com.bennavetta.appsite.webapi.AuthController.java Source code

Java tutorial

  1. HOME
  2. Java
  3. com.bennavetta.appsite.webapi.AuthController.java

Introduction

Here is the source code for com.bennavetta.appsite.webapi.AuthController.java

Source

/**
 * Copyright 2013 Ben Navetta <ben@bennavetta.com>
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.bennavetta.appsite.webapi;

import static com.bennavetta.appsite.util.ObjectifyProvider.ofy;
import static org.springframework.web.bind.annotation.RequestMethod.DELETE;
import static org.springframework.web.bind.annotation.RequestMethod.GET;
import static org.springframework.web.bind.annotation.RequestMethod.POST;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;

import com.bennavetta.appsite.security.AccessRule;
import com.bennavetta.appsite.security.User;
import com.bennavetta.appsite.security.UserService;
import com.bennavetta.appsite.util.DatastoreObjectCache;
import com.netflix.config.DynamicPropertyFactory;

@Controller
@RequestMapping("/auth")
public class AuthController {
    private DatastoreObjectCache<AccessRule> rules = new DatastoreObjectCache<>(AccessRule.class,
            DynamicPropertyFactory.getInstance().getLongProperty("access.rule.cache", 1000));

    private UserService userService;

    @Autowired
    public void setUserService(UserService userService) {
        this.userService = userService;
    }

    @RequestMapping(value = "/rule", method = POST)
    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void createRule(AccessRule rule) // let Jackson handle it
    {
        ofy().save().entity(rule).now();
    }

    @RequestMapping(value = "/rule", method = GET)
    @ResponseBody
    public Collection<AccessRule> listRules() {
        return rules.get();
    }

    @RequestMapping(value = "/rule", method = DELETE)
    public ResponseEntity<String> deleteRule(@RequestParam String pattern) {
        AccessRule rule = ofy().load().type(AccessRule.class).id(pattern).get();
        if (rule != null) {
            ofy().delete().entity(rule).now();
            return new ResponseEntity<String>(pattern, HttpStatus.OK);
        } else {
            return new ResponseEntity<String>("Rule '" + pattern + "' not found", HttpStatus.NOT_FOUND);
        }
    }

    @RequestMapping(value = "/user", method = POST)
    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void createUser(@RequestBody User user) {
        // use the same domain object to avoid duplicating information
        userService.create(user.getUsername(), user.getPassword(), user.getRoles(), user.getPermissions());
    }

    @RequestMapping(value = "/user", method = GET)
    @ResponseBody
    public Set<UserInfo> listUsers() {
        Set<UserInfo> info = new HashSet<>();
        for (User user : ofy().load().type(User.class)) {
            info.add(new UserInfo(user));
        }
        return info;
    }

    @RequestMapping(value = "/user", method = DELETE)
    public ResponseEntity<String> deleteUser(@RequestParam String username) {
        User user = ofy().load().type(User.class).id(username).get();
        if (user != null) {
            ofy().delete().entity(user).now();
            return new ResponseEntity<String>(username, HttpStatus.OK);
        } else {
            return new ResponseEntity<String>("User '" + username + "' not found", HttpStatus.NOT_FOUND);
        }
    }

    /**
     * The user info that we are willing to share via the API (with other admins)
     * @author ben
     *
     */
    public static class UserInfo {
        private String username;
        private List<String> roles;
        private List<String> permissions;

        public UserInfo(User user) {
            this.username = user.getUsername();
            this.roles = user.getRoles() != null ? new ArrayList<>(user.getRoles()) : null;
            this.permissions = user.getPermissions() != null ? new ArrayList<>(user.getPermissions()) : null;
        }

        public String getUsername() {
            return username;
        }

        public List<String> getRoles() {
            return roles;
        }

        public List<String> getPermissions() {
            return permissions;
        }
    }
}