001/******************************************************************************* 002 * Copyright 2018 The MIT Internet Trust Consortium 003 * 004 * Portions copyright 2011-2013 The MITRE Corporation 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); 007 * you may not use this file except in compliance with the License. 008 * You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 *******************************************************************************/ 018/** 019 * 020 */ 021package org.mitre.openid.connect.web; 022 023import java.security.Principal; 024import java.util.Collection; 025 026import org.mitre.openid.connect.model.BlacklistedSite; 027import org.mitre.openid.connect.service.BlacklistedSiteService; 028import org.mitre.openid.connect.view.HttpCodeView; 029import org.mitre.openid.connect.view.JsonEntityView; 030import org.mitre.openid.connect.view.JsonErrorView; 031import org.slf4j.Logger; 032import org.slf4j.LoggerFactory; 033import org.springframework.beans.factory.annotation.Autowired; 034import org.springframework.http.HttpStatus; 035import org.springframework.http.MediaType; 036import org.springframework.security.access.prepost.PreAuthorize; 037import org.springframework.stereotype.Controller; 038import org.springframework.ui.ModelMap; 039import org.springframework.web.bind.annotation.PathVariable; 040import org.springframework.web.bind.annotation.RequestBody; 041import org.springframework.web.bind.annotation.RequestMapping; 042import org.springframework.web.bind.annotation.RequestMethod; 043 044import com.google.gson.Gson; 045import com.google.gson.JsonObject; 046import com.google.gson.JsonParser; 047import com.google.gson.JsonSyntaxException; 048 049/** 050 * @author jricher 051 * 052 */ 053@Controller 054@RequestMapping("/" + BlacklistAPI.URL) 055@PreAuthorize("hasRole('ROLE_ADMIN')") 056public class BlacklistAPI { 057 058 public static final String URL = RootController.API_URL + "/blacklist"; 059 060 @Autowired 061 private BlacklistedSiteService blacklistService; 062 063 /** 064 * Logger for this class 065 */ 066 private static final Logger logger = LoggerFactory.getLogger(BlacklistAPI.class); 067 068 private Gson gson = new Gson(); 069 private JsonParser parser = new JsonParser(); 070 071 /** 072 * Get a list of all blacklisted sites 073 * @param m 074 * @return 075 */ 076 @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) 077 public String getAllBlacklistedSites(ModelMap m) { 078 079 Collection<BlacklistedSite> all = blacklistService.getAll(); 080 081 m.put(JsonEntityView.ENTITY, all); 082 083 return JsonEntityView.VIEWNAME; 084 } 085 086 /** 087 * Create a new blacklisted site 088 * @param jsonString 089 * @param m 090 * @param p 091 * @return 092 */ 093 @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) 094 public String addNewBlacklistedSite(@RequestBody String jsonString, ModelMap m, Principal p) { 095 096 JsonObject json; 097 098 BlacklistedSite blacklist = null; 099 100 try { 101 102 json = parser.parse(jsonString).getAsJsonObject(); 103 blacklist = gson.fromJson(json, BlacklistedSite.class); 104 BlacklistedSite newBlacklist = blacklistService.saveNew(blacklist); 105 m.put(JsonEntityView.ENTITY, newBlacklist); 106 107 } 108 catch (JsonSyntaxException e) { 109 logger.error("addNewBlacklistedSite failed due to JsonSyntaxException: ", e); 110 m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); 111 m.put(JsonErrorView.ERROR_MESSAGE, "Could not save new blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); 112 return JsonErrorView.VIEWNAME; 113 } catch (IllegalStateException e) { 114 logger.error("addNewBlacklistedSite failed due to IllegalStateException", e); 115 m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); 116 m.put(JsonErrorView.ERROR_MESSAGE, "Could not save new blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); 117 return JsonErrorView.VIEWNAME; 118 } 119 120 return JsonEntityView.VIEWNAME; 121 122 } 123 124 /** 125 * Update an existing blacklisted site 126 */ 127 @RequestMapping(value="/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) 128 public String updateBlacklistedSite(@PathVariable("id") Long id, @RequestBody String jsonString, ModelMap m, Principal p) { 129 130 JsonObject json; 131 132 BlacklistedSite blacklist = null; 133 134 try { 135 136 json = parser.parse(jsonString).getAsJsonObject(); 137 blacklist = gson.fromJson(json, BlacklistedSite.class); 138 139 } 140 catch (JsonSyntaxException e) { 141 logger.error("updateBlacklistedSite failed due to JsonSyntaxException", e); 142 m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); 143 m.put(JsonErrorView.ERROR_MESSAGE, "Could not update blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); 144 return JsonErrorView.VIEWNAME; 145 } catch (IllegalStateException e) { 146 logger.error("updateBlacklistedSite failed due to IllegalStateException", e); 147 m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); 148 m.put(JsonErrorView.ERROR_MESSAGE, "Could not update blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); 149 return JsonErrorView.VIEWNAME; 150 } 151 152 153 BlacklistedSite oldBlacklist = blacklistService.getById(id); 154 155 if (oldBlacklist == null) { 156 logger.error("updateBlacklistedSite failed; blacklist with id " + id + " could not be found"); 157 m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); 158 m.put(JsonErrorView.ERROR_MESSAGE, "Could not update blacklisted site. The requested blacklist with id " + id + "could not be found."); 159 return JsonErrorView.VIEWNAME; 160 } else { 161 162 BlacklistedSite newBlacklist = blacklistService.update(oldBlacklist, blacklist); 163 164 m.put(JsonEntityView.ENTITY, newBlacklist); 165 166 return JsonEntityView.VIEWNAME; 167 } 168 } 169 170 /** 171 * Delete a blacklisted site 172 * 173 */ 174 @RequestMapping(value="/{id}", method = RequestMethod.DELETE) 175 public String deleteBlacklistedSite(@PathVariable("id") Long id, ModelMap m) { 176 BlacklistedSite blacklist = blacklistService.getById(id); 177 178 if (blacklist == null) { 179 logger.error("deleteBlacklistedSite failed; blacklist with id " + id + " could not be found"); 180 m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete bladklist. The requested bladklist with id " + id + " could not be found."); 181 return JsonErrorView.VIEWNAME; 182 } else { 183 m.put(HttpCodeView.CODE, HttpStatus.OK); 184 blacklistService.remove(blacklist); 185 } 186 187 return HttpCodeView.VIEWNAME; 188 } 189 190 /** 191 * Get a single blacklisted site 192 */ 193 @RequestMapping(value="/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) 194 public String getBlacklistedSite(@PathVariable("id") Long id, ModelMap m) { 195 BlacklistedSite blacklist = blacklistService.getById(id); 196 if (blacklist == null) { 197 logger.error("getBlacklistedSite failed; blacklist with id " + id + " could not be found"); 198 m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); 199 m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete bladklist. The requested bladklist with id " + id + " could not be found."); 200 return JsonErrorView.VIEWNAME; 201 } else { 202 203 m.put(JsonEntityView.ENTITY, blacklist); 204 205 return JsonEntityView.VIEWNAME; 206 } 207 208 } 209 210}