001/******************************************************************************* 002 * Copyright 2018 The MIT Internet Trust Consortium 003 * 004 * Portions copyright 2011-2013 The MITRE Corporation 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); 007 * you may not use this file except in compliance with the License. 008 * You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 *******************************************************************************/ 018/** 019 * 020 */ 021package org.mitre.openid.connect.web; 022 023import java.security.Principal; 024import java.util.Collection; 025 026import org.mitre.openid.connect.model.WhitelistedSite; 027import org.mitre.openid.connect.service.WhitelistedSiteService; 028import org.mitre.openid.connect.view.HttpCodeView; 029import org.mitre.openid.connect.view.JsonEntityView; 030import org.mitre.openid.connect.view.JsonErrorView; 031import org.slf4j.Logger; 032import org.slf4j.LoggerFactory; 033import org.springframework.beans.factory.annotation.Autowired; 034import org.springframework.http.HttpStatus; 035import org.springframework.http.MediaType; 036import org.springframework.security.access.prepost.PreAuthorize; 037import org.springframework.stereotype.Controller; 038import org.springframework.ui.ModelMap; 039import org.springframework.web.bind.annotation.PathVariable; 040import org.springframework.web.bind.annotation.RequestBody; 041import org.springframework.web.bind.annotation.RequestMapping; 042import org.springframework.web.bind.annotation.RequestMethod; 043 044import com.google.gson.Gson; 045import com.google.gson.JsonObject; 046import com.google.gson.JsonParseException; 047import com.google.gson.JsonParser; 048 049/** 050 * @author jricher 051 * 052 */ 053@Controller 054@RequestMapping("/" + WhitelistAPI.URL) 055@PreAuthorize("hasRole('ROLE_USER')") 056public class WhitelistAPI { 057 058 public static final String URL = RootController.API_URL + "/whitelist"; 059 060 @Autowired 061 private WhitelistedSiteService whitelistService; 062 063 /** 064 * Logger for this class 065 */ 066 private static final Logger logger = LoggerFactory.getLogger(WhitelistAPI.class); 067 068 private Gson gson = new Gson(); 069 private JsonParser parser = new JsonParser(); 070 071 /** 072 * Get a list of all whitelisted sites 073 * @param m 074 * @return 075 */ 076 @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) 077 public String getAllWhitelistedSites(ModelMap m) { 078 079 Collection<WhitelistedSite> all = whitelistService.getAll(); 080 081 m.put(JsonEntityView.ENTITY, all); 082 083 return JsonEntityView.VIEWNAME; 084 } 085 086 /** 087 * Create a new whitelisted site 088 * @param jsonString 089 * @param m 090 * @param p 091 * @return 092 */ 093 @PreAuthorize("hasRole('ROLE_ADMIN')") 094 @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) 095 public String addNewWhitelistedSite(@RequestBody String jsonString, ModelMap m, Principal p) { 096 097 JsonObject json; 098 099 WhitelistedSite whitelist = null; 100 try { 101 json = parser.parse(jsonString).getAsJsonObject(); 102 whitelist = gson.fromJson(json, WhitelistedSite.class); 103 104 } catch (JsonParseException e) { 105 logger.error("addNewWhitelistedSite failed due to JsonParseException", e); 106 m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); 107 m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not save new whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); 108 return JsonErrorView.VIEWNAME; 109 } catch (IllegalStateException e) { 110 logger.error("addNewWhitelistedSite failed due to IllegalStateException", e); 111 m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); 112 m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not save new whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); 113 return JsonErrorView.VIEWNAME; 114 } 115 116 // save the id of the person who created this 117 whitelist.setCreatorUserId(p.getName()); 118 119 WhitelistedSite newWhitelist = whitelistService.saveNew(whitelist); 120 121 m.put(JsonEntityView.ENTITY, newWhitelist); 122 123 return JsonEntityView.VIEWNAME; 124 125 } 126 127 /** 128 * Update an existing whitelisted site 129 */ 130 @PreAuthorize("hasRole('ROLE_ADMIN')") 131 @RequestMapping(value="/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) 132 public String updateWhitelistedSite(@PathVariable("id") Long id, @RequestBody String jsonString, ModelMap m, Principal p) { 133 134 JsonObject json; 135 136 WhitelistedSite whitelist = null; 137 try { 138 json = parser.parse(jsonString).getAsJsonObject(); 139 whitelist = gson.fromJson(json, WhitelistedSite.class); 140 141 } catch (JsonParseException e) { 142 logger.error("updateWhitelistedSite failed due to JsonParseException", e); 143 m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); 144 m.put(JsonErrorView.ERROR_MESSAGE, "Could not update whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); 145 return JsonErrorView.VIEWNAME; 146 } catch (IllegalStateException e) { 147 logger.error("updateWhitelistedSite failed due to IllegalStateException", e); 148 m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); 149 m.put(JsonErrorView.ERROR_MESSAGE, "Could not update whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); 150 return JsonErrorView.VIEWNAME; 151 } 152 153 WhitelistedSite oldWhitelist = whitelistService.getById(id); 154 155 if (oldWhitelist == null) { 156 logger.error("updateWhitelistedSite failed; whitelist with id " + id + " could not be found."); 157 m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); 158 m.put(JsonErrorView.ERROR_MESSAGE, "Could not update whitelisted site. The requested whitelisted site with id " + id + "could not be found."); 159 return JsonErrorView.VIEWNAME; 160 } else { 161 162 WhitelistedSite newWhitelist = whitelistService.update(oldWhitelist, whitelist); 163 164 m.put(JsonEntityView.ENTITY, newWhitelist); 165 166 return JsonEntityView.VIEWNAME; 167 } 168 } 169 170 /** 171 * Delete a whitelisted site 172 * 173 */ 174 @PreAuthorize("hasRole('ROLE_ADMIN')") 175 @RequestMapping(value="/{id}", method = RequestMethod.DELETE) 176 public String deleteWhitelistedSite(@PathVariable("id") Long id, ModelMap m) { 177 WhitelistedSite whitelist = whitelistService.getById(id); 178 179 if (whitelist == null) { 180 logger.error("deleteWhitelistedSite failed; whitelist with id " + id + " could not be found."); 181 m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); 182 m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete whitelisted site. The requested whitelisted site with id " + id + "could not be found."); 183 return JsonErrorView.VIEWNAME; 184 } else { 185 m.put(HttpCodeView.CODE, HttpStatus.OK); 186 whitelistService.remove(whitelist); 187 } 188 189 return HttpCodeView.VIEWNAME; 190 } 191 192 /** 193 * Get a single whitelisted site 194 */ 195 @RequestMapping(value="/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) 196 public String getWhitelistedSite(@PathVariable("id") Long id, ModelMap m) { 197 WhitelistedSite whitelist = whitelistService.getById(id); 198 if (whitelist == null) { 199 logger.error("getWhitelistedSite failed; whitelist with id " + id + " could not be found."); 200 m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); 201 m.put(JsonErrorView.ERROR_MESSAGE, "The requested whitelisted site with id " + id + "could not be found."); 202 return JsonErrorView.VIEWNAME; 203 } else { 204 205 m.put(JsonEntityView.ENTITY, whitelist); 206 207 return JsonEntityView.VIEWNAME; 208 } 209 210 } 211 212}