use of io.javalin.core.security.AccessManager in project cwms-radar-api by USACE.
the class ApiServlet method init.
@Override
public void init() throws ServletException {
String context = this.getServletContext().getContextPath();
PolicyFactory sanitizer = new HtmlPolicyBuilder().disallowElements("<script>").toFactory();
ObjectMapper om = new ObjectMapper();
JavalinValidation.register(UnitSystem.class, UnitSystem::systemFor);
om.setPropertyNamingStrategy(PropertyNamingStrategies.KEBAB_CASE);
// Needed in Java 8 to properly format java.time classes
om.registerModule(new JavaTimeModule());
AccessManager accessManager = buildAccessManager();
javalin = Javalin.createStandalone(config -> {
config.defaultContentType = "application/json";
config.contextPath = context;
config.registerPlugin(new OpenApiPlugin(getOpenApiOptions()));
config.enableDevLogging();
config.requestLogger((ctx, ms) -> logger.finest(ctx.toString()));
config.accessManager(accessManager);
}).attribute("PolicyFactory", sanitizer).attribute("ObjectMapper", om).before(ctx -> {
ctx.attribute("sanitizer", sanitizer);
ctx.header("X-Content-Type-Options", "nosniff");
ctx.header("X-Frame-Options", "SAMEORIGIN");
ctx.header("X-XSS-Protection", "1; mode=block");
}).exception(FormattingException.class, (fe, ctx) -> {
final RadarError re = new RadarError("Formatting error");
if (fe.getCause() instanceof IOException) {
ctx.status(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} else {
ctx.status(HttpServletResponse.SC_NOT_IMPLEMENTED);
}
logger.log(Level.SEVERE, fe, () -> re + "for request: " + ctx.fullUrl());
ctx.json(re);
}).exception(UnsupportedOperationException.class, (e, ctx) -> {
final RadarError re = RadarError.notImplemented();
logger.log(Level.WARNING, e, () -> re + "for request: " + ctx.fullUrl());
ctx.status(HttpServletResponse.SC_NOT_IMPLEMENTED).json(re);
}).exception(BadRequestResponse.class, (e, ctx) -> {
RadarError re = new RadarError("Bad Request", e.getDetails());
logger.log(Level.INFO, re.toString(), e);
ctx.status(e.getStatus()).json(re);
}).exception(IllegalArgumentException.class, (e, ctx) -> {
RadarError re = new RadarError("Bad Request");
logger.log(Level.INFO, re.toString(), e);
ctx.status(HttpServletResponse.SC_BAD_REQUEST).json(re);
}).exception(NotFoundException.class, (e, ctx) -> {
RadarError re = new RadarError("Not Found.");
logger.log(Level.INFO, re.toString(), e);
ctx.status(HttpServletResponse.SC_NOT_FOUND).json(re);
}).exception(FieldException.class, (e, ctx) -> {
RadarError re = new RadarError(e.getMessage(), e.getDetails(), true);
ctx.status(HttpServletResponse.SC_BAD_REQUEST).json(re);
}).exception(JsonFieldsException.class, (e, ctx) -> {
RadarError re = new RadarError(e.getMessage(), e.getDetails(), true);
ctx.status(HttpServletResponse.SC_BAD_REQUEST).json(re);
}).exception(Exception.class, (e, ctx) -> {
RadarError errResponse = new RadarError("System Error");
logger.log(Level.WARNING, String.format("error on request[%s]: %s", errResponse.getIncidentIdentifier(), ctx.req.getRequestURI()), e);
ctx.status(500);
ctx.contentType(ContentType.APPLICATION_JSON.toString());
ctx.json(errResponse);
}).routes(this::configureRoutes).javalinServlet();
}
Aggregations