X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fcontroller%2FAuxApiRequestMapperController.java;h=9acb8833c6cc8b3dc90cbba052281838e947a815;hb=e27e8a75ca9d92b6694b109f3e5d3c79ce673473;hp=60c25c653b2156b5caafd6fe44bf75e8f552107d;hpb=2edaa4d6a5f7066e0c718f85a7bf7b8dabd0c59b;p=portal.git diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperController.java index 60c25c65..9acb8833 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperController.java @@ -36,6 +36,8 @@ */ package org.onap.portalapp.portal.controller; +import com.fasterxml.jackson.databind.ObjectMapper; +import io.swagger.annotations.ApiOperation; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.util.ArrayList; @@ -44,13 +46,13 @@ import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.jar.Attributes; import java.util.regex.Matcher; import java.util.regex.Pattern; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - +import org.onap.aaf.cadi.aaf.AAFPermission; import org.onap.portalapp.annotation.ApiVersion; import org.onap.portalapp.externalsystemapproval.model.ExternalSystemUser; import org.onap.portalapp.portal.domain.CentralV2RoleFunction; @@ -66,6 +68,8 @@ import org.onap.portalapp.portal.transport.EpNotificationItem; import org.onap.portalapp.portal.transport.FavoritesFunctionalMenuItemJson; import org.onap.portalapp.portal.transport.FunctionalMenuItem; import org.onap.portalapp.portal.transport.OnboardingApp; +import org.onap.portalapp.validation.DataValidator; +import org.onap.portalapp.validation.SecureString; import org.onap.portalsdk.core.domain.Role; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.onboarding.crossapi.PortalAPIResponse; @@ -75,27 +79,28 @@ import org.springframework.beans.BeansException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContextAware; +import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; -import com.fasterxml.jackson.databind.ObjectMapper; - -import io.swagger.annotations.ApiOperation; - @RestController @RequestMapping("/auxapi") -@org.springframework.context.annotation.Configuration +@Configuration @EnableAspectJAutoProxy @EPAuditLog public class AuxApiRequestMapperController implements ApplicationContextAware, BasicAuthenticationController { private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AuxApiRequestMapperController.class); + private DataValidator dataValidator = new DataValidator(); ApplicationContext context = null; int minorVersion = 0; @@ -104,9 +109,16 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B private ManifestService manifestService; @ApiOperation(value = "Gets user roles for an application which is upgraded to newer version.", response = String.class, responseContainer = "List") - @RequestMapping(value = { "/v3/user/{loginId}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v3/user/{loginId}" }, produces = "application/json") public String getUser(HttpServletRequest request, HttpServletResponse response, @PathVariable("loginId") String loginId) throws Exception { + if (loginId!=null){ + SecureString secureLoginId = new SecureString(loginId); + if (!dataValidator.isValid(secureLoginId)) + return "Provided data is not valid"; + } + + Map res = getMethod(request, response); String answer = null; try { @@ -119,7 +131,7 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Gets roles for an application which is upgraded to newer version.", response = CentralV2Role.class, responseContainer = "Json") - @RequestMapping(value = { "/v3/roles" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v3/roles" }, produces = "application/json") public List getRoles(HttpServletRequest request, HttpServletResponse response) throws Exception { Map res = getMethod(request, response); request.getMethod(); @@ -134,7 +146,7 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Saves role for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/v3/role" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { "/v3/role" }, produces = "application/json") public PortalRestResponse saveRole(HttpServletRequest request, HttpServletResponse response, @RequestBody Role role) throws Exception { Map res = getMethod(request, response); @@ -149,7 +161,7 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B } @ApiOperation(value = "Gets v2 role information for an application which is upgraded to newer version.", response = CentralV2Role.class, responseContainer = "Json") - @RequestMapping(value = { "/v3/role/{role_id}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v3/role/{role_id}" }, produces = "application/json") public CentralV2Role getRoleInfo(HttpServletRequest request, HttpServletResponse response, @PathVariable("role_id") Long roleId) throws Exception { Map res = getMethod(request, response); @@ -165,7 +177,7 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Gets all active Users of application", response = String.class, responseContainer = "Json") - @RequestMapping(value = { "/v3/users" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v3/users" }, produces = "application/json") public List getUsersOfApplication(HttpServletRequest request, HttpServletResponse response) throws Exception { Map res = getMethod(request, response); @@ -180,7 +192,7 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Gets all role functions for an application which is upgraded to newer version.", response = CentralV2RoleFunction.class, responseContainer = "Json") - @RequestMapping(value = { "/v3/functions" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v3/functions" }, produces = "application/json") public List getRoleFunctionsList(HttpServletRequest request, HttpServletResponse response) throws Exception { Map res = getMethod(request, response); @@ -194,9 +206,15 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B } @ApiOperation(value = "Gets role information for an application provided by function code.", response = CentralV2RoleFunction.class, responseContainer = "Json") - @RequestMapping(value = { "/v3/function/{code}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v3/function/{code}" }, produces = "application/json") public CentralV2RoleFunction getRoleFunction(HttpServletRequest request, HttpServletResponse response, @PathVariable("code") String code) throws Exception { + if (code!=null){ + SecureString secureCode = new SecureString(code); + if (!dataValidator.isValid(secureCode)) + return new CentralV2RoleFunction(); + } + Map res = getMethod(request, response); CentralV2RoleFunction roleFunction = null; try { @@ -209,26 +227,42 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Saves role function for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/v3/roleFunction" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { "/v3/roleFunction" }, produces = "application/json") public PortalRestResponse saveRoleFunction(HttpServletRequest request, HttpServletResponse response, @RequestBody String roleFunc) throws Exception { - PortalRestResponse result = null; + if (roleFunc!=null){ + SecureString secureRoleFunc = new SecureString(roleFunc); + if(!dataValidator.isValid(secureRoleFunc)) + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Provided data is not valid", "Failed"); + } + Optional> result = null; Map res = getMethod(request, response); try { - result = (PortalRestResponse) invokeMethod(res, request, response, roleFunc); - return result; + result = Optional.ofNullable((PortalRestResponse) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed", new Exception("saveRoleFunction failed")); + return new PortalRestResponse(PortalRestStatusEnum.ERROR, "saveRoleFunction failed", "Failed"); + } } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); } + return result.get(); } @SuppressWarnings("unchecked") @ApiOperation(value = "Deletes role function for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/v3/roleFunction/{code}" }, method = RequestMethod.DELETE, produces = "application/json") + @DeleteMapping(value = { "/v3/roleFunction/{code}" }, produces = "application/json") public PortalRestResponse deleteRoleFunction(HttpServletRequest request, HttpServletResponse response, @PathVariable("code") String code) throws Exception { PortalRestResponse result = null; + + if (code!=null){ + SecureString secureCode = new SecureString(code); + if(!dataValidator.isValid(secureCode)) + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Provided data is not valid", "Failed"); + } + Map res = getMethod(request, response); try { result = (PortalRestResponse) invokeMethod(res, request, response, code); @@ -241,7 +275,7 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "deletes roles for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/v3/deleteRole/{roleId}" }, method = RequestMethod.DELETE, produces = "application/json") + @DeleteMapping(value = { "/v3/deleteRole/{roleId}" }, produces = "application/json") public PortalRestResponse deleteRole(HttpServletRequest request, HttpServletResponse response, @PathVariable("roleId") Long roleId) throws Exception { PortalRestResponse result = null; @@ -251,13 +285,13 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B return result; } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "deleteRole failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); } } @SuppressWarnings("unchecked") @ApiOperation(value = "Gets active roles for an application.", response = CentralV2Role.class, responseContainer = "Json") - @RequestMapping(value = { "/v3/activeRoles" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v3/activeRoles" }, produces = "application/json") public List getActiveRoles(HttpServletRequest request, HttpServletResponse response) throws Exception { List cenRole = null; @@ -271,10 +305,18 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B } @ApiOperation(value = "Gets ecompUser of an application.", response = CentralUser.class, responseContainer = "List") - @RequestMapping(value = { "/v4/user/{loginId}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v4/user/{loginId}" }, produces = "application/json") public String getEcompUser(HttpServletRequest request, HttpServletResponse response, @PathVariable("loginId") String loginId) throws Exception { Map res = getMethod(request, response); + + if (loginId!=null){ + SecureString secureLoginId = new SecureString(loginId); + + if (!dataValidator.isValid(secureLoginId)) + return null; + } + String answer = null; try { answer = (String) invokeMethod(res, request, response, loginId); @@ -286,7 +328,7 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Gets user ecomp role for an application.", response = CentralUser.class, responseContainer = "List") - @RequestMapping(value = { "/v4/roles" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v4/roles" }, produces = "application/json") public List getEcompRolesOfApplication(HttpServletRequest request, HttpServletResponse response) throws Exception { Map res = getMethod(request, response); @@ -300,8 +342,8 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B } @ApiOperation(value = "Gets session slot-check interval, a duration in milliseconds.", response = Integer.class) - @RequestMapping(value = { - "/v3/getSessionSlotCheckInterval" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/v3/getSessionSlotCheckInterval" }, produces = "application/json") public Integer getSessionSlotCheckInterval(HttpServletRequest request, HttpServletResponse response) throws Exception { Map res = getMethod(request, response); @@ -315,9 +357,17 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B } @ApiOperation(value = "Extends session timeout values for all on-boarded applications.", response = Boolean.class) - @RequestMapping(value = { "/v3/extendSessionTimeOuts" }, method = RequestMethod.POST) + @PostMapping(value = { "/v3/extendSessionTimeOuts" }) public Boolean extendSessionTimeOuts(HttpServletRequest request, HttpServletResponse response, @RequestParam String sessionMap) throws Exception { + + if (sessionMap!=null){ + SecureString secureSessionMap = new SecureString(sessionMap); + if (!dataValidator.isValid(secureSessionMap)){ + return null; + } + } + Map res = getMethod(request, response); Boolean ans = null; try { @@ -329,7 +379,7 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B } @ApiOperation(value = "Gets javascript with functions that support gathering and reporting web analytics.", response = String.class) - @RequestMapping(value = { "/v3/analytics" }, method = RequestMethod.GET, produces = "application/javascript") + @GetMapping(value = { "/v3/analytics" }, produces = "application/javascript") public String getAnalyticsScript(HttpServletRequest request, HttpServletResponse response) throws Exception { Map res = getMethod(request, response); String ans = null; @@ -341,11 +391,17 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B return ans; } - @RequestMapping(value = { "/v3/storeAnalytics" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { "/v3/storeAnalytics" }, produces = "application/json") @ResponseBody @ApiOperation(value = "Accepts data from partner applications with web analytics data.", response = PortalAPIResponse.class) public PortalAPIResponse storeAnalyticsScript(HttpServletRequest request, HttpServletResponse response, @RequestBody Analytics analyticsMap) throws Exception { + + if (analyticsMap!=null){ + if (!dataValidator.isValid(analyticsMap)) + return new PortalAPIResponse(false, "analyticsScript is not valid"); + } + Map res = getMethod(request, response); PortalAPIResponse ans = new PortalAPIResponse(true, "error"); try { @@ -359,32 +415,39 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Bulk upload functions for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { - "/v3/upload/portal/functions" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { + "/v3/upload/portal/functions" }, produces = "application/json") public PortalRestResponse bulkUploadFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { - PortalRestResponse result = null; + Optional> result = null; Map res = getMethod(request, response); try { - result = (PortalRestResponse) invokeMethod(res, request, response); - return result; + result = Optional.ofNullable((PortalRestResponse) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadFunctions", new Exception("Failed to bulkUploadFunctions")); + return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed"); + } } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadFunctions failed", e); return new PortalRestResponse(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); } - + return result.get(); } @SuppressWarnings("unchecked") @ApiOperation(value = "Bulk upload roles for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/v3/upload/portal/roles" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { "/v3/upload/portal/roles" }, produces = "application/json") public PortalRestResponse bulkUploadRoles(HttpServletRequest request, HttpServletResponse response) throws Exception { - PortalRestResponse result = null; + Optional> result; Map res = getMethod(request, response); try { - result = (PortalRestResponse) invokeMethod(res, request, response); - return result; + result = Optional.ofNullable((PortalRestResponse) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadRoles", new Exception("Failed to bulkUploadRoles")); + return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed"); + } + return result.get(); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles failed", e); return new PortalRestResponse(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); @@ -393,15 +456,19 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Bulk upload role functions for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { - "/v3/upload/portal/roleFunctions" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { + "/v3/upload/portal/roleFunctions" }, produces = "application/json") public PortalRestResponse bulkUploadRoleFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { - PortalRestResponse result = null; + Optional> result; Map res = getMethod(request, response); try { - result = (PortalRestResponse) invokeMethod(res, request, response); - return result; + result = Optional.ofNullable((PortalRestResponse) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadRoleFunctions", new Exception("Failed to bulkUploadRoleFunctions")); + return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoleFunctions", "Failed"); + } + return result.get(); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoleFunctions failed", e); return new PortalRestResponse(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); @@ -410,15 +477,19 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Bulk upload user roles for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { - "/v3/upload/portal/userRoles" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { + "/v3/upload/portal/userRoles" }, produces = "application/json") public PortalRestResponse bulkUploadUserRoles(HttpServletRequest request, HttpServletResponse response) throws Exception { - PortalRestResponse result = null; + Optional> result; Map res = getMethod(request, response); try { - result = (PortalRestResponse) invokeMethod(res, request, response); - return result; + result = Optional.ofNullable((PortalRestResponse) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadUserRoles", new Exception("Failed to bulkUploadUserRoles")); + return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUserRoles", "Failed"); + } + return result.get(); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadUserRoles failed", e); return new PortalRestResponse(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); @@ -428,15 +499,19 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Bulk upload users for renamed role of an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { - "/v3/upload/portal/userRole/{roleId}" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { + "/v3/upload/portal/userRole/{roleId}" }, produces = "application/json") public PortalRestResponse bulkUploadUsersSingleRole(HttpServletRequest request, HttpServletResponse response, @PathVariable Long roleId) throws Exception { - PortalRestResponse result = null; + Optional> result = null; Map res = getMethod(request, response); try { - result = (PortalRestResponse) invokeMethod(res, request, response, roleId); - return result; + result = Optional.ofNullable((PortalRestResponse) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadUsersSingleRole", new Exception("Failed to bulkUploadUsersSingleRole")); + return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUsersSingleRole", "Failed"); + } + return result.get(); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadUsersSingleRole failed", e); return new PortalRestResponse(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); @@ -445,15 +520,19 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Bulk upload functions for an partner application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { - "/v3/upload/partner/functions" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { + "/v3/upload/partner/functions" }, produces = "application/json") public PortalRestResponse bulkUploadPartnerFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { - PortalRestResponse result = null; + Optional> result = null; Map res = getMethod(request, response); try { - result = (PortalRestResponse) invokeMethod(res, request, response); - return result; + result = Optional.ofNullable((PortalRestResponse) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadPartnerRoleFunctions", new Exception("Failed to bulkUploadPartnerRoleFunctions")); + return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadPartnerRoleFunctions", "Failed"); + } + return result.get(); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerFunctions failed", e); return new PortalRestResponse(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); @@ -463,14 +542,18 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B // not using @SuppressWarnings("unchecked") @ApiOperation(value = "Bulk upload roles for an partner application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/v3/upload/partner/roles" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { "/v3/upload/partner/roles" }, produces = "application/json") public PortalRestResponse bulkUploadPartnerRoles(HttpServletRequest request, HttpServletResponse response, @RequestBody List upload) throws Exception { - PortalRestResponse result = null; + Optional> result = null; Map res = getMethod(request, response); try { - result = (PortalRestResponse) invokeMethod(res, request, response, upload); - return result; + result = Optional.ofNullable((PortalRestResponse) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadRoles", new Exception("Failed to bulkUploadRoles")); + return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed"); + } + return result.get(); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerRoles failed", e); return new PortalRestResponse(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); @@ -479,15 +562,19 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Bulk upload role functions for an partner application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { - "/v3/upload/partner/roleFunctions" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { + "/v3/upload/partner/roleFunctions" }, produces = "application/json") public PortalRestResponse bulkUploadPartnerRoleFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { - PortalRestResponse result = null; + Optional> result = null; Map res = getMethod(request, response); try { - result = (PortalRestResponse) invokeMethod(res, request, response); - return result; + result = Optional.ofNullable((PortalRestResponse) invokeMethod(res, request, response)); + if (!result.isPresent()){ + logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadPartnerRoleFunctions", new Exception("Failed to bulkUploadPartnerRoleFunctions")); + return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadPartnerRoleFunctions", "Failed"); + } + return result.get(); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerRoleFunctions failed", e); return new PortalRestResponse(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); @@ -496,7 +583,7 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Gets all functions along with global functions", response = List.class, responseContainer = "Json") - @RequestMapping(value = { "/v3/menuFunctions" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v3/menuFunctions" }, produces = "application/json") public List getMenuFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { List functionsList = null; Map res = getMethod(request, response); @@ -711,9 +798,15 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Creates an application user with the specified roles.", response = PortalRestResponse.class) - @RequestMapping(value = { "/v3/userProfile" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { "/v3/userProfile" }, produces = "application/json") public PortalRestResponse postUserProfile(HttpServletRequest request, @RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) { + + if (extSysUser!=null){ + if (!dataValidator.isValid(extSysUser)) + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed"); + } + PortalRestResponse result = null; Map res = getMethod(request, response); try { @@ -727,9 +820,15 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Updates an application user to have only the specified roles.", response = PortalRestResponse.class) - @RequestMapping(value = { "/v3/userProfile" }, method = RequestMethod.PUT, produces = "application/json") + @PutMapping(value = { "/v3/userProfile" }, produces = "application/json") public PortalRestResponse putUserProfile(HttpServletRequest request, @RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) { + + if (extSysUser!=null){ + if (!dataValidator.isValid(extSysUser)) + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed"); + } + PortalRestResponse result = null; Map res = getMethod(request, response); try { @@ -743,9 +842,15 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Processes a request to delete one or more application roles for one specified user who has roles.", response = PortalRestResponse.class) - @RequestMapping(value = { "/v3/userProfile" }, method = RequestMethod.DELETE, produces = "application/json") + @DeleteMapping(value = { "/v3/userProfile" }, produces = "application/json") public PortalRestResponse deleteUserProfile(HttpServletRequest request, @RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) { + + if (extSysUser!=null){ + if (!dataValidator.isValid(extSysUser)) + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed"); + } + PortalRestResponse result = null; Map res = getMethod(request, response); try { @@ -759,9 +864,16 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Accepts messages from external ticketing systems and creates notifications for Portal users.", response = PortalRestResponse.class) - @RequestMapping(value = { "/v3/ticketevent" }, method = RequestMethod.POST) + @PostMapping(value = { "/v3/ticketevent" }) public PortalRestResponse handleRequest(HttpServletRequest request, HttpServletResponse response, @RequestBody String ticketEventJson) throws Exception { + + if (ticketEventJson!=null){ + SecureString secureTicketEventJson = new SecureString(ticketEventJson); + if (!dataValidator.isValid(secureTicketEventJson)) + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ticketEventJson is not valid", "Failed"); + } + PortalRestResponse result = null; Map res = getMethod(request, response); try { @@ -775,10 +887,16 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Creates a new user as a Portal administrator.", response = PortalRestResponse.class) - @RequestMapping(value = "/v3/portalAdmin", method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = "/v3/portalAdmin", produces = "application/json") @ResponseBody public PortalRestResponse postPortalAdmin(HttpServletRequest request, HttpServletResponse response, @RequestBody EPUser epUser) { + + if (epUser!=null){ + if (!dataValidator.isValid(epUser)) + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "EPUser is not valid", "Failed"); + } + PortalRestResponse result = null; Map res = getMethod(request, response); try { @@ -791,7 +909,7 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B } @ApiOperation(value = "Gets the specified application that is on-boarded in Portal.", response = OnboardingApp.class) - @RequestMapping(value = { "/v3/onboardApp/{appId}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v3/onboardApp/{appId}" }, produces = "application/json") @ResponseBody public OnboardingApp getOnboardAppExternal(HttpServletRequest request, HttpServletResponse response, @PathVariable("appId") Long appId) { @@ -807,10 +925,16 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Adds a new application to Portal.", response = PortalRestResponse.class) - @RequestMapping(value = { "/v3/onboardApp" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { "/v3/onboardApp" }, produces = "application/json") @ResponseBody public PortalRestResponse postOnboardAppExternal(HttpServletRequest request, HttpServletResponse response, @RequestBody OnboardingApp newOnboardApp) { + + if (newOnboardApp!=null){ + if (!dataValidator.isValid(newOnboardApp)) + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "OnboardingApp is not valid", "Failed"); + } + PortalRestResponse result = new PortalRestResponse<>(); Map res = getMethod(request, response); try { @@ -825,11 +949,17 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Updates information about an on-boarded application in Portal.", response = PortalRestResponse.class) - @RequestMapping(value = { "/v3/onboardApp/{appId}" }, method = RequestMethod.PUT, produces = "application/json") + @PutMapping(value = { "/v3/onboardApp/{appId}" }, produces = "application/json") @ResponseBody public PortalRestResponse putOnboardAppExternal(HttpServletRequest request, HttpServletResponse response, @PathVariable("appId") Long appId, @RequestBody OnboardingApp oldOnboardApp) { - PortalRestResponse result = new PortalRestResponse<>(); + + if (oldOnboardApp!=null){ + if (!dataValidator.isValid(oldOnboardApp)) + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "OnboardingApp is not valid", "Failed"); + } + + PortalRestResponse result; Map res = getMethod(request, response); try { result = (PortalRestResponse) invokeMethod(res, request, response, appId, oldOnboardApp); @@ -841,15 +971,19 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B } @ApiOperation(value = "Creates a Portal user notification for roles identified in the content from an external application.", response = PortalAPIResponse.class) - @RequestMapping(value = { "/v3/publishNotification" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { "/v3/publishNotification" }, produces = "application/json") @ResponseBody public PortalAPIResponse publishNotification(HttpServletRequest request, - @RequestBody EpNotificationItem notificationItem, HttpServletResponse response) throws Exception { - PortalAPIResponse result = new PortalAPIResponse(true, "success"); + @RequestBody EpNotificationItem notificationItem, HttpServletResponse response) { + + if (notificationItem!=null){ + if (!dataValidator.isValid(notificationItem)) + return new PortalAPIResponse(false, "EpNotificationItem is not valid"); + } + Map res = getMethod(request, response); try { - result = (PortalAPIResponse) invokeMethod(res, request, response, notificationItem); - return result; + return (PortalAPIResponse) invokeMethod(res, request, response, notificationItem); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "publishNotification failed", e); return new PortalAPIResponse(false, e.getMessage()); @@ -858,7 +992,7 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Gets favorite items within the functional menu for the current user.", response = FavoritesFunctionalMenuItemJson.class, responseContainer = "List") - @RequestMapping(value = { "/v3/getFavorites" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v3/getFavorites" }, produces = "application/json") public List getFavoritesForUser(HttpServletRequest request, HttpServletResponse response) throws Exception { List favorites = null; @@ -873,8 +1007,8 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B @SuppressWarnings("unchecked") @ApiOperation(value = "Gets functional menu items appropriate for the current user.", response = FunctionalMenuItem.class, responseContainer = "List") - @RequestMapping(value = { - "/v3/functionalMenuItemsForUser" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/v3/functionalMenuItemsForUser" }, produces = "application/json") public List getFunctionalMenuItemsForUser(HttpServletRequest request, HttpServletResponse response) throws Exception { List fnMenuItems = null; @@ -887,4 +1021,31 @@ public class AuxApiRequestMapperController implements ApplicationContextAware, B return fnMenuItems; } + + @ApiOperation(value = "Gets MechId roles", response = String.class, responseContainer = "List") + @GetMapping(value = { "/v3/systemUser" }, produces = "application/json") + public List getSystemUserPerms(HttpServletRequest request, HttpServletResponse response) throws Exception { + List permsList = null; + Map res = getMethod(request, response); + try { + permsList = (List) invokeMethod(res, request, response); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getSystemUserPerms failed", e); + } + return permsList; + } + + @ApiOperation(value = "Update role description in external auth system for an application.", response = PortalRestResponse.class, responseContainer = "Json") + @PutMapping(value = { "/v3/update/app/roleDescription" }, produces = "application/json") + public PortalRestResponse updateAppRoleDescription(HttpServletRequest request, HttpServletResponse response) throws Exception { + PortalRestResponse result = null; + Map res = getMethod(request, response); + try { + result = (PortalRestResponse) invokeMethod(res, request, response); + return result; + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "updateAppRoleDescription failed", e); + return new PortalRestResponse(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); + } + } }