Commit bb1c066b authored by Matija Obreza's avatar Matija Obreza

Fixed BrAPI

- OAuth configuration
- v1.3 validated
parent 78f79077
......@@ -33,7 +33,8 @@ public class BrAPIResponse<T> {
}
public BrAPIResponse(Page<T> results) {
this.result = results.getContent();
this.result = new Result<T>(results.getContent());
this.metadata.pagination = new Pagination();
this.metadata.pagination.update(results);
}
......@@ -51,14 +52,16 @@ public class BrAPIResponse<T> {
public static class Metadata {
/// If no status is reported, an empty list should be returned
public List<Status> status = new ArrayList<>();
/// The datafiles key contains a list of strings. The empty list should be returned if no datafiles are present.
/// The datafiles key contains a list of strings. The empty list should be
/// returned if no datafiles are present.
public List<String> datafiles = new ArrayList<>();
/// For paginated results
public Pagination pagination = new Pagination();
public Pagination pagination;
}
/**
* The status object contains a list of objects with the keys "code" and "message".
* The status object contains a list of objects with the keys "code" and
* "message".
*/
public static class Status {
public Status(String message) {
......@@ -95,4 +98,12 @@ public class BrAPIResponse<T> {
this.totalCount = page.getTotalElements();
}
}
public static class Result<T> {
public List<T> data;
public Result(List<T> content) {
data = content;
}
}
}
......@@ -36,7 +36,7 @@ public class Call {
private RequestMethod[] methods;
/** The Constant versions. */
private static final String[] versions = { "1.3" };
private final String[] versions = { "1.3" };
public Call(String apiPrefix, String endpoint, RequestMethod[] requestMethods, String[] dataTypes) {
......@@ -107,7 +107,7 @@ public class Call {
*
* @return the versions
*/
public static String[] getVersions() {
public String[] getVersions() {
return versions;
}
......
......@@ -50,8 +50,9 @@ public class BrAPIServiceImpl implements BrAPIService {
g.setDefaultDisplayName(accession.getAccessionNumber());
g.setAcceName(accession.getAccessionNumber());
if (accession.getAccessionId().getAliases() != null)
if (accession.getAccessionId().getAliases() != null) {
g.setSynonyms(accession.getAccessionId().getAliases().stream().map(alias -> alias.getName()).collect(Collectors.toList()));
}
g.setPedigree(accession.getAncest());
if (accession.getCrop() != null)
......@@ -63,7 +64,9 @@ public class BrAPIServiceImpl implements BrAPIService {
g.setInstName(accession.getInstitute().getFullName());
g.setSampStat(accession.getSampStat());
g.setOrigCty(accession.getCountryOfOrigin().getCode3());
if (accession.getCountryOfOrigin() != null) {
g.setOrigCty(accession.getCountryOfOrigin().getCode3());
}
g.setStorage(accession.getAccessionId().getStorage());
Taxonomy2 taxonomy = accession.getTaxonomy();
......
......@@ -49,7 +49,7 @@ public class BrAPIExceptionHandler {
@ExceptionHandler(Exception.class)
@ResponseBody
public BrAPIResponse<Exception> handleServerError(Exception ex, WebRequest request) {
LOG.warn("Genral exception: {}", ex.toString());
LOG.warn("General exception: {}", ex.toString(), ex);
return new BrAPIResponse<>(ex);
}
}
......@@ -312,7 +312,7 @@ public class AccessionServiceImpl implements AccessionService {
* .filter.AccessionFilter, org.springframework.data.domain.Pageable)
*/
@Override
@Cacheable(value = "apiResponses.accessionApi1.list", unless = "#result == null", keyGenerator = "shortFilterKeyGenerator")
// @Cacheable(value = "apiResponses.accessionApi1.list", unless = "#result == null", keyGenerator = "shortFilterKeyGenerator")
public Page<Accession> list(AccessionFilter filter, Pageable page) {
List<Accession> content = accessionRepository.findAll(filter, page);
......
/*
* Copyright 2017 Global Crop Diversity Trust
* Copyright 2019 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
......@@ -18,7 +18,6 @@ package org.genesys2.spring.config;
import java.util.Arrays;
import org.genesys.blocks.oauth.service.OAuthServiceImpl;
import org.genesys.blocks.security.component.OAuthClientOriginCheckFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
......@@ -50,8 +49,10 @@ import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
/**
* The Class OAuth2ServerConfig.
*/
@Configuration
public class OAuth2ServerConfig {
private static final String APPLICATION_RESOURCE_ID = "genesys";
......@@ -123,39 +124,41 @@ public class OAuth2ServerConfig {
public void configure(final HttpSecurity http) throws Exception {
/*@formatter:off*/
http
.requestMatchers().antMatchers("/oauth/**", "/api/**", "/brapi/**").and()
// no sessions
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER).and()
// no CSRF
.csrf().disable()
// CORS
.cors().and()
// Anons have ROLE_EVERYONE
.anonymous().authorities("ROLE_ANONYMOUS", "ROLE_EVERYONE").and()
// And exception handling
.exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler()).and()
// CORS pre-flight unauthorized
.authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/api/**", "/brapi/**").anonymous().and()
.antMatcher("/oauth/**")
// disable CORS on /oauth
.cors().disable()
// authorize everthing on this path
.authorizeRequests().anyRequest().fullyAuthenticated().and()
.authorizeRequests().anyRequest().fullyAuthenticated()
// no sessions
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
.and().requestMatchers().antMatchers("/api/**", "/brapi/**")
// no sessions
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
// no CSRF
.and().csrf().disable()
// /api/**
// authorizations
.antMatcher("/api/v0/info/version").anonymous().and()
.antMatcher("/api/google/**").anonymous().and() // Allow anonymous request for google auth
// others must be authenticated
.antMatcher("/api/**").authorizeRequests().anyRequest().authenticated()
.and().antMatcher("/brapi/**").authorizeRequests().anyRequest().authenticated()
// Origins must match
// CORS
.cors()
// Anons have ROLE_EVERYONE
.and().anonymous().authorities("ROLE_ANONYMOUS", "ROLE_EVERYONE")
// And exception handling
.and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler())
// /api/**
// authorizations
// Allow anonymous requests
.and().authorizeRequests().antMatchers("/api/v0/info/version", "/api/google/**").anonymous()
// others must be authenticated
// CORS pre-flight unauthorized
.and().authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/api/**", "/brapi/**").anonymous()
.and().authorizeRequests().antMatchers("/api/**", "/brapi/**").fullyAuthenticated()
// Origins must match
;
/*@formatter:on*/
......
......@@ -111,7 +111,7 @@ public class BrAPITest extends AbstractApiTest {
.andExpect(jsonPath("$.metadata", is(notNullValue()))).andExpect(jsonPath("$.metadata.status", hasSize(0))).andExpect(jsonPath("$.metadata.datafiles", hasSize(0)))
.andExpect(jsonPath("$.metadata.pagination", is(not(nullValue()))))
// result array
.andExpect(jsonPath("$.result", hasSize(greaterThan(0)))).andExpect(jsonPath("$.result[0]", is("maize")))
.andExpect(jsonPath("$.result.data", hasSize(greaterThan(0)))).andExpect(jsonPath("$.result.data[0]", is("maize")))
// .andExpect(jsonPath("$[0].i18n", is(nullValue()))).andExpect(jsonPath("$[0].name",
// is("Maize"))).andExpect(jsonPath("$[0].description", is("Crop description in EN")))
.andDo(document("brapi-crops",
......@@ -123,7 +123,7 @@ public class BrAPITest extends AbstractApiTest {
fieldWithPath("metadata.status").description("If no status is reported, an empty list is returned"),
fieldWithPath("metadata.datafiles").description("Datafiles key contains a list of strings"),
fieldWithPath("metadata.pagination.*").ignored(),
fieldWithPath("result").description("List of Genesys crop names"))));
fieldWithPath("result.data").description("List of Genesys crop names"))));
LOG.info("Test listCropsTest passed");
}
......@@ -141,7 +141,7 @@ public class BrAPITest extends AbstractApiTest {
.andExpect(jsonPath("$.metadata", is(notNullValue()))).andExpect(jsonPath("$.metadata.status", hasSize(0))).andExpect(jsonPath("$.metadata.datafiles", hasSize(0)))
.andExpect(jsonPath("$.metadata.pagination", is(not(nullValue()))))
// result array
.andExpect(jsonPath("$.result", is(notNullValue())))
.andExpect(jsonPath("$.result.data", is(notNullValue())))
// .andExpect(jsonPath("$[0].i18n", is(nullValue()))).andExpect(jsonPath("$[0].name",
// is("Maize"))).andExpect(jsonPath("$[0].description", is("Crop description in EN")))
.andDo(document("brapi-germplasm-search",
......@@ -157,7 +157,7 @@ public class BrAPITest extends AbstractApiTest {
fieldWithPath("metadata.status").description("If no status is reported, an empty list is returned"),
fieldWithPath("metadata.datafiles").description("Datafiles key contains a list of strings"),
fieldWithPath("metadata.pagination.*").ignored(),
fieldWithPath("result").description("List of BrAPI Germplasm records"))));
fieldWithPath("result.data").description("List of BrAPI Germplasm records"))));
}
......@@ -173,7 +173,6 @@ public class BrAPITest extends AbstractApiTest {
})
// metadta
.andExpect(jsonPath("$.metadata", is(notNullValue()))).andExpect(jsonPath("$.metadata.status", not(nullValue()))).andExpect(jsonPath("$.metadata.datafiles", hasSize(0)))
.andExpect(jsonPath("$.metadata.pagination", is(not(nullValue()))))
// result array
// .andExpect(jsonPath("$.result", is(notNullValue())))
// .andExpect(jsonPath("$[0].i18n", is(nullValue()))).andExpect(jsonPath("$[0].name",
......@@ -187,7 +186,7 @@ public class BrAPITest extends AbstractApiTest {
fieldWithPath("metadata.status[0].code").description("Error code"),
fieldWithPath("metadata.status[0].message").description("Error message"),
fieldWithPath("metadata.datafiles").description("Datafiles key contains a list of strings"),
fieldWithPath("metadata.pagination.*").ignored(),
fieldWithPath("metadata.pagination").ignored(),
fieldWithPath("result").description("Single BrAPI Germplasm record"))));
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment