org.energyos.espi.thirdparty.web.ScopeSelectionController.java Source code

Java tutorial

Introduction

Here is the source code for org.energyos.espi.thirdparty.web.ScopeSelectionController.java

Source

/*
 * Copyright 2013, 2014, 2015 EnergyOS.org
 *
 *    Licensed under the Apache License, Version 2.0 (the "License");
 *    you may not use this file except in compliance with the License.
 *    You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *
 *    Unless required by applicable law or agreed to in writing, software
 *    distributed under the License is distributed on an "AS IS" BASIS,
 *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *    See the License for the specific language governing permissions and
 *    limitations under the License.
 */

package org.energyos.espi.thirdparty.web;

import java.security.Principal;
import java.util.Arrays;
import java.util.Set;
import java.util.UUID;

import javax.persistence.NoResultException;
import javax.xml.bind.JAXBException;

import org.energyos.espi.common.domain.ApplicationInformation;
import org.energyos.espi.common.domain.Authorization;
import org.energyos.espi.common.domain.Routes;
import org.energyos.espi.common.service.ApplicationInformationService;
import org.energyos.espi.common.service.AuthorizationService;
import org.energyos.espi.common.service.StateService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;

@Controller
@PreAuthorize("hasRole('ROLE_USER')")
public class ScopeSelectionController extends BaseController {

    @Autowired
    private ApplicationInformationService applicationInformationService;

    @Autowired
    private AuthorizationService authorizationService;

    @Autowired
    @Qualifier("stateService")
    private StateService stateService;

    @RequestMapping(value = Routes.THIRD_PARTY_SCOPE_SELECTION_SCREEN, method = RequestMethod.GET)
    public String scopeSelection(@RequestParam("scope") String[] scopes, ModelMap model) throws JAXBException {

        System.out.printf("ScopeSelectionController: HttpRequest Method: GET, scopes: %s\n", Arrays.asList(scopes));

        model.put("scopeList", Arrays.asList(scopes));

        return "/RetailCustomer/ScopeSelection";
    }

    @RequestMapping(value = Routes.THIRD_PARTY_SCOPE_SELECTION_SCREEN_WITH_RETAIL_CUSTOMER_ID, method = RequestMethod.POST)
    public String scopeSelection(@RequestParam("Data_custodian") String dataCustodianId,
            @RequestParam("Data_custodian_URL") String dataCustodianURL) throws JAXBException {

        System.out.printf(
                "ScopeSelectionController: HttpRequest Method: POST, dataCustodianID: %s dataCustodianURL: %s\n",
                dataCustodianId, dataCustodianURL);

        ApplicationInformation applicationInformation = applicationInformationService
                .findByDataCustodianClientId(dataCustodianId);
        return "redirect:" + dataCustodianURL + "?" + newScopeParams(applicationInformation.getScope())
                + "&ThirdPartyID=" + applicationInformation.getClientId();
    }

    @RequestMapping(value = Routes.THIRD_PARTY_SCOPE_SELECTION_SCREEN, method = RequestMethod.POST)
    public String scopeAuthorization(@RequestParam("scope") String scope,
            @RequestParam("DataCustodianID") String dataCustodianId, Principal principal) throws JAXBException {

        System.out.printf("ScopeSelectionController: HttpRequest Method: POST, scope: %s dataCustodianID: %s\n",
                scope, dataCustodianId);

        ApplicationInformation applicationInformation = applicationInformationService
                .findByDataCustodianClientId(dataCustodianId);

        try {
            // Does an ACTIVE authorization record exist for the requested Scope
            Authorization currentAuthorization = authorizationService.findByScope(scope,
                    currentCustomer(principal).getId());

            // Is this a valid authorization record?
            if (currentAuthorization.getStatus() == null) {

                // Delete the invalid record and continue request
                authorizationService.delete(currentAuthorization);
                throw new NoResultException();
            }

            else {

                // Is the existing authorization record Active
                if (!currentAuthorization.getStatus().equals("1")) {

                    // No, create a new authorization record entry
                    throw new NoResultException();
                }
            }

        } catch (NoResultException | EmptyResultDataAccessException e) {

            // No authorization record exist for the requested Scope
            Authorization authorization = new Authorization();

            // Initialize authorization record content
            authorization.setApplicationInformation(applicationInformation);
            authorization.setThirdParty(applicationInformation.getClientId());
            authorization.setRetailCustomer(currentCustomer(principal));
            authorization.setState(stateService.newState());
            authorization.setUUID(UUID.randomUUID());
            authorization.setResponseType("code");
            authorization.setScope(scope);
            authorizationService.persist(authorization);

            return "redirect:" + applicationInformation.getAuthorizationServerAuthorizationEndpoint()
                    + "?client_id=" + applicationInformation.getClientId() + "&redirect_uri="
                    + applicationInformation.getRedirectUri() + "&response_type=code&scope=" + scope + "&state="
                    + authorization.getState();
        }

        // TODO: If an Oauth access token already exists, do we want to display
        // the "UsagePoint" screen?
        // Display the Authorization List screen if an OAuth access token
        // already exist
        return "redirect:/RetailCustomer/" + currentCustomer(principal).getId() + "/AuthorizationList";

    }

    public void setAuthorizationService(AuthorizationService authorizationService) {
        this.authorizationService = authorizationService;
    }

    public void setStateService(StateService stateService) {
        this.stateService = stateService;
    }

    public void setApplicationInformationService(ApplicationInformationService applicationInformationService) {
        this.applicationInformationService = applicationInformationService;
    }

    public static String newScopeParams(Set<String> scopes) {
        StringBuilder sb = new StringBuilder();
        int i = 0;
        for (String scope : scopes) {
            if (i > 0)
                sb.append("&");
            sb.append("scope=" + scope);
            i++;
        }
        return sb.toString();
    }
}