokenManager mgr = SSOTokenManager.getInstance();
final SSOToken ssoToken = mgr.createSSOToken(getCookieFromServerContext(context));
final OrganizationConfigManager ocm = new OrganizationConfigManager(ssoToken, realmPath);
final List<String> realmsInSubTree = new ArrayList<String>();
realmsInSubTree.add(realmPath);
for (final Object subRealmRelativePath : ocm.getSubOrganizationNames("*", true)) {
if (realmPath.endsWith("/")) {
realmsInSubTree.add(realmPath + subRealmRelativePath);
} else {
realmsInSubTree.add(realmPath + "/" + subRealmRelativePath);
}
}
debug.message("RealmResource :: QUERY : performed by " + principalName);
for (final Object realmName : realmsInSubTree) {
JsonValue val = new JsonValue(realmName);
Resource resource = new Resource((String) realmName, "0", val);
handler.handleResource(resource);
}
handler.handleResult(new QueryResult());
} catch (SSOException ex) {
debug.error("RealmResource :: QUERY by " + principalName + " failed : " + ex);
handler.handleError(ResourceException.getException(ResourceException.FORBIDDEN));
} catch (SMSException ex) {
debug.error("RealmResource :: QUERY by " + principalName + " failed :" + ex);
switch (ex.getExceptionCode()) {
case STATUS_NO_PERMISSION:
// This exception will be thrown if permission to read realms from SMS has not been
// delegated
handler.handleError(ResourceException.getException(ResourceException.FORBIDDEN));
break;
default:
handler.handleError(ResourceException.getException(ResourceException.INTERNAL_ERROR));
break;
}
}
}
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throw CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
ldapLogin();
SSOToken adminSSOToken = getAdminSSOToken();
String realm = getStringOptionValue(IArgument.REALM_NAME);
String pattern = getStringOptionValue(IArgument.FILTER);
boolean recursive = isOptionSet(IArgument.RECURSIVE);
String strRecursive = (recursive) ? "recursive" : "non recursive";
if ((pattern == null) || (pattern.trim().length() == 0)) {
pattern = "*";
}
String[] params = {realm, pattern, strRecursive};
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_SEARCH_REALM", params);
try {
OrganizationConfigManager ocm = new OrganizationConfigManager(adminSSOToken, realm);
Set results = ocm.getSubOrganizationNames(pattern, recursive);
IOutput outputWriter = getOutputWriter();
if ((results != null) && !results.isEmpty()) {
String template = getResourceString("search-realm-results");
String[] arg = new String[1];
for (Iterator i = results.iterator(); i.hasNext(); ) {
arg[0] = (String) i.next();
outputWriter.printlnMessage(MessageFormat.format(template, (Object[]) arg));
}
outputWriter.printlnMessage(getResourceString("search-realm-succeed"));
} else {
outputWriter.printlnMessage(getResourceString("search-realm-no-results"));
}
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_SEARCH_REALM", params);
} catch (SMSException e) {
String[] args = {realm, strRecursive, e.getMessage()};
debugError("SearchRealms.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_SEARCH_REALM", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
@Override
public Map<String, AuthenticationMethod> getAcrMapping() throws ServerException {
try {
final Map<String, String> map = getMapSetting(realm, OAuth2ProviderService.ACR_VALUE_MAPPING);
final Map<String, AuthenticationMethod> methods =
new HashMap<String, AuthenticationMethod>(map.size());
for (Map.Entry<String, String> entry : map.entrySet()) {
methods.put(
entry.getKey(),
new OpenAMAuthenticationMethod(entry.getValue(), AuthContext.IndexType.SERVICE));
}
return methods;
} catch (SSOException e) {
logger.message(e.getMessage());
throw new ServerException(e);
} catch (SMSException e) {
logger.message(e.getMessage());
throw new ServerException(e);
}
}
private void addSubConfigToRoot(
String serviceName, String subConfigName, String subConfigId, Map attrValues, int priority)
throws CLIException {
SSOToken adminSSOToken = getAdminSSOToken();
IOutput outputWriter = getOutputWriter();
String[] params = {subConfigName, serviceName};
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_ADD_SUB_CONFIGURATION", params);
try {
ServiceConfigManager scm = new ServiceConfigManager(serviceName, adminSSOToken);
ServiceConfig sc = scm.getGlobalConfig(null);
if (sc == null) {
String[] args = {subConfigName, serviceName, "no global configiration"};
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_ADD_SUB_CONFIGURATION", args);
String[] ar = {serviceName};
String message =
MessageFormat.format(
getResourceString("add-sub-configuration-no-global-config"), (Object[]) ar);
throw new CLIException(message, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
addSubConfig(sc, subConfigName, subConfigId, attrValues, priority);
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_ADD_SUB_CONFIGURATION", params);
outputWriter.printlnMessage(
MessageFormat.format(
getResourceString("add-sub-configuration-succeed"), (Object[]) params));
} catch (SSOException e) {
String[] args = {subConfigName, serviceName, e.getMessage()};
debugError("AddSubConfiguration.addSubConfigToRoot", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_ADD_SUB_CONFIGURATION", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SMSException e) {
e.printStackTrace();
String[] args = {subConfigName, serviceName, e.getMessage()};
debugError("AddSubConfiguration.addSubConfigToRoot", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_ADD_SUB_CONFIGURATION", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
private void addSubConfigToRealm(
String realmName,
String serviceName,
String subConfigName,
String subConfigId,
Map attrValues,
int priority)
throws CLIException {
SSOToken adminSSOToken = getAdminSSOToken();
IOutput outputWriter = getOutputWriter();
String[] params = {realmName, subConfigName, serviceName};
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_ADD_SUB_CONFIGURATION_TO_REALM", params);
try {
ServiceConfigManager scm = new ServiceConfigManager(serviceName, adminSSOToken);
ServiceConfig sc = scm.getOrganizationConfig(realmName, null);
if (sc == null) {
sc = scm.createOrganizationConfig(realmName, null);
}
addSubConfig(sc, subConfigName, subConfigId, attrValues, priority);
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_ADD_SUB_CONFIGURATION_TO_REALM", params);
outputWriter.printlnMessage(
MessageFormat.format(
getResourceString("add-sub-configuration-to-realm-succeed"), (Object[]) params));
} catch (SSOException e) {
String[] args = {realmName, subConfigName, serviceName, e.getMessage()};
debugError("AddSubConfiguration.addSubConfigToRealm", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_ADD_SUB_CONFIGURATIONT_TO_REALM", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SMSException e) {
String[] args = {realmName, subConfigName, serviceName, e.getMessage()};
debugError("AddSubConfiguration.addSubConfigToRealm", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_ADD_SUB_CONFIGURATIONT_TO_REALM", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
ldapLogin();
SSOToken adminSSOToken = getAdminSSOToken();
String realm = getStringOptionValue(IArgument.REALM_NAME);
boolean recursive = isOptionSet(IArgument.RECURSIVE);
String strRecursive = (recursive) ? "recursive" : "non recursive";
String[] params = {realm, strRecursive};
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_DELETE_REALM", params);
try {
OrganizationConfigManager ocm = new OrganizationConfigManager(adminSSOToken, realm);
ocm.deleteSubOrganization(null, recursive);
getOutputWriter().printlnMessage(getResourceString("delete-realm-succeed"));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_DELETE_REALM", params);
} catch (SMSException e) {
String[] args = {realm, strRecursive, e.getMessage()};
debugError("DeleteRealm.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_DELETE_REALM", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
ldapLogin();
SSOToken adminSSOToken = getAdminSSOToken();
IOutput outputWriter = getOutputWriter();
String realm = getStringOptionValue(IArgument.REALM_NAME);
String agentGroupName = getStringOptionValue(IArgument.AGENT_GROUP_NAME);
String outfile = getStringOptionValue(IArgument.OUTPUT_FILE);
String[] params = {realm, agentGroupName};
try {
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_SHOW_AGENT_GROUP", params);
AMIdentity amid =
new AMIdentity(adminSSOToken, agentGroupName, IdType.AGENTGROUP, realm, null);
if (!amid.isExists()) {
String[] args = {realm, agentGroupName, "agent group did not exist"};
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_SHOW_AGENT_GROUP", args);
Object[] p = {agentGroupName};
String msg = MessageFormat.format(getResourceString("show-agent-group-does-not-exist"), p);
throw new CLIException(msg, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
Map values = AgentConfiguration.getAgentGroupAttributes(adminSSOToken, realm, agentGroupName);
Set passwords =
AgentConfiguration.getAttributesSchemaNames(amid, AttributeSchema.Syntax.PASSWORD);
if ((values != null) && !values.isEmpty()) {
StringBuilder buff = new StringBuilder();
// Used to generated a sorted list of property names for easier viewing
List<String> sortedKeys = new ArrayList<String>(values.keySet());
Collections.sort(sortedKeys);
for (String attrName : sortedKeys) {
if (passwords.contains(attrName)) {
buff.append(attrName).append("=********\n");
} else {
Set vals = (Set) values.get(attrName);
if (vals.isEmpty()) {
buff.append(attrName).append("=").append("\n");
} else {
for (Iterator j = vals.iterator(); j.hasNext(); ) {
String val = (String) j.next();
buff.append(attrName).append("=").append(val).append("\n");
}
}
}
}
if (outfile == null) {
outputWriter.printlnMessage(buff.toString());
} else {
writeToFile(outfile, buff.toString());
outputWriter.printlnMessage(getResourceString("show-agent-group-to-file"));
}
} else {
outputWriter.printlnMessage(getResourceString("show-agent-group-no-attributes"));
}
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_SHOW_AGENT_GROUP", params);
} catch (SMSException e) {
String[] args = {realm, agentGroupName, e.getMessage()};
debugError("ShowAgentGroup.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_SHOW_AGENT_GROUP", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IdRepoException e) {
String[] args = {realm, agentGroupName, e.getMessage()};
debugError("ShowAgentGroup.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_SHOW_AGENT_GROUP", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SSOException e) {
String[] args = {realm, agentGroupName, e.getMessage()};
debugError("ShowAgentGroup.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_SHOW_AGENT_GROUP", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
/**
* Throws an appropriate HTTP status code
*
* @param exception SMSException to be mapped to HTTP Status code
* @throws ForbiddenException
* @throws NotFoundException
* @throws PermanentException
* @throws ConflictException
* @throws BadRequestException
*/
private void configureErrorMessage(final SMSException exception)
throws ForbiddenException, NotFoundException, PermanentException, ConflictException,
BadRequestException {
if (exception.getErrorCode().equalsIgnoreCase("sms-REALM_NAME_NOT_FOUND")) {
throw new NotFoundException(exception.getMessage(), exception);
} else if (exception.getErrorCode().equalsIgnoreCase("sms-INVALID_SSO_TOKEN")) {
throw new PermanentException(401, "Unauthorized-Invalid SSO Token", exception);
} else if (exception.getErrorCode().equalsIgnoreCase("sms-organization_already_exists1")) {
throw new ConflictException(exception.getMessage(), exception);
} else if (exception.getErrorCode().equalsIgnoreCase("sms-invalid-org-name")) {
throw new BadRequestException(exception.getMessage(), exception);
} else if (exception.getErrorCode().equalsIgnoreCase("sms-cannot_delete_rootsuffix")) {
throw new PermanentException(401, "Unauthorized-Cannot delete root suffix", exception);
} else if (exception.getErrorCode().equalsIgnoreCase("sms-entries-exists")) {
throw new ConflictException(exception.getMessage(), exception);
} else if (exception.getErrorCode().equalsIgnoreCase("sms-SMSSchema_service_notfound")) {
throw new NotFoundException(exception.getMessage(), exception);
} else if (exception.getErrorCode().equalsIgnoreCase("sms-no-organization-schema")) {
throw new NotFoundException(exception.getMessage(), exception);
} else if (exception
.getErrorCode()
.equalsIgnoreCase("sms-attribute-values-does-not-match-schema")) {
throw new BadRequestException(exception.getMessage(), exception);
} else {
throw new BadRequestException(exception.getMessage(), exception);
}
}