Пример #1
0
  /**
   * Returns names of all realms included in the subtree rooted by the realm indicated in the query
   * url.
   *
   * <p>Names are unsorted and given as full paths.
   *
   * <p>Filtering, sorting, and paging of results is not supported.
   *
   * <p>{@inheritDoc}
   */
  @Override
  public void queryCollection(
      final ServerContext context, final QueryRequest request, final QueryResultHandler handler) {

    final String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
    final RealmContext realmContext = context.asContext(RealmContext.class);
    final String realmPath = realmContext.getResolvedRealm();

    try {

      final SSOTokenManager mgr = SSOTokenManager.getInstance();
      final SSOToken ssoToken = mgr.createSSOToken(getCookieFromServerContext(context));

      final OrganizationConfigManager ocm = new OrganizationConfigManager(ssoToken, realmPath);
      final List<String> realmsInSubTree = new ArrayList<String>();
      realmsInSubTree.add(realmPath);
      for (final Object subRealmRelativePath : ocm.getSubOrganizationNames("*", true)) {
        if (realmPath.endsWith("/")) {
          realmsInSubTree.add(realmPath + subRealmRelativePath);
        } else {
          realmsInSubTree.add(realmPath + "/" + subRealmRelativePath);
        }
      }

      debug.message("RealmResource :: QUERY : performed by " + principalName);

      for (final Object realmName : realmsInSubTree) {
        JsonValue val = new JsonValue(realmName);
        Resource resource = new Resource((String) realmName, "0", val);
        handler.handleResource(resource);
      }
      handler.handleResult(new QueryResult());

    } catch (SSOException ex) {
      debug.error("RealmResource :: QUERY by " + principalName + " failed : " + ex);
      handler.handleError(ResourceException.getException(ResourceException.FORBIDDEN));

    } catch (SMSException ex) {
      debug.error("RealmResource :: QUERY by " + principalName + " failed :" + ex);
      switch (ex.getExceptionCode()) {
        case STATUS_NO_PERMISSION:
          // This exception will be thrown if permission to read realms from SMS has not been
          // delegated
          handler.handleError(ResourceException.getException(ResourceException.FORBIDDEN));
          break;
        default:
          handler.handleError(ResourceException.getException(ResourceException.INTERNAL_ERROR));
          break;
      }
    }
  }
Пример #2
0
  /**
   * Records an 'access' audit event before and after the filtered CREST resource receives an query
   * request.
   *
   * <p>If the 'before' audit event fails due to an error, the request is cancelled and an error
   * response is returned. If the 'after' audit event fails due to an error, the request is not
   * cancelled as it's affects may have already been applied.
   *
   * @param context {@inheritDoc}
   * @param request {@inheritDoc}
   * @param handler {@inheritDoc}
   * @param next {@inheritDoc}
   */
  @Override
  public void filterQuery(
      ServerContext context,
      QueryRequest request,
      QueryResultHandler handler,
      RequestHandler next) {

    AuditingQueryResultHandler auditingHandler =
        newQueryAuditingResultHandler(context, request, handler);
    try {
      auditingHandler.auditAccessAttempt();
    } catch (AuditException e) {
      handler.handleError(ResourceException.getException(ResourceException.INTERNAL_ERROR));
      return;
    }

    next.handleQuery(context, request, auditingHandler);
  }