WhitelistAPI.java

  1. /*******************************************************************************
  2.  * Copyright 2017 The MIT Internet Trust Consortium
  3.  *
  4.  * Portions copyright 2011-2013 The MITRE Corporation
  5.  *
  6.  * Licensed under the Apache License, Version 2.0 (the "License");
  7.  * you may not use this file except in compliance with the License.
  8.  * You may obtain a copy of the License at
  9.  *
  10.  *   http://www.apache.org/licenses/LICENSE-2.0
  11.  *
  12.  * Unless required by applicable law or agreed to in writing, software
  13.  * distributed under the License is distributed on an "AS IS" BASIS,
  14.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  15.  * See the License for the specific language governing permissions and
  16.  * limitations under the License.
  17.  *******************************************************************************/
  18. /**
  19.  *
  20.  */
  21. package org.mitre.openid.connect.web;

  23. import java.security.Principal;
  24. import java.util.Collection;

  26. import org.mitre.openid.connect.model.WhitelistedSite;
  27. import org.mitre.openid.connect.service.WhitelistedSiteService;
  28. import org.mitre.openid.connect.view.HttpCodeView;
  29. import org.mitre.openid.connect.view.JsonEntityView;
  30. import org.mitre.openid.connect.view.JsonErrorView;
  31. import org.slf4j.Logger;
  32. import org.slf4j.LoggerFactory;
  33. import org.springframework.beans.factory.annotation.Autowired;
  34. import org.springframework.http.HttpStatus;
  35. import org.springframework.http.MediaType;
  36. import org.springframework.security.access.prepost.PreAuthorize;
  37. import org.springframework.stereotype.Controller;
  38. import org.springframework.ui.ModelMap;
  39. import org.springframework.web.bind.annotation.PathVariable;
  40. import org.springframework.web.bind.annotation.RequestBody;
  41. import org.springframework.web.bind.annotation.RequestMapping;
  42. import org.springframework.web.bind.annotation.RequestMethod;

  44. import com.google.gson.Gson;
  45. import com.google.gson.JsonObject;
  46. import com.google.gson.JsonParseException;
  47. import com.google.gson.JsonParser;

  49. /**
  50.  * @author jricher
  51.  *
  52.  */
  53. @Controller
  54. @RequestMapping("/" + WhitelistAPI.URL)
  55. @PreAuthorize("hasRole('ROLE_USER')")
  56. public class WhitelistAPI {

  58.     public static final String URL = RootController.API_URL + "/whitelist";

  60.     @Autowired
  61.     private WhitelistedSiteService whitelistService;

  63.     /**
  64.      * Logger for this class
  65.      */
  66.     private static final Logger logger = LoggerFactory.getLogger(WhitelistAPI.class);

  68.     private Gson gson = new Gson();
  69.     private JsonParser parser = new JsonParser();

  71.     /**
  72.      * Get a list of all whitelisted sites
  73.      * @param m
  74.      * @return
  75.      */
  76.     @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
  77.     public String getAllWhitelistedSites(ModelMap m) {

  79.         Collection<WhitelistedSite> all = whitelistService.getAll();

  81.         m.put(JsonEntityView.ENTITY, all);

  83.         return JsonEntityView.VIEWNAME;
  84.     }

  86.     /**
  87.      * Create a new whitelisted site
  88.      * @param jsonString
  89.      * @param m
  90.      * @param p
  91.      * @return
  92.      */
  93.     @PreAuthorize("hasRole('ROLE_ADMIN')")
  94.     @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
  95.     public String addNewWhitelistedSite(@RequestBody String jsonString, ModelMap m, Principal p) {

  97.         JsonObject json;

  99.         WhitelistedSite whitelist = null;
  100.         try {
  101.             json = parser.parse(jsonString).getAsJsonObject();
  102.             whitelist = gson.fromJson(json, WhitelistedSite.class);

  104.         } catch (JsonParseException e) {
  105.             logger.error("addNewWhitelistedSite failed due to JsonParseException", e);
  106.             m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
  107.             m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not save new whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
  108.             return JsonErrorView.VIEWNAME;
  109.         } catch (IllegalStateException e) {
  110.             logger.error("addNewWhitelistedSite failed due to IllegalStateException", e);
  111.             m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
  112.             m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not save new whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
  113.             return JsonErrorView.VIEWNAME;
  114.         }

  116.         // save the id of the person who created this
  117.         whitelist.setCreatorUserId(p.getName());

  119.         WhitelistedSite newWhitelist = whitelistService.saveNew(whitelist);

  121.         m.put(JsonEntityView.ENTITY, newWhitelist);

  123.         return JsonEntityView.VIEWNAME;

  125.     }

  127.     /**
  128.      * Update an existing whitelisted site
  129.      */
  130.     @PreAuthorize("hasRole('ROLE_ADMIN')")
  131.     @RequestMapping(value="/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
  132.     public String updateWhitelistedSite(@PathVariable("id") Long id, @RequestBody String jsonString, ModelMap m, Principal p) {

  134.         JsonObject json;

  136.         WhitelistedSite whitelist = null;
  137.         try {
  138.             json = parser.parse(jsonString).getAsJsonObject();
  139.             whitelist = gson.fromJson(json, WhitelistedSite.class);

  141.         } catch (JsonParseException e) {
  142.             logger.error("updateWhitelistedSite failed due to JsonParseException", e);
  143.             m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
  144.             m.put(JsonErrorView.ERROR_MESSAGE, "Could not update whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
  145.             return JsonErrorView.VIEWNAME;
  146.         } catch (IllegalStateException e) {
  147.             logger.error("updateWhitelistedSite failed due to IllegalStateException", e);
  148.             m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
  149.             m.put(JsonErrorView.ERROR_MESSAGE, "Could not update whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
  150.             return JsonErrorView.VIEWNAME;
  151.         }

  153.         WhitelistedSite oldWhitelist = whitelistService.getById(id);

  155.         if (oldWhitelist == null) {
  156.             logger.error("updateWhitelistedSite failed; whitelist with id " + id + " could not be found.");
  157.             m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
  158.             m.put(JsonErrorView.ERROR_MESSAGE, "Could not update whitelisted site. The requested whitelisted site with id " + id + "could not be found.");
  159.             return JsonErrorView.VIEWNAME;
  160.         } else {

  162.             WhitelistedSite newWhitelist = whitelistService.update(oldWhitelist, whitelist);

  164.             m.put(JsonEntityView.ENTITY, newWhitelist);

  166.             return JsonEntityView.VIEWNAME;
  167.         }
  168.     }

  170.     /**
  171.      * Delete a whitelisted site
  172.      *
  173.      */
  174.     @PreAuthorize("hasRole('ROLE_ADMIN')")
  175.     @RequestMapping(value="/{id}", method = RequestMethod.DELETE)
  176.     public String deleteWhitelistedSite(@PathVariable("id") Long id, ModelMap m) {
  177.         WhitelistedSite whitelist = whitelistService.getById(id);

  179.         if (whitelist == null) {
  180.             logger.error("deleteWhitelistedSite failed; whitelist with id " + id + " could not be found.");
  181.             m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
  182.             m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete whitelisted site. The requested whitelisted site with id " + id + "could not be found.");
  183.             return JsonErrorView.VIEWNAME;
  184.         } else {
  185.             m.put(HttpCodeView.CODE, HttpStatus.OK);
  186.             whitelistService.remove(whitelist);
  187.         }

  189.         return HttpCodeView.VIEWNAME;
  190.     }

  192.     /**
  193.      * Get a single whitelisted site
  194.      */
  195.     @RequestMapping(value="/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
  196.     public String getWhitelistedSite(@PathVariable("id") Long id, ModelMap m) {
  197.         WhitelistedSite whitelist = whitelistService.getById(id);
  198.         if (whitelist == null) {
  199.             logger.error("getWhitelistedSite failed; whitelist with id " + id + " could not be found.");
  200.             m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
  201.             m.put(JsonErrorView.ERROR_MESSAGE, "The requested whitelisted site with id " + id + "could not be found.");
  202.             return JsonErrorView.VIEWNAME;
  203.         } else {

  205.             m.put(JsonEntityView.ENTITY, whitelist);

  207.             return JsonEntityView.VIEWNAME;
  208.         }

  210.     }

  212. }
Created with JaCoCo 0.7.9.201702052155