Example 1 with AccessManager
use of io.javalin.core.security.AccessManager in project cwms-radar-api by USACE.
the class ApiServlet method init.
@Override
public void init() throws ServletException {
String context = this.getServletContext().getContextPath();
PolicyFactory sanitizer = new HtmlPolicyBuilder().disallowElements("<script>").toFactory();
ObjectMapper om = new ObjectMapper();
JavalinValidation.register(UnitSystem.class, UnitSystem::systemFor);
om.setPropertyNamingStrategy(PropertyNamingStrategies.KEBAB_CASE);
// Needed in Java 8 to properly format java.time classes
om.registerModule(new JavaTimeModule());
AccessManager accessManager = buildAccessManager();
javalin = Javalin.createStandalone(config -> {
config.defaultContentType = "application/json";
config.contextPath = context;
config.registerPlugin(new OpenApiPlugin(getOpenApiOptions()));
config.enableDevLogging();
config.requestLogger((ctx, ms) -> logger.finest(ctx.toString()));
config.accessManager(accessManager);
}).attribute("PolicyFactory", sanitizer).attribute("ObjectMapper", om).before(ctx -> {
ctx.attribute("sanitizer", sanitizer);
ctx.header("X-Content-Type-Options", "nosniff");
ctx.header("X-Frame-Options", "SAMEORIGIN");
ctx.header("X-XSS-Protection", "1; mode=block");
}).exception(FormattingException.class, (fe, ctx) -> {
final RadarError re = new RadarError("Formatting error");
if (fe.getCause() instanceof IOException) {
ctx.status(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} else {
ctx.status(HttpServletResponse.SC_NOT_IMPLEMENTED);
}
logger.log(Level.SEVERE, fe, () -> re + "for request: " + ctx.fullUrl());
ctx.json(re);
}).exception(UnsupportedOperationException.class, (e, ctx) -> {
final RadarError re = RadarError.notImplemented();
logger.log(Level.WARNING, e, () -> re + "for request: " + ctx.fullUrl());
ctx.status(HttpServletResponse.SC_NOT_IMPLEMENTED).json(re);
}).exception(BadRequestResponse.class, (e, ctx) -> {
RadarError re = new RadarError("Bad Request", e.getDetails());
logger.log(Level.INFO, re.toString(), e);
ctx.status(e.getStatus()).json(re);
}).exception(IllegalArgumentException.class, (e, ctx) -> {
RadarError re = new RadarError("Bad Request");
logger.log(Level.INFO, re.toString(), e);
ctx.status(HttpServletResponse.SC_BAD_REQUEST).json(re);
}).exception(NotFoundException.class, (e, ctx) -> {
RadarError re = new RadarError("Not Found.");
logger.log(Level.INFO, re.toString(), e);
ctx.status(HttpServletResponse.SC_NOT_FOUND).json(re);
}).exception(FieldException.class, (e, ctx) -> {
RadarError re = new RadarError(e.getMessage(), e.getDetails(), true);
ctx.status(HttpServletResponse.SC_BAD_REQUEST).json(re);
}).exception(JsonFieldsException.class, (e, ctx) -> {
RadarError re = new RadarError(e.getMessage(), e.getDetails(), true);
ctx.status(HttpServletResponse.SC_BAD_REQUEST).json(re);
}).exception(Exception.class, (e, ctx) -> {
RadarError errResponse = new RadarError("System Error");
logger.log(Level.WARNING, String.format("error on request[%s]: %s", errResponse.getIncidentIdentifier(), ctx.req.getRequestURI()), e);
ctx.status(500);
ctx.contentType(ContentType.APPLICATION_JSON.toString());
ctx.json(errResponse);
}).routes(this::configureRoutes).javalinServlet();
}
Also used :
AccessManager(io.javalin.core.security.AccessManager)
CwmsAccessManager(cwms.radar.security.CwmsAccessManager)
PoolController(cwms.radar.api.PoolController)
Arrays(java.util.Arrays)
Connection(java.sql.Connection)
UnitSystem(cwms.radar.api.enums.UnitSystem)
AccessManager(io.javalin.core.security.AccessManager)
ServletException(javax.servlet.ServletException)
CwmsAccessManager(cwms.radar.security.CwmsAccessManager)
Javalin(io.javalin.Javalin)
RatingController(cwms.radar.api.RatingController)
LocationController(cwms.radar.api.LocationController)
ApiBuilder.prefixPath(io.javalin.apibuilder.ApiBuilder.prefixPath)
NotFoundException(cwms.radar.api.NotFoundException)
RouteRole(io.javalin.core.security.RouteRole)
ApiBuilder.crud(io.javalin.apibuilder.ApiBuilder.crud)
JavaTimeModule(com.fasterxml.jackson.datatype.jsr310.JavaTimeModule)
BadRequestResponse(io.javalin.http.BadRequestResponse)
Map(java.util.Map)
PrintWriter(java.io.PrintWriter)
RequiredFieldException(cwms.radar.api.errors.RequiredFieldException)
OpenApiPlugin(io.javalin.plugin.openapi.OpenApiPlugin)
ServletConfig(javax.servlet.ServletConfig)
HttpServlet(javax.servlet.http.HttpServlet)
ClobController(cwms.radar.api.ClobController)
CrudHandlerKt(io.javalin.apibuilder.CrudHandlerKt)
Resource(javax.annotation.Resource)
JavalinServlet(io.javalin.http.JavalinServlet)
ContentType(org.apache.http.entity.ContentType)
TimeSeriesCategoryController(cwms.radar.api.TimeSeriesCategoryController)
CrudFunction(io.javalin.apibuilder.CrudFunction)
Logger(java.util.logging.Logger)
Collectors(java.util.stream.Collectors)
Handler(io.javalin.http.Handler)
LocationCategoryController(cwms.radar.api.LocationCategoryController)
FieldException(cwms.radar.api.errors.FieldException)
FormattingException(cwms.radar.formatters.FormattingException)
TimeZoneController(cwms.radar.api.TimeZoneController)
Role(cwms.radar.security.Role)
PolicyFactory(org.owasp.html.PolicyFactory)
BlobController(cwms.radar.api.BlobController)
Formats(cwms.radar.formatters.Formats)
ApiBuilder.get(io.javalin.apibuilder.ApiBuilder.get)
NotNull(org.jetbrains.annotations.NotNull)
TimeSeriesController(cwms.radar.api.TimeSeriesController)
ExclusiveFieldsException(cwms.radar.api.errors.ExclusiveFieldsException)
ApiBuilder.staticInstance(io.javalin.apibuilder.ApiBuilder.staticInstance)
MismatchedInputException(com.fasterxml.jackson.databind.exc.MismatchedInputException)
CrudHandler(io.javalin.apibuilder.CrudHandler)
JavalinValidation(io.javalin.core.validation.JavalinValidation)
HtmlPolicyBuilder(org.owasp.html.HtmlPolicyBuilder)
OpenApiOptions(io.javalin.plugin.openapi.OpenApiOptions)
Level(java.util.logging.Level)
PropertyNamingStrategies(com.fasterxml.jackson.databind.PropertyNamingStrategies)
LevelsController(cwms.radar.api.LevelsController)
UnitsController(cwms.radar.api.UnitsController)
Meter(com.codahale.metrics.Meter)
SQLException(java.sql.SQLException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
TimeSeriesGroupController(cwms.radar.api.TimeSeriesGroupController)
DataSource(javax.sql.DataSource)
ParametersController(cwms.radar.api.ParametersController)
BasinController(cwms.radar.api.BasinController)
CatalogController(cwms.radar.api.CatalogController)
MetricRegistry(com.codahale.metrics.MetricRegistry)
OfficeController(cwms.radar.api.OfficeController)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Info(io.swagger.v3.oas.models.info.Info)
IOException(java.io.IOException)
RadarError(cwms.radar.api.errors.RadarError)
LocationGroupController(cwms.radar.api.LocationGroupController)
WebServlet(javax.servlet.annotation.WebServlet)
MetricsServlet(com.codahale.metrics.servlets.MetricsServlet)
JsonFieldsException(cwms.radar.api.errors.JsonFieldsException)
PolicyFactory(org.owasp.html.PolicyFactory)
JavaTimeModule(com.fasterxml.jackson.datatype.jsr310.JavaTimeModule)
UnitSystem(cwms.radar.api.enums.UnitSystem)
IOException(java.io.IOException)
OpenApiPlugin(io.javalin.plugin.openapi.OpenApiPlugin)
ServletException(javax.servlet.ServletException)
NotFoundException(cwms.radar.api.NotFoundException)
RequiredFieldException(cwms.radar.api.errors.RequiredFieldException)
FieldException(cwms.radar.api.errors.FieldException)
FormattingException(cwms.radar.formatters.FormattingException)
ExclusiveFieldsException(cwms.radar.api.errors.ExclusiveFieldsException)
MismatchedInputException(com.fasterxml.jackson.databind.exc.MismatchedInputException)
SQLException(java.sql.SQLException)
IOException(java.io.IOException)
JsonFieldsException(cwms.radar.api.errors.JsonFieldsException)
HtmlPolicyBuilder(org.owasp.html.HtmlPolicyBuilder)
RadarError(cwms.radar.api.errors.RadarError)
RequiredFieldException(cwms.radar.api.errors.RequiredFieldException)
FieldException(cwms.radar.api.errors.FieldException)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Aggregations
Meter (com.codahale.metrics.Meter)1
MetricRegistry (com.codahale.metrics.MetricRegistry)1
MetricsServlet (com.codahale.metrics.servlets.MetricsServlet)1
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
PropertyNamingStrategies (com.fasterxml.jackson.databind.PropertyNamingStrategies)1
MismatchedInputException (com.fasterxml.jackson.databind.exc.MismatchedInputException)1
JavaTimeModule (com.fasterxml.jackson.datatype.jsr310.JavaTimeModule)1
BasinController (cwms.radar.api.BasinController)1
BlobController (cwms.radar.api.BlobController)1
CatalogController (cwms.radar.api.CatalogController)1
ClobController (cwms.radar.api.ClobController)1
LevelsController (cwms.radar.api.LevelsController)1
LocationCategoryController (cwms.radar.api.LocationCategoryController)1
LocationController (cwms.radar.api.LocationController)1
LocationGroupController (cwms.radar.api.LocationGroupController)1
NotFoundException (cwms.radar.api.NotFoundException)1
OfficeController (cwms.radar.api.OfficeController)1
ParametersController (cwms.radar.api.ParametersController)1
PoolController (cwms.radar.api.PoolController)1
RatingController (cwms.radar.api.RatingController)1
