Commit 37b9ff18 authored by Matija Obreza's avatar Matija Obreza
Browse files

Moved to /webapi/* to avoid existing spring-security (OAuth and regular) and <sec:csrf />

OAuthManagement controller allows for OAuthClientType
parent 297261af
......@@ -20,6 +20,7 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.genesys2.server.model.oauth.OAuthAccessToken;
......@@ -78,6 +79,8 @@ public class OAuth2ClientDetailsServiceImpl implements OAuth2ClientDetailsServic
logger.info("loadClientByClientId: " + clientId);
ClientDetails details;
try {
if (StringUtils.isBlank(clientId))
throw new NoSuchClientException("Blank client_id provided");
details = clientDetailsPersistence.findOne(clientId);
} catch (final EmptyResultDataAccessException e) {
throw new NoSuchClientException("No client with requested id: " + clientId);
......
......@@ -365,32 +365,4 @@ public class ExplorerController extends BaseController {
throw e;
}
}
@RequestMapping(value = "/explore/acc", method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody
public Object getAcc(@RequestBody JsonData jsonData) throws IOException {
Crop crop = cropService.getCrop(jsonData.crop);
if (crop == null) {
throw new ResourceNotFoundException("No crop " + jsonData.crop);
}
String filter = "{\"crop\":[\"" + crop.getShortName() + "\"]}";
ObjectNode jsonTree = null;
jsonTree = (ObjectNode) mapper.readTree(filter);
_logger.debug(jsonTree.toString());
Page<Accession> accessions = filterService.listAccessions(jsonTree, new PageRequest(jsonData.startAt - 1, jsonData.maxRecords, new Sort("acceNumb")));
return accessions;
}
public static class JsonData {
public String crop;
public Integer startAt;
public Integer maxRecords;
public String otherOptions;
}
}
......@@ -20,6 +20,7 @@ import java.util.Collection;
import org.genesys2.server.model.oauth.OAuthAccessToken;
import org.genesys2.server.model.oauth.OAuthClientDetails;
import org.genesys2.server.model.oauth.OAuthClientType;
import org.genesys2.server.service.JPATokenStore;
import org.genesys2.server.service.OAuth2ClientDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
......@@ -106,20 +107,21 @@ public class OAuthManagementController extends BaseController {
@PreAuthorize("hasAnyRole('VETTEDUSER','ADMINISTRATOR')")
@RequestMapping("/createClient")
public String createClientEntry(@RequestParam("clientId") String clientId, @RequestParam("clientSecret") String clientSecret,
@RequestParam(value = "redirectUri", required = false) String redirectUri) {
final OAuthClientDetails clientDetails = createOAuthClient(clientId, clientSecret, redirectUri);
@RequestParam(value = "redirectUri", required = false) String redirectUri, @RequestParam("clientType") OAuthClientType clientType) {
final OAuthClientDetails clientDetails = createOAuthClient(clientId, clientSecret, redirectUri, clientType);
clientDetailsService.addClientDetails(clientDetails);
return "redirect:/profile";
}
private OAuthClientDetails createOAuthClient(String clientId, String clientSecret, String redirectUri) {
private OAuthClientDetails createOAuthClient(String clientId, String clientSecret, String redirectUri, OAuthClientType clientType) {
final OAuthClientDetails clientDetails = new OAuthClientDetails();
clientDetails.setClientId(clientId);
clientDetails.setClientSecret(clientSecret);
if (redirectUri != null) {
clientDetails.setRegisteredRedirectUri(redirectUri);
}
clientDetails.setClientType(clientType);
clientDetails.setScope("read,write");
clientDetails.setAuthorizedGrantTypes("authorization_code,refresh_token");
clientDetails.setAuthorities("USER");
......
......@@ -27,6 +27,7 @@ import org.genesys2.server.model.genesys.Accession;
import org.genesys2.server.model.impl.FaoInstitute;
import org.genesys2.server.model.json.AccessionJson;
import org.genesys2.server.service.BatchRESTService;
import org.genesys2.server.service.GenesysFilterService;
import org.genesys2.server.service.GenesysRESTService;
import org.genesys2.server.service.GenesysService;
import org.genesys2.server.service.GeoService;
......@@ -38,6 +39,9 @@ import org.genesys2.server.servlet.controller.rest.model.AccessionHeaderJson;
import org.genesys2.server.servlet.controller.rest.model.AccessionNamesJson;
import org.genesys2.spring.ResourceNotFoundException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageRequest;
import org.springframework.data.domain.Sort;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
......@@ -64,6 +68,9 @@ public class AccessionController extends RestController {
@Autowired
GenesysService genesysService;
@Autowired
private GenesysFilterService filterService;
@Autowired
BatchRESTService batchRESTService;
......@@ -263,6 +270,30 @@ public class AccessionController extends RestController {
List<AccessionJson> get(@RequestBody Set<Long> accessionIds) {
return restService.getAccessionJSON(accessionIds);
}
@RequestMapping(value = "/filter", method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody
public Object getAcc(@RequestBody JsonData jsonData) throws IOException {
String filter = "{\"crop\":[\"" + jsonData.crop + "\"]}";
ObjectNode jsonTree = null;
jsonTree = (ObjectNode) mapper.readTree(filter);
LOG.debug(jsonTree.toString());
Page<Accession> accessions = filterService.listAccessions(jsonTree, new PageRequest(jsonData.startAt - 1, jsonData.maxRecords, new Sort("acceNumb")));
return accessions;
}
public static class JsonData {
public String crop;
public Integer startAt;
public Integer maxRecords;
public String otherOptions;
}
private AccessionHeaderJson readAid3(JsonNode json) {
final AccessionHeaderJson dataJson = new AccessionHeaderJson();
......
/**
* Copyright 2014 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
package org.genesys2.server.servlet.controller.webapi;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import org.genesys2.server.model.genesys.Accession;
import org.genesys2.server.model.json.AccessionJson;
import org.genesys2.server.model.json.GenesysJsonFactory;
import org.genesys2.server.service.GenesysFilterService;
import org.genesys2.server.service.GenesysService;
import org.genesys2.server.servlet.controller.rest.RestController;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageImpl;
import org.springframework.data.domain.PageRequest;
import org.springframework.data.domain.Pageable;
import org.springframework.data.domain.Sort;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
@Controller
@RequestMapping(value = { "/webapi/v0/acn" })
public class WebApiController extends RestController {
private final ObjectMapper mapper = new ObjectMapper();
@Autowired
GenesysService genesysService;
@Autowired
private GenesysFilterService filterService;
@RequestMapping(value = "/filter", method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody
public Page<AccessionJson> filterAccessions(@RequestBody JsonData jsonData) throws IOException {
String filter = "{\"crop\":[\"" + jsonData.crop + "\"]}";
ObjectNode jsonTree = null;
jsonTree = (ObjectNode) mapper.readTree(filter);
LOG.debug(jsonTree.toString());
Pageable pageable = new PageRequest(jsonData.startAt - 1, Math.min(50, jsonData.maxRecords), new Sort("acceNumb"));
Page<Accession> accessions = filterService.listAccessions(jsonTree, pageable);
List<AccessionJson> list = new ArrayList<AccessionJson>(accessions.getNumber());
for (Accession a : accessions.getContent()) {
list.add(GenesysJsonFactory.from(a));
}
Page<AccessionJson> acnJ = new PageImpl<AccessionJson>(list, pageable, accessions.getTotalElements());
return acnJ;
}
public static class JsonData {
public String crop;
public Integer startAt;
public Integer maxRecords;
public String otherOptions;
}
}
......@@ -62,7 +62,7 @@ public class ApiFilter extends OncePerRequestFilter {
} catch (Throwable e) {
_logger.warn(e.getMessage());
response.sendRedirect("/api/error.js");
response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
}
}
......
......@@ -43,8 +43,9 @@
</sec:global-method-security>
<!--Do not filter static resources -->
<sec:http pattern="/html/**" security="none" />
<sec:http pattern="/html/**" security="none" create-session="stateless" />
<sec:http pattern="/webapi/**" security="none" create-session="stateless" xmlns="http://www.springframework.org/schema/security" />
<!-- Closed page and Authentication filter -->
<sec:http auto-config="true" use-expressions="true">
......@@ -65,5 +66,5 @@
<!--enable CSRF protection-->
<sec:csrf />
</sec:http>
</beans>
......@@ -24,12 +24,22 @@
<input type="text" id="secret" name="clientSecret" class="span3 form-control" />
</div>
</div>
<div class="form-group">
<label for="redirectUri" class="col-lg-2 control-label"><spring:message code="oauth-client.redirect.uri" /></label>
<div class="col-lg-3">
<input type="text" id="redirectUri" name="redirectUri" class="span3 form-control" />
</div>
<div class="form-group">
<label for="redirectUri" class="col-lg-2 control-label"><spring:message code="oauth-client.redirect.uri" /></label>
<div class="col-lg-3">
<input type="text" id="redirectUri" name="redirectUri" class="span3 form-control" />
</div>
</div>
<div class="form-group">
<label for="redirectUri" class="col-lg-2 control-label"><spring:message code="oauth-client.clientType" /></label>
<div class="col-lg-3">
<select id="clientType" name="clientType" class="span3 form-control">
<option value="WEBAPP">Web application</option>
<option value="SERVICE">Service</option>
<option value="PACKAGED">Packaged</option>
</select>
</div>
</div>
<div class="form-group">
<div class="col-lg-offset-2 col-lg-10">
<input type="submit" value="<spring:message code="save"/>" class="btn btn-primary" /> <a class="btn btn-default" href="<c:url value="/profile" />" class="btn"> <spring:message code="cancel" />
......
......@@ -101,6 +101,10 @@
<filter-name>cross-origin</filter-name>
<url-pattern>/api/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>cross-origin</filter-name>
<url-pattern>/webapi/*</url-pattern>
</filter-mapping>
......
alert("Wrong token for genesys-api.js")
\ No newline at end of file
......@@ -4,9 +4,9 @@ GenesysPrg = {
var json={crop: data.crop, startAt: data.startAt, maxRecords: data.maxRecords, other_option: data.other_option};
$.ajax('/explore/acc', {
$.ajax('http://localhost:8080/webapi/v0/acn/filter', {
dataType: 'json',
type: 'post',
type: 'POST',
contentType: 'application/json; charset=utf-8',
data: JSON.stringify(json),
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment