BlacklistAPI.java

  1. /*******************************************************************************
  2.  * Copyright 2017 The MIT Internet Trust Consortium
  3.  *
  4.  * Portions copyright 2011-2013 The MITRE Corporation
  5.  *
  6.  * Licensed under the Apache License, Version 2.0 (the "License");
  7.  * you may not use this file except in compliance with the License.
  8.  * You may obtain a copy of the License at
  9.  *
  10.  *   http://www.apache.org/licenses/LICENSE-2.0
  11.  *
  12.  * Unless required by applicable law or agreed to in writing, software
  13.  * distributed under the License is distributed on an "AS IS" BASIS,
  14.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  15.  * See the License for the specific language governing permissions and
  16.  * limitations under the License.
  17.  *******************************************************************************/
  18. /**
  19.  *
  20.  */
  21. package org.mitre.openid.connect.web;

  22. import java.security.Principal;
  23. import java.util.Collection;

  24. import org.mitre.openid.connect.model.BlacklistedSite;
  25. import org.mitre.openid.connect.service.BlacklistedSiteService;
  26. import org.mitre.openid.connect.view.HttpCodeView;
  27. import org.mitre.openid.connect.view.JsonEntityView;
  28. import org.mitre.openid.connect.view.JsonErrorView;
  29. import org.slf4j.Logger;
  30. import org.slf4j.LoggerFactory;
  31. import org.springframework.beans.factory.annotation.Autowired;
  32. import org.springframework.http.HttpStatus;
  33. import org.springframework.http.MediaType;
  34. import org.springframework.security.access.prepost.PreAuthorize;
  35. import org.springframework.stereotype.Controller;
  36. import org.springframework.ui.ModelMap;
  37. import org.springframework.web.bind.annotation.PathVariable;
  38. import org.springframework.web.bind.annotation.RequestBody;
  39. import org.springframework.web.bind.annotation.RequestMapping;
  40. import org.springframework.web.bind.annotation.RequestMethod;

  41. import com.google.gson.Gson;
  42. import com.google.gson.JsonObject;
  43. import com.google.gson.JsonParser;
  44. import com.google.gson.JsonSyntaxException;

  45. /**
  46.  * @author jricher
  47.  *
  48.  */
  49. @Controller
  50. @RequestMapping("/" + BlacklistAPI.URL)
  51. @PreAuthorize("hasRole('ROLE_ADMIN')")
  52. public class BlacklistAPI {

  53.     public static final String URL = RootController.API_URL + "/blacklist";

  54.     @Autowired
  55.     private BlacklistedSiteService blacklistService;

  56.     /**
  57.      * Logger for this class
  58.      */
  59.     private static final Logger logger = LoggerFactory.getLogger(BlacklistAPI.class);

  60.     private Gson gson = new Gson();
  61.     private JsonParser parser = new JsonParser();

  62.     /**
  63.      * Get a list of all blacklisted sites
  64.      * @param m
  65.      * @return
  66.      */
  67.     @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
  68.     public String getAllBlacklistedSites(ModelMap m) {

  69.         Collection<BlacklistedSite> all = blacklistService.getAll();

  70.         m.put(JsonEntityView.ENTITY, all);

  71.         return JsonEntityView.VIEWNAME;
  72.     }

  73.     /**
  74.      * Create a new blacklisted site
  75.      * @param jsonString
  76.      * @param m
  77.      * @param p
  78.      * @return
  79.      */
  80.     @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
  81.     public String addNewBlacklistedSite(@RequestBody String jsonString, ModelMap m, Principal p) {

  82.         JsonObject json;

  83.         BlacklistedSite blacklist = null;

  84.         try {

  85.             json = parser.parse(jsonString).getAsJsonObject();
  86.             blacklist = gson.fromJson(json, BlacklistedSite.class);
  87.             BlacklistedSite newBlacklist = blacklistService.saveNew(blacklist);
  88.             m.put(JsonEntityView.ENTITY, newBlacklist);

  89.         }
  90.         catch (JsonSyntaxException e) {
  91.             logger.error("addNewBlacklistedSite failed due to JsonSyntaxException: ", e);
  92.             m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
  93.             m.put(JsonErrorView.ERROR_MESSAGE, "Could not save new blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
  94.             return JsonErrorView.VIEWNAME;
  95.         } catch (IllegalStateException e) {
  96.             logger.error("addNewBlacklistedSite failed due to IllegalStateException", e);
  97.             m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
  98.             m.put(JsonErrorView.ERROR_MESSAGE, "Could not save new blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
  99.             return JsonErrorView.VIEWNAME;
  100.         }

  101.         return JsonEntityView.VIEWNAME;

  102.     }

  103.     /**
  104.      * Update an existing blacklisted site
  105.      */
  106.     @RequestMapping(value="/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
  107.     public String updateBlacklistedSite(@PathVariable("id") Long id, @RequestBody String jsonString, ModelMap m, Principal p) {

  108.         JsonObject json;

  109.         BlacklistedSite blacklist = null;

  110.         try {

  111.             json = parser.parse(jsonString).getAsJsonObject();
  112.             blacklist = gson.fromJson(json, BlacklistedSite.class);

  113.         }
  114.         catch (JsonSyntaxException e) {
  115.             logger.error("updateBlacklistedSite failed due to JsonSyntaxException", e);
  116.             m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
  117.             m.put(JsonErrorView.ERROR_MESSAGE, "Could not update blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
  118.             return JsonErrorView.VIEWNAME;
  119.         } catch (IllegalStateException e) {
  120.             logger.error("updateBlacklistedSite failed due to IllegalStateException", e);
  121.             m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
  122.             m.put(JsonErrorView.ERROR_MESSAGE, "Could not update blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
  123.             return JsonErrorView.VIEWNAME;
  124.         }


  125.         BlacklistedSite oldBlacklist = blacklistService.getById(id);

  126.         if (oldBlacklist == null) {
  127.             logger.error("updateBlacklistedSite failed; blacklist with id " + id + " could not be found");
  128.             m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
  129.             m.put(JsonErrorView.ERROR_MESSAGE, "Could not update blacklisted site. The requested blacklist with id " + id + "could not be found.");
  130.             return JsonErrorView.VIEWNAME;
  131.         } else {

  132.             BlacklistedSite newBlacklist = blacklistService.update(oldBlacklist, blacklist);

  133.             m.put(JsonEntityView.ENTITY, newBlacklist);

  134.             return JsonEntityView.VIEWNAME;
  135.         }
  136.     }

  137.     /**
  138.      * Delete a blacklisted site
  139.      *
  140.      */
  141.     @RequestMapping(value="/{id}", method = RequestMethod.DELETE)
  142.     public String deleteBlacklistedSite(@PathVariable("id") Long id, ModelMap m) {
  143.         BlacklistedSite blacklist = blacklistService.getById(id);

  144.         if (blacklist == null) {
  145.             logger.error("deleteBlacklistedSite failed; blacklist with id " + id + " could not be found");
  146.             m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete bladklist. The requested bladklist with id " + id + " could not be found.");
  147.             return JsonErrorView.VIEWNAME;
  148.         } else {
  149.             m.put(HttpCodeView.CODE, HttpStatus.OK);
  150.             blacklistService.remove(blacklist);
  151.         }

  152.         return HttpCodeView.VIEWNAME;
  153.     }

  154.     /**
  155.      * Get a single blacklisted site
  156.      */
  157.     @RequestMapping(value="/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
  158.     public String getBlacklistedSite(@PathVariable("id") Long id, ModelMap m) {
  159.         BlacklistedSite blacklist = blacklistService.getById(id);
  160.         if (blacklist == null) {
  161.             logger.error("getBlacklistedSite failed; blacklist with id " + id + " could not be found");
  162.             m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
  163.             m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete bladklist. The requested bladklist with id " + id + " could not be found.");
  164.             return JsonErrorView.VIEWNAME;
  165.         } else {

  166.             m.put(JsonEntityView.ENTITY, blacklist);

  167.             return JsonEntityView.VIEWNAME;
  168.         }

  169.     }

  170. }