| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package org.apache.usergrid.rest; |
| |
| |
| import java.util.List; |
| import java.util.regex.Pattern; |
| |
| import javax.servlet.http.HttpServletRequest; |
| import javax.ws.rs.core.Context; |
| import javax.ws.rs.core.PathSegment; |
| import javax.ws.rs.core.Request; |
| import javax.ws.rs.core.SecurityContext; |
| import javax.ws.rs.core.UriInfo; |
| |
| import org.springframework.beans.factory.annotation.Autowired; |
| import org.apache.usergrid.management.ManagementService; |
| import org.apache.usergrid.mq.QueueManagerFactory; |
| import org.apache.usergrid.persistence.EntityManagerFactory; |
| import org.apache.usergrid.rest.exceptions.RedirectionException; |
| import org.apache.usergrid.security.tokens.TokenService; |
| import org.apache.usergrid.services.ServiceManagerFactory; |
| |
| import com.sun.jersey.api.core.HttpContext; |
| import com.sun.jersey.api.core.ResourceContext; |
| import com.sun.jersey.api.view.Viewable; |
| import com.sun.jersey.spi.CloseableService; |
| |
| import net.tanesha.recaptcha.ReCaptcha; |
| import net.tanesha.recaptcha.ReCaptchaFactory; |
| |
| import static org.apache.commons.lang.StringUtils.isNotBlank; |
| import static org.apache.commons.lang.StringUtils.removeEnd; |
| |
| |
| public abstract class AbstractContextResource { |
| |
| private static final Pattern SECURE_PARAMETER_PATTERN = Pattern.compile("[A-Za-z0-9\\-\\._~]+"); |
| protected AbstractContextResource parent; |
| |
| @Context |
| protected UriInfo uriInfo; |
| |
| @Context |
| protected Request request; |
| |
| @Context |
| protected SecurityContext sc; |
| |
| @Context |
| protected HttpContext hc; |
| |
| @Context |
| protected CloseableService cs; |
| |
| @Context |
| protected HttpServletRequest httpServletRequest; |
| |
| @Context |
| protected ResourceContext resourceContext; |
| |
| @Autowired |
| protected EntityManagerFactory emf; |
| |
| @Autowired |
| protected ServiceManagerFactory smf; |
| |
| @Autowired |
| protected ManagementService management; |
| |
| @Autowired |
| protected ServerEnvironmentProperties properties; |
| |
| @Autowired |
| protected QueueManagerFactory qmf; |
| |
| @Autowired |
| protected TokenService tokens; |
| |
| public AbstractContextResource() { |
| } |
| |
| public AbstractContextResource getParent() { |
| return parent; |
| } |
| |
| public void setParent(AbstractContextResource parent) { |
| this.parent = parent; |
| } |
| |
| public <T extends AbstractContextResource> T getSubResource(Class<T> t) { |
| T subResource = resourceContext.getResource(t); |
| subResource.setParent(this); |
| return subResource; |
| } |
| |
| public PathSegment getFirstPathSegment(String name) { |
| if (name == null) { |
| return null; |
| } |
| List<PathSegment> segments = uriInfo.getPathSegments(); |
| for (PathSegment segment : segments) { |
| if (name.equals(segment.getPath())) { |
| return segment; |
| } |
| } |
| return null; |
| } |
| |
| public boolean useReCaptcha() { |
| return isNotBlank(properties.getRecaptchaPublic()) && isNotBlank(properties.getRecaptchaPrivate()); |
| } |
| |
| public String getReCaptchaHtml() { |
| if (!useReCaptcha()) { |
| return ""; |
| } |
| ReCaptcha c = ReCaptchaFactory |
| .newSecureReCaptcha(properties.getRecaptchaPublic(), properties.getRecaptchaPrivate(), false); |
| return c.createRecaptchaHtml(null, null); |
| } |
| |
| public void sendRedirect(String location) { |
| if (isNotBlank(location)) { |
| throw new RedirectionException(location); |
| } |
| } |
| |
| public Viewable handleViewable(String template, Object model) { |
| String template_property = "usergrid.view" + removeEnd(this.getClass().getName().toLowerCase(), "resource") |
| .substring(AbstractContextResource.class.getPackage().getName().length()) + "." + template |
| .toLowerCase(); |
| String redirect_url = properties.getProperty(template_property); |
| if (isNotBlank(redirect_url)) { |
| sendRedirect(redirect_url); |
| } |
| return new Viewable(template, model, this.getClass()); |
| } |
| |
| protected ApiResponse createApiResponse() { |
| return new ApiResponse( properties ); |
| } |
| |
| /** |
| * Checks if the given parameter contains only unreserved characters (as per RFC3986) |
| * This ensures that characters like < > which could be used by malicious scripts |
| * are not included. |
| * @param parameter the parameter to be tested |
| * @return true if safe to use, false otherwise |
| */ |
| protected boolean isSafe(String parameter) { |
| return SECURE_PARAMETER_PATTERN.matcher(parameter).matches(); |
| } |
| } |