List of usage examples for org.springframework.util MimeTypeUtils APPLICATION_JSON_VALUE
String APPLICATION_JSON_VALUE
To view the source code for org.springframework.util MimeTypeUtils APPLICATION_JSON_VALUE.
Click Source Link
From source file:org.mitre.uma.web.PolicyAPI.java
/** * List all resource sets for the current user * @param m/*from ww w. j a v a 2s. c o m*/ * @param auth * @return */ @RequestMapping(value = "", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public String getResourceSetsForCurrentUser(Model m, Authentication auth) { Collection<ResourceSet> resourceSets = resourceSetService.getAllForOwner(auth.getName()); m.addAttribute(JsonEntityView.ENTITY, resourceSets); return JsonEntityView.VIEWNAME; }
From source file:org.mitre.uma.web.ClaimsAPI.java
@RequestMapping(value = "/{rsid}", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public String getClaimsForResourceSet(@PathVariable(value = "rsid") Long rsid, Model m, Authentication auth) { ResourceSet rs = resourceSetService.getById(rsid); if (rs == null) { m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); return HttpCodeView.VIEWNAME; }//from ww w. j av a 2s .co m if (!rs.getOwner().equals(auth.getName())) { // authenticated user didn't match the owner of the resource set m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return HttpCodeView.VIEWNAME; } m.addAttribute(JsonEntityView.ENTITY, rs.getClaimsRequired()); return JsonEntityView.VIEWNAME; }
From source file:org.mitre.uma.web.AuthorizationRequestEndpoint.java
@RequestMapping(method = RequestMethod.POST, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public String authorizationRequest(@RequestBody String jsonString, Model m, Authentication auth) { AuthenticationUtilities.ensureOAuthScope(auth, SystemScopeService.UMA_AUTHORIZATION_SCOPE); JsonParser parser = new JsonParser(); JsonElement e = parser.parse(jsonString); if (e.isJsonObject()) { JsonObject o = e.getAsJsonObject(); if (o.has(TICKET)) { OAuth2AccessTokenEntity incomingRpt = null; if (o.has(RPT)) { String rptValue = o.get(RPT).getAsString(); incomingRpt = tokenService.readAccessToken(rptValue); }/*from w ww . j a v a 2 s . c om*/ String ticketValue = o.get(TICKET).getAsString(); PermissionTicket ticket = permissionService.getByTicket(ticketValue); if (ticket != null) { // found the ticket, see if it's any good ResourceSet rs = ticket.getPermission().getResourceSet(); if (rs.getPolicies() == null || rs.getPolicies().isEmpty()) { // the required claims are empty, this resource has no way to be authorized m.addAttribute(JsonErrorView.ERROR, "not_authorized"); m.addAttribute(JsonErrorView.ERROR_MESSAGE, "This resource set can not be accessed."); m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return JsonErrorView.VIEWNAME; } else { // claims weren't empty or missing, we need to check against what we have ClaimProcessingResult result = claimsProcessingService.claimsAreSatisfied(rs, ticket); if (result.isSatisfied()) { // the service found what it was looking for, issue a token // we need to downscope this based on the required set that was matched if it was matched OAuth2Authentication o2auth = (OAuth2Authentication) auth; OAuth2AccessTokenEntity token = umaTokenService.createRequestingPartyToken(o2auth, ticket, result.getMatched()); // if we have an inbound RPT, throw it out because we're replacing it if (incomingRpt != null) { tokenService.revokeAccessToken(incomingRpt); } Map<String, String> entity = ImmutableMap.of("rpt", token.getValue()); m.addAttribute(JsonEntityView.ENTITY, entity); return JsonEntityView.VIEWNAME; } else { // if we got here, the claim didn't match, forward the user to the claim gathering endpoint JsonObject entity = new JsonObject(); entity.addProperty(JsonErrorView.ERROR, "need_info"); JsonObject details = new JsonObject(); JsonObject rpClaims = new JsonObject(); rpClaims.addProperty("redirect_user", true); rpClaims.addProperty("ticket", ticketValue); JsonArray req = new JsonArray(); for (Claim claim : result.getUnmatched()) { JsonObject c = new JsonObject(); c.addProperty("name", claim.getName()); c.addProperty("friendly_name", claim.getFriendlyName()); c.addProperty("claim_type", claim.getClaimType()); JsonArray f = new JsonArray(); for (String format : claim.getClaimTokenFormat()) { f.add(new JsonPrimitive(format)); } c.add("claim_token_format", f); JsonArray i = new JsonArray(); for (String issuer : claim.getIssuer()) { i.add(new JsonPrimitive(issuer)); } c.add("issuer", i); req.add(c); } rpClaims.add("required_claims", req); details.add("requesting_party_claims", rpClaims); entity.add("error_details", details); m.addAttribute(JsonEntityView.ENTITY, entity); return JsonEntityView.VIEWNAME; } } } else { // ticket wasn't found, return an error m.addAttribute(HttpStatus.BAD_REQUEST); m.addAttribute(JsonErrorView.ERROR, "invalid_ticket"); return JsonErrorView.VIEWNAME; } } else { m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Missing JSON elements."); return JsonErrorView.VIEWNAME; } } else { m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Malformed JSON request."); return JsonErrorView.VIEWNAME; } }
From source file:org.tec.webapp.web.ErrorServlet.java
/** * process the error//from ww w.j a v a2 s . c om * @param request the request instance * @param response the response instance * @throws IOException if processing fails */ protected void processError(HttpServletRequest request, HttpServletResponse response) throws IOException { Throwable throwable = (Throwable) request.getAttribute(RequestDispatcher.ERROR_EXCEPTION); Integer statusCode = (Integer) request.getAttribute(RequestDispatcher.ERROR_STATUS_CODE); String requestUri = (String) request.getAttribute(RequestDispatcher.ERROR_REQUEST_URI); LOGGER.error("failed to process " + requestUri + " error code: " + statusCode); WebError we; if (throwable != null) { LOGGER.error("error", throwable); we = new WebError(throwable.getMessage(), ErrorCodes.UNRESOLVEABLE_ERROR); } else { we = new WebError("error", ErrorCodes.UNRESOLVEABLE_ERROR); } PrintWriter pw = null; try { response.setStatus(statusCode != null ? statusCode : HttpServletResponse.SC_INTERNAL_SERVER_ERROR); response.setContentType(MimeTypeUtils.APPLICATION_JSON_VALUE); pw = response.getWriter(); pw.write(we.toJSON()); pw.flush(); } finally { if (pw != null) { pw.close(); } } }
From source file:org.mitre.uma.web.ResourceSetRegistrationEndpoint.java
@RequestMapping(method = RequestMethod.POST, produces = MimeTypeUtils.APPLICATION_JSON_VALUE, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE) public String createResourceSet(@RequestBody String jsonString, Model m, Authentication auth) { ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE); ResourceSet rs = parseResourceSet(jsonString); if (rs == null) { // there was no resource set in the body logger.warn("Resource set registration missing body."); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("error_description", "Resource request was missing body."); return JsonErrorView.VIEWNAME; }// w w w .j a v a 2 s.co m if (auth instanceof OAuth2Authentication) { // if it's an OAuth mediated call, it's on behalf of a client, so store that OAuth2Authentication o2a = (OAuth2Authentication) auth; rs.setClientId(o2a.getOAuth2Request().getClientId()); rs.setOwner(auth.getName()); // the username is going to be in the auth object } else { // this one shouldn't be called if it's not OAuth m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.addAttribute(JsonErrorView.ERROR_MESSAGE, "This call must be made with an OAuth token"); return JsonErrorView.VIEWNAME; } rs = validateScopes(rs); if (Strings.isNullOrEmpty(rs.getName()) // there was no name (required) || rs.getScopes() == null // there were no scopes (required) ) { logger.warn("Resource set registration missing one or more required fields."); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Resource request was missing one or more required fields."); return JsonErrorView.VIEWNAME; } ResourceSet saved = resourceSetService.saveNew(rs); m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED); m.addAttribute(JsonEntityView.ENTITY, saved); m.addAttribute(ResourceSetEntityAbbreviatedView.LOCATION, config.getIssuer() + URL + "/" + saved.getId()); return ResourceSetEntityAbbreviatedView.VIEWNAME; }
From source file:org.mitre.uma.web.PolicyAPI.java
/** * Get the indicated resource set/*from w w w.j av a2s. c o m*/ * @param rsid * @param m * @param auth * @return */ @RequestMapping(value = "/{rsid}", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public String getResourceSet(@PathVariable(value = "rsid") Long rsid, Model m, Authentication auth) { ResourceSet rs = resourceSetService.getById(rsid); if (rs == null) { m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); return HttpCodeView.VIEWNAME; } if (!rs.getOwner().equals(auth.getName())) { logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); // authenticated user didn't match the owner of the resource set m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return HttpCodeView.VIEWNAME; } m.addAttribute(JsonEntityView.ENTITY, rs); return JsonEntityView.VIEWNAME; }
From source file:org.mitre.uma.web.ClaimsAPI.java
@RequestMapping(value = "/{rsid}", method = RequestMethod.PUT, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public String setClaimsForResourceSet(@PathVariable(value = "rsid") Long rsid, @RequestBody String jsonString, Model m, Authentication auth) {/*from w ww . j a v a2 s . c o m*/ ResourceSet rs = resourceSetService.getById(rsid); if (rs == null) { m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); return HttpCodeView.VIEWNAME; } if (!rs.getOwner().equals(auth.getName())) { // authenticated user didn't match the owner of the resource set m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return HttpCodeView.VIEWNAME; } @SuppressWarnings("serial") Set<Claim> claims = (new Gson()).fromJson(jsonString, new TypeToken<Set<Claim>>() { }.getType()); rs.setClaimsRequired(claims); resourceSetService.update(rs, rs); m.addAttribute(JsonEntityView.ENTITY, rs.getClaimsRequired()); return JsonEntityView.VIEWNAME; }
From source file:com.temetra.vroomapi.RouteController.java
@ResponseStatus(HttpStatus.BAD_REQUEST) @RequestMapping(value = "/error", produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public RequestError badRequest() { return new RequestError("Bad request"); }
From source file:com.temetra.vroomapi.RouteController.java
@ExceptionHandler @RequestMapping(MimeTypeUtils.APPLICATION_JSON_VALUE) public RequestError error(final Exception e) { log.error("Exception when creating response", e); return new RequestError(e.getMessage()); }
From source file:org.mitre.uma.web.PolicyAPI.java
/** * Delete the indicated resource set//from w w w . j a v a 2 s. c om * @param rsid * @param m * @param auth * @return */ @RequestMapping(value = "/{rsid}", method = RequestMethod.DELETE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public String deleteResourceSet(@PathVariable(value = "rsid") Long rsid, Model m, Authentication auth) { ResourceSet rs = resourceSetService.getById(rsid); if (rs == null) { m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); return HttpCodeView.VIEWNAME; } if (!rs.getOwner().equals(auth.getName())) { logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); // authenticated user didn't match the owner of the resource set m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return HttpCodeView.VIEWNAME; } resourceSetService.remove(rs); m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT); return HttpCodeView.VIEWNAME; }