Changeset 4207 for DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/AnnotationResource.java
- Timestamp:
- 12/19/13 14:36:04 (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/AnnotationResource.java
r4173 r4207 34 34 import java.io.IOException; 35 35 import java.net.URI; 36 import java.security.Principal;37 36 import java.sql.Timestamp; 38 37 import java.util.ArrayList; … … 52 51 import javax.ws.rs.core.Context; 53 52 import javax.ws.rs.core.MediaType; 54 import javax.ws.rs.core.SecurityContext;55 53 import javax.ws.rs.core.UriInfo; 56 54 import javax.ws.rs.ext.Providers; … … 61 59 import org.slf4j.Logger; 62 60 import org.slf4j.LoggerFactory; 61 import org.springframework.transaction.annotation.Transactional; 63 62 64 63 /** … … 68 67 @Component 69 68 @Path("/annotations") 69 @Transactional(rollbackFor = {Exception.class}) 70 70 public class AnnotationResource { 71 71 … … 110 110 @Path("{annotationid: " + BackendConstants.regExpIdentifier + "}") 111 111 @Secured("ROLE_USER") 112 public JAXBElement<Annotation> getAnnotation(@PathParam("annotationid") String ExternalIdentifier) { 112 @Transactional(readOnly = true) 113 public JAXBElement<Annotation> getAnnotation(@PathParam("annotationid") String ExternalIdentifier) throws IOException { 113 114 URI baseURI = uriInfo.getBaseUri(); 114 115 String baseURIstr = baseURI.toString(); … … 123 124 return rootElement; 124 125 } else { 125 try { 126 logger.error("FORBIDDEN-access attempt"); 127 httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN); 128 } catch (IOException ioe) { 129 logger.error("IOException: Cannot send server respond about unaithorized access."); 130 } 126 httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN); 131 127 return null; 132 128 } … … 139 135 @Path("{annotationid: " + BackendConstants.regExpIdentifier + "}/targets") 140 136 @Secured("ROLE_USER") 141 public JAXBElement<ReferenceList> getAnnotationTargets(@PathParam("annotationid") String ExternalIdentifier) { 137 @Transactional(readOnly = true) 138 public JAXBElement<ReferenceList> getAnnotationTargets(@PathParam("annotationid") String ExternalIdentifier) throws IOException { 142 139 dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString()); 143 140 final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(ExternalIdentifier)); … … 148 145 return new ObjectFactory().createTargetList(TargetList); 149 146 } else { 150 try { 151 logger.error("FORBIDDEN-access attempt"); 152 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); 153 } catch (IOException ioe) { 154 logger.error("IOException: Cannot send server respond about unaithorized access."); 155 } 147 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); 156 148 return null; 157 149 } … … 163 155 @Path("") 164 156 @Secured("ROLE_USER") 157 @Transactional(readOnly = true) 165 158 public JAXBElement<AnnotationInfoList> getFilteredAnnotations(@QueryParam("link") String link, 166 159 @QueryParam("text") String text, … … 175 168 UUID ownerExternalUUID = (ownerExternalId != null) ? UUID.fromString(ownerExternalId) : null; 176 169 String access = (permission != null) ? permission : default_permission; 177 final AnnotationInfoList annotationInfoList = dbIntegrityService.getFilteredAnnotationInfos(link, text, userID, access, namespace, ownerExternalUUID, after, before);170 final AnnotationInfoList annotationInfoList = dbIntegrityService.getFilteredAnnotationInfos(link, text, userID, makeAccessModeChain(access), namespace, ownerExternalUUID, after, before); 178 171 logger.info("getFilteredAnnotations method: OK"); 179 172 return new ObjectFactory().createAnnotationInfoList(annotationInfoList); … … 185 178 @Path("{annotationid: " + BackendConstants.regExpIdentifier + "}/permissions") 186 179 @Secured("ROLE_USER") 187 public JAXBElement<UserWithPermissionList> getAnnotationPermissions(@PathParam("annotationid") String ExternalIdentifier) { 180 @Transactional(readOnly = true) 181 public JAXBElement<UserWithPermissionList> getAnnotationPermissions(@PathParam("annotationid") String ExternalIdentifier) throws IOException { 188 182 dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString()); 189 183 final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(ExternalIdentifier)); … … 194 188 return new ObjectFactory().createPermissionList(permissionList); 195 189 } else { 196 try { 197 logger.error("FORBIDDEN-access attempt"); 198 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); 199 } catch (IOException ioe) { 200 logger.error("IOException: Cannot send server respond about unaithorized access."); 201 } 190 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); 202 191 return null; 203 192 } … … 210 199 @Path("{annotationid: " + BackendConstants.regExpIdentifier + "}") 211 200 @Secured("ROLE_USER") 212 public String deleteAnnotation(@PathParam("annotationid") String externalIdentifier) {201 public String deleteAnnotation(@PathParam("annotationid") String externalIdentifier) throws IOException { 213 202 dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString()); 214 203 final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(externalIdentifier)); … … 220 209 return result + " annotation(s) deleted."; 221 210 } else { 222 logger.error("FORBIDDEN-access attempt. Only the owner can delete an annotation."); 223 try { 224 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); 225 } catch (IOException ioe) { 226 logger.error("IOException: Cannot send server respond about unaithorized access."); 227 } 211 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); 228 212 return null; 229 213 } … … 237 221 @Path("") 238 222 @Secured("ROLE_USER") 239 public JAXBElement<ResponseBody> createAnnotation(Annotation annotation) {223 public JAXBElement<ResponseBody> createAnnotation(Annotation annotation) throws IOException { 240 224 dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString()); 241 225 final Number userID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser()); … … 252 236 @Path("{annotationid: " + BackendConstants.regExpIdentifier + "}") 253 237 @Secured("ROLE_USER") 254 public JAXBElement<ResponseBody> updateAnnotation(@PathParam("annotationid") String externalIdentifier, Annotation annotation) {238 public JAXBElement<ResponseBody> updateAnnotation(@PathParam("annotationid") String externalIdentifier, Annotation annotation) throws IOException { 255 239 String path = uriInfo.getBaseUri().toString(); 256 240 dbIntegrityService.setServiceURI(path); … … 269 253 270 254 } else { 271 logger.error("FORBIDDEN-access attempt."); 272 logger.error("The logged-in user is not authorised to alter this annotation. "); 273 try { 274 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); 275 } catch (IOException ioe) { 276 logger.error("IOException: Cannot send server respond about unaithorized access."); 277 } 278 return null; 279 } 280 281 } 282 255 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); 256 return null; 257 } 258 259 } 260 283 261 @PUT 284 262 @Consumes(MediaType.APPLICATION_XML) … … 286 264 @Path("{annotationid: " + BackendConstants.regExpIdentifier + "}/body") 287 265 @Secured("ROLE_USER") 288 public JAXBElement<ResponseBody> updateAnnotationBody(@PathParam("annotationid") String externalIdentifier, AnnotationBody annotationBody) {266 public JAXBElement<ResponseBody> updateAnnotationBody(@PathParam("annotationid") String externalIdentifier, AnnotationBody annotationBody) throws IOException { 289 267 String path = uriInfo.getBaseUri().toString(); 290 268 dbIntegrityService.setServiceURI(path); 291 269 292 270 final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(externalIdentifier)); 293 271 final Number userID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser()); … … 296 274 logger.info("updateAnnotationBody method: OK"); 297 275 return new ObjectFactory().createResponseBody(makeAnnotationResponseEnvelope(annotationID)); 298 299 } else { 300 logger.error("FORBIDDEN-access attempt."); 301 logger.error("The logged-in user is not authorised to alter this annotation. "); 302 try { 303 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); 304 } catch (IOException ioe) { 305 logger.error("IOException: Cannot send server respond about unaithorized access."); 306 } 276 } else { 277 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); 307 278 return null; 308 279 } … … 315 286 @Path("{annotationid: " + BackendConstants.regExpIdentifier + "}/permissions/{userid: " + BackendConstants.regExpIdentifier + "}") 316 287 @Secured("ROLE_USER") 317 public String updatePermission(@PathParam("annotationid") String annotationExternalId, @PathParam("userid") String userExternalId, Permission permission) {288 public String updatePermission(@PathParam("annotationid") String annotationExternalId, @PathParam("userid") String userExternalId, Permission permission) throws IOException { 318 289 dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString()); 319 290 final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(annotationExternalId)); … … 328 299 329 300 } else { 330 logger.error("FORBIDDEN-access attempt"); 331 logger.error("The logged-in user is not authorised to alter this annotation. "); 332 try { 333 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); 334 } catch (IOException ioe) { 335 logger.error("IOException: Cannot send server respond about unaithorized access."); 336 } 301 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); 337 302 return null; 338 303 } … … 344 309 @Path("{annotationid: " + BackendConstants.regExpIdentifier + "}/permissions/") 345 310 @Secured("ROLE_USER") 346 public JAXBElement<ResponseBody> updatePermissions(@PathParam("annotationid") String annotationExternalId, UserWithPermissionList permissions) {311 public JAXBElement<ResponseBody> updatePermissions(@PathParam("annotationid") String annotationExternalId, UserWithPermissionList permissions) throws IOException { 347 312 dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString()); 348 313 final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(annotationExternalId)); … … 353 318 return new ObjectFactory().createResponseBody(makePermissionResponseEnvelope(annotationID)); 354 319 } else { 355 logger.error("FORBIDDEN-access attempt"); 356 logger.error("The logged-in user is not authorised to alter this annotation. "); 357 try { 358 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); 359 } catch (IOException ioe) { 360 logger.error("IOException: Cannot send server respond about unaithorized access."); 361 } 320 httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); 362 321 return null; 363 322 } … … 390 349 } 391 350 351 // REFACTOR : move to the integrity service all te methods below 392 352 private List<Action> makeActionList(List<String> resourceURIs, String message) { 393 353 if (resourceURIs != null) { … … 435 395 } 436 396 } 397 398 private String[] makeAccessModeChain(String accessMode) { 399 if (accessMode != null) { 400 if (accessMode == Permission.OWNER.value()) { 401 String[] result = new String[1]; 402 result[0] = accessMode; 403 return result; 404 } else { 405 if (accessMode == Permission.WRITER.value()) { 406 String[] result = new String[2]; 407 result[0] = Permission.WRITER.value(); 408 result[1] = Permission.OWNER.value(); 409 return result; 410 } else { 411 if (accessMode == Permission.READER.value()) { 412 String[] result = new String[3]; 413 result[0] = Permission.READER.value(); 414 result[1] = Permission.WRITER.value(); 415 result[2] = Permission.OWNER.value(); 416 return result; 417 } else { 418 logger.error("Invalide access " + accessMode); 419 return null; 420 } 421 422 } 423 } 424 425 } else { 426 return null; 427 } 428 } 437 429 }
Note: See TracChangeset
for help on using the changeset viewer.