List of usage examples for org.springframework.util MimeTypeUtils APPLICATION_JSON_VALUE
String APPLICATION_JSON_VALUE
To view the source code for org.springframework.util MimeTypeUtils APPLICATION_JSON_VALUE.
Click Source Link
From source file:org.mitre.uma.web.ClaimsAPI.java
@RequestMapping(value = "/{rsid}", method = RequestMethod.DELETE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public String deleteResourceSet(@PathVariable("rsid") Long id, Model m, Authentication auth) { ResourceSet rs = resourceSetService.getById(id); if (rs == null) { m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.addAttribute(JsonErrorView.ERROR, "not_found"); return JsonErrorView.VIEWNAME; } else {/* w w w .java 2s . c om*/ if (!auth.getName().equals(rs.getOwner())) { logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); // it wasn't issued to this user m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return JsonErrorView.VIEWNAME; } else { resourceSetService.remove(rs); m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT); return HttpCodeView.VIEWNAME; } } }
From source file:org.mitre.uma.web.PolicyAPI.java
/** * List all the policies for the given resource set * @param rsid/* w w w. j a v a 2s . c o m*/ * @param m * @param auth * @return */ @RequestMapping(value = "/{rsid}" + POLICYURL, method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public String getPoliciesForResourceSet(@PathVariable(value = "rsid") Long rsid, Model m, Authentication auth) { ResourceSet rs = resourceSetService.getById(rsid); if (rs == null) { m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); return HttpCodeView.VIEWNAME; } if (!rs.getOwner().equals(auth.getName())) { logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); // authenticated user didn't match the owner of the resource set m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return HttpCodeView.VIEWNAME; } m.addAttribute(JsonEntityView.ENTITY, rs.getPolicies()); return JsonEntityView.VIEWNAME; }
From source file:org.mitre.uma.web.ResourceSetRegistrationEndpoint.java
@RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public String readResourceSet(@PathVariable("id") Long id, Model m, Authentication auth) { ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE); ResourceSet rs = resourceSetService.getById(id); if (rs == null) { m.addAttribute("code", HttpStatus.NOT_FOUND); m.addAttribute("error", "not_found"); return JsonErrorView.VIEWNAME; } else {// w w w . j a v a 2s . c om rs = validateScopes(rs); if (!auth.getName().equals(rs.getOwner())) { logger.warn("Unauthorized resource set request from wrong user; expected " + rs.getOwner() + " got " + auth.getName()); // it wasn't issued to this user m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return JsonErrorView.VIEWNAME; } else { m.addAttribute(JsonEntityView.ENTITY, rs); return ResourceSetEntityView.VIEWNAME; } } }
From source file:org.mitre.uma.web.PolicyAPI.java
/** * Create a new policy on the given resource set * @param rsid/*w w w.jav a 2 s. com*/ * @param m * @param auth * @return */ @RequestMapping(value = "/{rsid}" + POLICYURL, method = RequestMethod.POST, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public String createNewPolicyForResourceSet(@PathVariable(value = "rsid") Long rsid, @RequestBody String jsonString, Model m, Authentication auth) { ResourceSet rs = resourceSetService.getById(rsid); if (rs == null) { m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); return HttpCodeView.VIEWNAME; } if (!rs.getOwner().equals(auth.getName())) { logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); // authenticated user didn't match the owner of the resource set m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return HttpCodeView.VIEWNAME; } Policy p = gson.fromJson(jsonString, Policy.class); if (p.getId() != null) { logger.warn("Tried to add a policy with a non-null ID: " + p.getId()); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); return HttpCodeView.VIEWNAME; } for (Claim claim : p.getClaimsRequired()) { if (claim.getId() != null) { logger.warn("Tried to add a policy with a non-null claim ID: " + claim.getId()); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); return HttpCodeView.VIEWNAME; } } rs.getPolicies().add(p); ResourceSet saved = resourceSetService.update(rs, rs); // find the new policy object Collection<Policy> newPolicies = Sets.difference(new HashSet<>(saved.getPolicies()), new HashSet<>(rs.getPolicies())); if (newPolicies.size() == 1) { Policy newPolicy = newPolicies.iterator().next(); m.addAttribute(JsonEntityView.ENTITY, newPolicy); return JsonEntityView.VIEWNAME; } else { logger.warn("Unexpected result trying to add a new policy object: " + newPolicies); m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR); return HttpCodeView.VIEWNAME; } }
From source file:org.mitre.uma.web.ResourceSetRegistrationEndpoint.java
@RequestMapping(value = "/{id}", method = RequestMethod.PUT, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public String updateResourceSet(@PathVariable("id") Long id, @RequestBody String jsonString, Model m, Authentication auth) {/*w w w. j av a 2 s . co m*/ ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE); ResourceSet newRs = parseResourceSet(jsonString); if (newRs == null // there was no resource set in the body || Strings.isNullOrEmpty(newRs.getName()) // there was no name (required) || newRs.getScopes() == null // there were no scopes (required) || newRs.getId() == null || !newRs.getId().equals(id) // the IDs didn't match ) { logger.warn("Resource set registration missing one or more required fields."); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Resource request was missing one or more required fields."); return JsonErrorView.VIEWNAME; } ResourceSet rs = resourceSetService.getById(id); if (rs == null) { m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.addAttribute(JsonErrorView.ERROR, "not_found"); return JsonErrorView.VIEWNAME; } else { if (!auth.getName().equals(rs.getOwner())) { logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); // it wasn't issued to this user m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return JsonErrorView.VIEWNAME; } else { ResourceSet saved = resourceSetService.update(rs, newRs); m.addAttribute(JsonEntityView.ENTITY, saved); m.addAttribute(ResourceSetEntityAbbreviatedView.LOCATION, config.getIssuer() + URL + "/" + rs.getId()); return ResourceSetEntityAbbreviatedView.VIEWNAME; } } }
From source file:org.mitre.uma.web.ResourceSetRegistrationEndpoint.java
@RequestMapping(value = "/{id}", method = RequestMethod.DELETE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public String deleteResourceSet(@PathVariable("id") Long id, Model m, Authentication auth) { ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE); ResourceSet rs = resourceSetService.getById(id); if (rs == null) { m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.addAttribute(JsonErrorView.ERROR, "not_found"); return JsonErrorView.VIEWNAME; } else {//from ww w . j a va 2 s . com if (!auth.getName().equals(rs.getOwner())) { logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); // it wasn't issued to this user m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return JsonErrorView.VIEWNAME; } else if (auth instanceof OAuth2Authentication && !((OAuth2Authentication) auth).getOAuth2Request().getClientId().equals(rs.getClientId())) { logger.warn("Unauthorized resource set request from bad client; expected " + rs.getClientId() + " got " + ((OAuth2Authentication) auth).getOAuth2Request().getClientId()); // it wasn't issued to this client m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return JsonErrorView.VIEWNAME; } else { // user and client matched resourceSetService.remove(rs); m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT); return HttpCodeView.VIEWNAME; } } }
From source file:org.mitre.uma.web.PolicyAPI.java
/** * Get a specific policy//from w w w .j a v a 2s . c om * @param rsid * @param pid * @param m * @param auth * @return */ @RequestMapping(value = "/{rsid}" + POLICYURL + "/{pid}", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public String getPolicy(@PathVariable(value = "rsid") Long rsid, @PathVariable(value = "pid") Long pid, Model m, Authentication auth) { ResourceSet rs = resourceSetService.getById(rsid); if (rs == null) { m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); return HttpCodeView.VIEWNAME; } if (!rs.getOwner().equals(auth.getName())) { logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); // authenticated user didn't match the owner of the resource set m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return HttpCodeView.VIEWNAME; } for (Policy policy : rs.getPolicies()) { if (policy.getId().equals(pid)) { // found it! m.addAttribute(JsonEntityView.ENTITY, policy); return JsonEntityView.VIEWNAME; } } // if we made it this far, we haven't found it m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); return HttpCodeView.VIEWNAME; }
From source file:org.mitre.uma.web.PolicyAPI.java
/** * Update a specific policy/*from w w w .ja v a 2s . c om*/ * @param rsid * @param pid * @param jsonString * @param m * @param auth * @return */ @RequestMapping(value = "/{rsid}" + POLICYURL + "/{pid}", method = RequestMethod.PUT, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public String setClaimsForResourceSet(@PathVariable(value = "rsid") Long rsid, @PathVariable(value = "pid") Long pid, @RequestBody String jsonString, Model m, Authentication auth) { ResourceSet rs = resourceSetService.getById(rsid); if (rs == null) { m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); return HttpCodeView.VIEWNAME; } if (!rs.getOwner().equals(auth.getName())) { logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); // authenticated user didn't match the owner of the resource set m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return HttpCodeView.VIEWNAME; } Policy p = gson.fromJson(jsonString, Policy.class); if (!pid.equals(p.getId())) { logger.warn("Policy ID mismatch, expected " + pid + " got " + p.getId()); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); return HttpCodeView.VIEWNAME; } for (Policy policy : rs.getPolicies()) { if (policy.getId().equals(pid)) { // found it! // find the existing claim IDs, make sure we're not overwriting anything from another policy Set<Long> claimIds = new HashSet<>(); for (Claim claim : policy.getClaimsRequired()) { claimIds.add(claim.getId()); } for (Claim claim : p.getClaimsRequired()) { if (claim.getId() != null && !claimIds.contains(claim.getId())) { logger.warn("Tried to add a policy with a an unmatched claim ID: got " + claim.getId() + " expected " + claimIds); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); return HttpCodeView.VIEWNAME; } } // update the existing object with the new values policy.setClaimsRequired(p.getClaimsRequired()); policy.setName(p.getName()); policy.setScopes(p.getScopes()); resourceSetService.update(rs, rs); m.addAttribute(JsonEntityView.ENTITY, policy); return JsonEntityView.VIEWNAME; } } // if we made it this far, we haven't found it m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); return HttpCodeView.VIEWNAME; }
From source file:org.mitre.uma.web.ResourceSetRegistrationEndpoint.java
@RequestMapping(method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public String listResourceSets(Model m, Authentication auth) { ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE); String owner = auth.getName(); Collection<ResourceSet> resourceSets = Collections.emptySet(); if (auth instanceof OAuth2Authentication) { // if it's an OAuth mediated call, it's on behalf of a client, so look that up too OAuth2Authentication o2a = (OAuth2Authentication) auth; resourceSets = resourceSetService.getAllForOwnerAndClient(owner, o2a.getOAuth2Request().getClientId()); } else {/*from w w w. j a va 2s . c om*/ // otherwise get everything for the current user resourceSets = resourceSetService.getAllForOwner(owner); } // build the entity here and send to the display Set<String> ids = new HashSet<>(); for (ResourceSet resourceSet : resourceSets) { ids.add(resourceSet.getId().toString()); // add them all as strings so that gson renders them properly } m.addAttribute(JsonEntityView.ENTITY, ids); return JsonEntityView.VIEWNAME; }
From source file:org.mitre.uma.web.PolicyAPI.java
/** * Delete a specific policy/*from ww w. ja v a2s . c o m*/ * @param rsid * @param pid * @param m * @param auth * @return */ @RequestMapping(value = "/{rsid}" + POLICYURL + "/{pid}", method = RequestMethod.DELETE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE) public String deleteResourceSet(@PathVariable("rsid") Long rsid, @PathVariable(value = "pid") Long pid, Model m, Authentication auth) { ResourceSet rs = resourceSetService.getById(rsid); if (rs == null) { m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.addAttribute(JsonErrorView.ERROR, "not_found"); return JsonErrorView.VIEWNAME; } if (!auth.getName().equals(rs.getOwner())) { logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName()); // it wasn't issued to this user m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return JsonErrorView.VIEWNAME; } for (Policy policy : rs.getPolicies()) { if (policy.getId().equals(pid)) { // found it! rs.getPolicies().remove(policy); resourceSetService.update(rs, rs); m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT); return HttpCodeView.VIEWNAME; } } // if we made it this far, we haven't found it m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); return HttpCodeView.VIEWNAME; }