Search in sources :

Example 1 with AccessManager

use of io.javalin.core.security.AccessManager in project cwms-radar-api by USACE.

the class ApiServlet method init.

@Override
public void init() throws ServletException {
    String context = this.getServletContext().getContextPath();
    PolicyFactory sanitizer = new HtmlPolicyBuilder().disallowElements("<script>").toFactory();
    ObjectMapper om = new ObjectMapper();
    JavalinValidation.register(UnitSystem.class, UnitSystem::systemFor);
    om.setPropertyNamingStrategy(PropertyNamingStrategies.KEBAB_CASE);
    // Needed in Java 8 to properly format java.time classes
    om.registerModule(new JavaTimeModule());
    AccessManager accessManager = buildAccessManager();
    javalin = Javalin.createStandalone(config -> {
        config.defaultContentType = "application/json";
        config.contextPath = context;
        config.registerPlugin(new OpenApiPlugin(getOpenApiOptions()));
        config.enableDevLogging();
        config.requestLogger((ctx, ms) -> logger.finest(ctx.toString()));
        config.accessManager(accessManager);
    }).attribute("PolicyFactory", sanitizer).attribute("ObjectMapper", om).before(ctx -> {
        ctx.attribute("sanitizer", sanitizer);
        ctx.header("X-Content-Type-Options", "nosniff");
        ctx.header("X-Frame-Options", "SAMEORIGIN");
        ctx.header("X-XSS-Protection", "1; mode=block");
    }).exception(FormattingException.class, (fe, ctx) -> {
        final RadarError re = new RadarError("Formatting error");
        if (fe.getCause() instanceof IOException) {
            ctx.status(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        } else {
            ctx.status(HttpServletResponse.SC_NOT_IMPLEMENTED);
        }
        logger.log(Level.SEVERE, fe, () -> re + "for request: " + ctx.fullUrl());
        ctx.json(re);
    }).exception(UnsupportedOperationException.class, (e, ctx) -> {
        final RadarError re = RadarError.notImplemented();
        logger.log(Level.WARNING, e, () -> re + "for request: " + ctx.fullUrl());
        ctx.status(HttpServletResponse.SC_NOT_IMPLEMENTED).json(re);
    }).exception(BadRequestResponse.class, (e, ctx) -> {
        RadarError re = new RadarError("Bad Request", e.getDetails());
        logger.log(Level.INFO, re.toString(), e);
        ctx.status(e.getStatus()).json(re);
    }).exception(IllegalArgumentException.class, (e, ctx) -> {
        RadarError re = new RadarError("Bad Request");
        logger.log(Level.INFO, re.toString(), e);
        ctx.status(HttpServletResponse.SC_BAD_REQUEST).json(re);
    }).exception(NotFoundException.class, (e, ctx) -> {
        RadarError re = new RadarError("Not Found.");
        logger.log(Level.INFO, re.toString(), e);
        ctx.status(HttpServletResponse.SC_NOT_FOUND).json(re);
    }).exception(FieldException.class, (e, ctx) -> {
        RadarError re = new RadarError(e.getMessage(), e.getDetails(), true);
        ctx.status(HttpServletResponse.SC_BAD_REQUEST).json(re);
    }).exception(JsonFieldsException.class, (e, ctx) -> {
        RadarError re = new RadarError(e.getMessage(), e.getDetails(), true);
        ctx.status(HttpServletResponse.SC_BAD_REQUEST).json(re);
    }).exception(Exception.class, (e, ctx) -> {
        RadarError errResponse = new RadarError("System Error");
        logger.log(Level.WARNING, String.format("error on request[%s]: %s", errResponse.getIncidentIdentifier(), ctx.req.getRequestURI()), e);
        ctx.status(500);
        ctx.contentType(ContentType.APPLICATION_JSON.toString());
        ctx.json(errResponse);
    }).routes(this::configureRoutes).javalinServlet();
}
Also used : AccessManager(io.javalin.core.security.AccessManager) CwmsAccessManager(cwms.radar.security.CwmsAccessManager) PoolController(cwms.radar.api.PoolController) Arrays(java.util.Arrays) Connection(java.sql.Connection) UnitSystem(cwms.radar.api.enums.UnitSystem) AccessManager(io.javalin.core.security.AccessManager) ServletException(javax.servlet.ServletException) CwmsAccessManager(cwms.radar.security.CwmsAccessManager) Javalin(io.javalin.Javalin) RatingController(cwms.radar.api.RatingController) LocationController(cwms.radar.api.LocationController) ApiBuilder.prefixPath(io.javalin.apibuilder.ApiBuilder.prefixPath) NotFoundException(cwms.radar.api.NotFoundException) RouteRole(io.javalin.core.security.RouteRole) ApiBuilder.crud(io.javalin.apibuilder.ApiBuilder.crud) JavaTimeModule(com.fasterxml.jackson.datatype.jsr310.JavaTimeModule) BadRequestResponse(io.javalin.http.BadRequestResponse) Map(java.util.Map) PrintWriter(java.io.PrintWriter) RequiredFieldException(cwms.radar.api.errors.RequiredFieldException) OpenApiPlugin(io.javalin.plugin.openapi.OpenApiPlugin) ServletConfig(javax.servlet.ServletConfig) HttpServlet(javax.servlet.http.HttpServlet) ClobController(cwms.radar.api.ClobController) CrudHandlerKt(io.javalin.apibuilder.CrudHandlerKt) Resource(javax.annotation.Resource) JavalinServlet(io.javalin.http.JavalinServlet) ContentType(org.apache.http.entity.ContentType) TimeSeriesCategoryController(cwms.radar.api.TimeSeriesCategoryController) CrudFunction(io.javalin.apibuilder.CrudFunction) Logger(java.util.logging.Logger) Collectors(java.util.stream.Collectors) Handler(io.javalin.http.Handler) LocationCategoryController(cwms.radar.api.LocationCategoryController) FieldException(cwms.radar.api.errors.FieldException) FormattingException(cwms.radar.formatters.FormattingException) TimeZoneController(cwms.radar.api.TimeZoneController) Role(cwms.radar.security.Role) PolicyFactory(org.owasp.html.PolicyFactory) BlobController(cwms.radar.api.BlobController) Formats(cwms.radar.formatters.Formats) ApiBuilder.get(io.javalin.apibuilder.ApiBuilder.get) NotNull(org.jetbrains.annotations.NotNull) TimeSeriesController(cwms.radar.api.TimeSeriesController) ExclusiveFieldsException(cwms.radar.api.errors.ExclusiveFieldsException) ApiBuilder.staticInstance(io.javalin.apibuilder.ApiBuilder.staticInstance) MismatchedInputException(com.fasterxml.jackson.databind.exc.MismatchedInputException) CrudHandler(io.javalin.apibuilder.CrudHandler) JavalinValidation(io.javalin.core.validation.JavalinValidation) HtmlPolicyBuilder(org.owasp.html.HtmlPolicyBuilder) OpenApiOptions(io.javalin.plugin.openapi.OpenApiOptions) Level(java.util.logging.Level) PropertyNamingStrategies(com.fasterxml.jackson.databind.PropertyNamingStrategies) LevelsController(cwms.radar.api.LevelsController) UnitsController(cwms.radar.api.UnitsController) Meter(com.codahale.metrics.Meter) SQLException(java.sql.SQLException) HttpServletRequest(javax.servlet.http.HttpServletRequest) TimeSeriesGroupController(cwms.radar.api.TimeSeriesGroupController) DataSource(javax.sql.DataSource) ParametersController(cwms.radar.api.ParametersController) BasinController(cwms.radar.api.BasinController) CatalogController(cwms.radar.api.CatalogController) MetricRegistry(com.codahale.metrics.MetricRegistry) OfficeController(cwms.radar.api.OfficeController) HttpServletResponse(javax.servlet.http.HttpServletResponse) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Info(io.swagger.v3.oas.models.info.Info) IOException(java.io.IOException) RadarError(cwms.radar.api.errors.RadarError) LocationGroupController(cwms.radar.api.LocationGroupController) WebServlet(javax.servlet.annotation.WebServlet) MetricsServlet(com.codahale.metrics.servlets.MetricsServlet) JsonFieldsException(cwms.radar.api.errors.JsonFieldsException) PolicyFactory(org.owasp.html.PolicyFactory) JavaTimeModule(com.fasterxml.jackson.datatype.jsr310.JavaTimeModule) UnitSystem(cwms.radar.api.enums.UnitSystem) IOException(java.io.IOException) OpenApiPlugin(io.javalin.plugin.openapi.OpenApiPlugin) ServletException(javax.servlet.ServletException) NotFoundException(cwms.radar.api.NotFoundException) RequiredFieldException(cwms.radar.api.errors.RequiredFieldException) FieldException(cwms.radar.api.errors.FieldException) FormattingException(cwms.radar.formatters.FormattingException) ExclusiveFieldsException(cwms.radar.api.errors.ExclusiveFieldsException) MismatchedInputException(com.fasterxml.jackson.databind.exc.MismatchedInputException) SQLException(java.sql.SQLException) IOException(java.io.IOException) JsonFieldsException(cwms.radar.api.errors.JsonFieldsException) HtmlPolicyBuilder(org.owasp.html.HtmlPolicyBuilder) RadarError(cwms.radar.api.errors.RadarError) RequiredFieldException(cwms.radar.api.errors.RequiredFieldException) FieldException(cwms.radar.api.errors.FieldException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)

Aggregations

Meter (com.codahale.metrics.Meter)1 MetricRegistry (com.codahale.metrics.MetricRegistry)1 MetricsServlet (com.codahale.metrics.servlets.MetricsServlet)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 PropertyNamingStrategies (com.fasterxml.jackson.databind.PropertyNamingStrategies)1 MismatchedInputException (com.fasterxml.jackson.databind.exc.MismatchedInputException)1 JavaTimeModule (com.fasterxml.jackson.datatype.jsr310.JavaTimeModule)1 BasinController (cwms.radar.api.BasinController)1 BlobController (cwms.radar.api.BlobController)1 CatalogController (cwms.radar.api.CatalogController)1 ClobController (cwms.radar.api.ClobController)1 LevelsController (cwms.radar.api.LevelsController)1 LocationCategoryController (cwms.radar.api.LocationCategoryController)1 LocationController (cwms.radar.api.LocationController)1 LocationGroupController (cwms.radar.api.LocationGroupController)1 NotFoundException (cwms.radar.api.NotFoundException)1 OfficeController (cwms.radar.api.OfficeController)1 ParametersController (cwms.radar.api.ParametersController)1 PoolController (cwms.radar.api.PoolController)1 RatingController (cwms.radar.api.RatingController)1