From b0f9f1ed9b1862c39b83a2eec031238285304ce7 Mon Sep 17 00:00:00 2001 From: Athou Date: Fri, 17 May 2013 19:39:52 +0200 Subject: [PATCH] return Response objects for all methods, including security interceptor. Removes stacktraces for unauthorized calls --- .../frontend/rest/resources/AbstractREST.java | 13 +++------- .../frontend/rest/resources/AdminREST.java | 26 +++++++++++-------- .../frontend/rest/resources/CategoryREST.java | 20 +++++++------- .../frontend/rest/resources/EntryREST.java | 4 +-- .../frontend/rest/resources/FeedREST.java | 23 ++++++++-------- .../frontend/rest/resources/ServerREST.java | 7 ++--- .../frontend/rest/resources/UserREST.java | 8 +++--- 7 files changed, 51 insertions(+), 50 deletions(-) diff --git a/src/main/java/com/commafeed/frontend/rest/resources/AbstractREST.java b/src/main/java/com/commafeed/frontend/rest/resources/AbstractREST.java index f150eefc..b2599379 100644 --- a/src/main/java/com/commafeed/frontend/rest/resources/AbstractREST.java +++ b/src/main/java/com/commafeed/frontend/rest/resources/AbstractREST.java @@ -10,7 +10,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.ws.rs.Consumes; import javax.ws.rs.Produces; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; @@ -186,15 +185,11 @@ public abstract class AbstractREST { } if (!allowed) { if (user == null) { - throw new WebApplicationException(Response - .status(Status.UNAUTHORIZED) - .entity("You are not authorized to do this.") - .header(HttpHeaders.WWW_AUTHENTICATE, - "Basic realm=\"CommaFeed\"").build()); + return Response.status(Status.UNAUTHORIZED) + .entity("You are not authorized to do this.").build(); } else { - throw new WebApplicationException(Response - .status(Status.FORBIDDEN) - .entity("You are not authorized to do this.").build()); + return Response.status(Status.FORBIDDEN) + .entity("You are not authorized to do this.").build(); } } diff --git a/src/main/java/com/commafeed/frontend/rest/resources/AdminREST.java b/src/main/java/com/commafeed/frontend/rest/resources/AdminREST.java index a6ac4d75..294b65e3 100644 --- a/src/main/java/com/commafeed/frontend/rest/resources/AdminREST.java +++ b/src/main/java/com/commafeed/frontend/rest/resources/AdminREST.java @@ -1,6 +1,7 @@ package com.commafeed.frontend.rest.resources; -import java.util.Collection; +import java.util.Arrays; +import java.util.List; import java.util.Map; import java.util.Set; @@ -95,7 +96,7 @@ public class AdminREST extends AbstractResourceREST { @Path("/user/get/{id}") @GET @ApiOperation(value = "Get user information", notes = "Get user information", responseClass = "com.commafeed.frontend.model.UserModel") - public UserModel getUser( + public Response getUser( @ApiParam(value = "user id", required = true) @PathParam("id") Long id) { Preconditions.checkNotNull(id); User user = userDAO.findById(id); @@ -108,13 +109,13 @@ public class AdminREST extends AbstractResourceREST { userModel.setAdmin(true); } } - return userModel; + return Response.ok(userModel).build(); } @Path("/user/getAll") @GET @ApiOperation(value = "Get all users", notes = "Get all users", responseClass = "List[com.commafeed.frontend.model.UserModel]") - public Collection getUsers() { + public Response getUsers() { Map users = Maps.newHashMap(); for (UserRole role : userRoleDAO.findAll()) { User user = role.getUser(); @@ -131,7 +132,7 @@ public class AdminREST extends AbstractResourceREST { userModel.setAdmin(true); } } - return users.values(); + return Response.ok(users.values()).build(); } @Path("/user/delete") @@ -156,23 +157,26 @@ public class AdminREST extends AbstractResourceREST { @Path("/settings") @GET @ApiOperation(value = "Retrieve application settings", notes = "Retrieve application settings", responseClass = "com.commafeed.backend.model.ApplicationSettings") - public ApplicationSettings getSettings() { - return applicationSettingsService.get(); + public Response getSettings() { + return Response.ok(applicationSettingsService.get()).build(); } @Path("/settings") @POST @ApiOperation(value = "Save application settings", notes = "Save application settings") - public void saveSettings( + public Response saveSettings( @ApiParam(required = true) ApplicationSettings settings) { Preconditions.checkNotNull(settings); applicationSettingsService.save(settings); + return Response.ok().build(); } @Path("/metrics") @GET - public int[] getMetrics() { - return new int[] { metricsBean.getFeedsRefreshedLastMinute(), - metricsBean.getFeedsRefreshedLastHour() }; + public Response getMetrics() { + List list = Arrays.asList( + metricsBean.getFeedsRefreshedLastMinute(), + metricsBean.getFeedsRefreshedLastHour()); + return Response.ok(list).build(); } } diff --git a/src/main/java/com/commafeed/frontend/rest/resources/CategoryREST.java b/src/main/java/com/commafeed/frontend/rest/resources/CategoryREST.java index 1cbd24c4..c1268f90 100644 --- a/src/main/java/com/commafeed/frontend/rest/resources/CategoryREST.java +++ b/src/main/java/com/commafeed/frontend/rest/resources/CategoryREST.java @@ -62,7 +62,7 @@ public class CategoryREST extends AbstractResourceREST { @Path("/entries") @GET @ApiOperation(value = "Get category entries", notes = "Get a list of category entries", responseClass = "com.commafeed.frontend.model.Entries") - public Entries getCategoryEntries( + public Response getCategoryEntries( @ApiParam(value = "id of the category, 'all' or 'starred'", required = true) @QueryParam("id") String id, @ApiParam(value = "all entries or only unread ones", allowableValues = "all,unread", required = true) @QueryParam("readType") ReadType readType, @ApiParam(value = "offset for paging") @DefaultValue("0") @QueryParam("offset") int offset, @@ -107,7 +107,7 @@ public class CategoryREST extends AbstractResourceREST { } entries.setTimestamp(Calendar.getInstance().getTimeInMillis()); - return entries; + return Response.ok(entries).build(); } @Path("/entriesAsFeed") @@ -115,7 +115,7 @@ public class CategoryREST extends AbstractResourceREST { @ApiOperation(value = "Get category entries as feed", notes = "Get a feed of category entries") @Produces(MediaType.APPLICATION_XML) @SecurityCheck(value = Role.USER, apiKeyAllowed = true) - public String getCategoryEntriesAsFeed( + public Response getCategoryEntriesAsFeed( @ApiParam(value = "id of the category, 'all' or 'starred'", required = true) @QueryParam("id") String id) { Preconditions.checkNotNull(id); @@ -125,7 +125,7 @@ public class CategoryREST extends AbstractResourceREST { int offset = 0; int limit = 20; - Entries entries = getCategoryEntries(id, readType, offset, limit, order); + Entries entries = (Entries) getCategoryEntries(id, readType, offset, limit, order).getEntity(); SyndFeed feed = new SyndFeedImpl(); feed.setFeedType("rss_2.0"); @@ -148,7 +148,7 @@ public class CategoryREST extends AbstractResourceREST { writer.write("Could not get feed information"); log.error(e.getMessage(), e); } - return writer.toString(); + return Response.ok(writer.toString()).build(); } @Path("/mark") @@ -276,7 +276,7 @@ public class CategoryREST extends AbstractResourceREST { @GET @Path("/get") @ApiOperation(value = "Get feed categories", notes = "Get all categories and subscriptions of the user", responseClass = "com.commafeed.frontend.model.Category") - public Category getSubscriptions() { + public Response getSubscriptions() { List categories = feedCategoryDAO.findAll(getUser()); List subscriptions = feedSubscriptionDAO @@ -289,20 +289,20 @@ public class CategoryREST extends AbstractResourceREST { root.setId("all"); root.setName("All"); - return root; + return Response.ok(root).build(); } @GET @Path("/unreadCount") - @ApiOperation(value = "Get unread count for feed subscriptions") - public List getUnreadCount() { + @ApiOperation(value = "Get unread count for feed subscriptions", responseClass="List[com.commafeed.frontend.model.UnreadCount]") + public Response getUnreadCount() { List list = Lists.newArrayList(); Map unreadCount = feedEntryStatusDAO .getUnreadCount(getUser()); for (Map.Entry e : unreadCount.entrySet()) { list.add(new UnreadCount(e.getKey(), e.getValue())); } - return list; + return Response.ok(list).build(); } private Category buildCategory(Long id, List categories, diff --git a/src/main/java/com/commafeed/frontend/rest/resources/EntryREST.java b/src/main/java/com/commafeed/frontend/rest/resources/EntryREST.java index de437989..a559ab87 100644 --- a/src/main/java/com/commafeed/frontend/rest/resources/EntryREST.java +++ b/src/main/java/com/commafeed/frontend/rest/resources/EntryREST.java @@ -58,7 +58,7 @@ public class EntryREST extends AbstractResourceREST { @Path("/search") @GET @ApiOperation(value = "Search for entries", notes = "Look through title and content of entries by keywords", responseClass = "com.commafeed.frontend.model.Entries") - public Entries searchEntries( + public Response searchEntries( @ApiParam(value = "keywords separated by spaces, 3 characters minimum", required = true) @QueryParam("keywords") String keywords, @ApiParam(value = "offset for paging") @DefaultValue("0") @QueryParam("offset") int offset, @ApiParam(value = "limit for paging") @DefaultValue("-1") @QueryParam("limit") int limit) { @@ -76,7 +76,7 @@ public class EntryREST extends AbstractResourceREST { entries.setName("Search for : " + keywords); entries.getEntries().addAll(list); - return entries; + return Response.ok(entries).build(); } } diff --git a/src/main/java/com/commafeed/frontend/rest/resources/FeedREST.java b/src/main/java/com/commafeed/frontend/rest/resources/FeedREST.java index 99255e43..b1e0a30d 100644 --- a/src/main/java/com/commafeed/frontend/rest/resources/FeedREST.java +++ b/src/main/java/com/commafeed/frontend/rest/resources/FeedREST.java @@ -64,7 +64,7 @@ public class FeedREST extends AbstractResourceREST { @Path("/entries") @GET @ApiOperation(value = "Get feed entries", notes = "Get a list of feed entries", responseClass = "com.commafeed.frontend.model.Entries") - public Entries getFeedEntries( + public Response getFeedEntries( @ApiParam(value = "id of the feed", required = true) @QueryParam("id") String id, @ApiParam(value = "all entries or only unread ones", allowableValues = "all,unread", required = true) @QueryParam("readType") ReadType readType, @ApiParam(value = "offset for paging") @DefaultValue("0") @QueryParam("offset") int offset, @@ -93,7 +93,7 @@ public class FeedREST extends AbstractResourceREST { } entries.setTimestamp(Calendar.getInstance().getTimeInMillis()); - return entries; + return Response.ok(entries).build(); } @Path("/entriesAsFeed") @@ -101,7 +101,7 @@ public class FeedREST extends AbstractResourceREST { @ApiOperation(value = "Get feed entries as a feed", notes = "Get a feed of feed entries") @Produces(MediaType.APPLICATION_XML) @SecurityCheck(value = Role.USER, apiKeyAllowed = true) - public String getFeedEntriesAsFeed( + public Response getFeedEntriesAsFeed( @ApiParam(value = "id of the feed", required = true) @QueryParam("id") String id) { Preconditions.checkNotNull(id); @@ -111,7 +111,8 @@ public class FeedREST extends AbstractResourceREST { int offset = 0; int limit = 20; - Entries entries = getFeedEntries(id, readType, offset, limit, order); + Entries entries = (Entries) getFeedEntries(id, readType, offset, limit, + order).getEntity(); SyndFeed feed = new SyndFeedImpl(); feed.setFeedType("rss_2.0"); @@ -134,13 +135,13 @@ public class FeedREST extends AbstractResourceREST { writer.write("Could not get feed information"); log.error(e.getMessage(), e); } - return writer.toString(); + return Response.ok(writer.toString()).build(); } @GET @Path("/fetch") @ApiOperation(value = "Fetch a feed", notes = "Fetch a feed by its url", responseClass = "com.commafeed.frontend.model.FeedInfo") - public FeedInfo fetchFeed( + public Response fetchFeed( @ApiParam(value = "the feed's url", required = true) @QueryParam("url") String url) { Preconditions.checkNotNull(url); @@ -158,7 +159,7 @@ public class FeedREST extends AbstractResourceREST { .status(Status.INTERNAL_SERVER_ERROR) .entity(e.getMessage()).build()); } - return info; + return Response.ok(info).build(); } @Path("/refresh") @@ -199,12 +200,12 @@ public class FeedREST extends AbstractResourceREST { @GET @Path("/get/{id}") @ApiOperation(value = "", notes = "") - public Subscription get( + public Response get( @ApiParam(value = "user id", required = true) @PathParam("id") Long id) { Preconditions.checkNotNull(id); FeedSubscription sub = feedSubscriptionDAO.findById(getUser(), id); - return Subscription.build(sub, 0); + return Response.ok(Subscription.build(sub, 0)).build(); } @POST @@ -217,11 +218,11 @@ public class FeedREST extends AbstractResourceREST { Preconditions.checkNotNull(req.getUrl()); String url = prependHttp(req.getUrl()); - url = fetchFeed(url).getUrl(); + url = ((FeedInfo) fetchFeed(url).getEntity()).getUrl(); FeedCategory category = CategoryREST.ALL.equals(req.getCategoryId()) ? null : feedCategoryDAO.findById(Long.valueOf(req.getCategoryId())); - FeedInfo info = fetchFeed(url); + FeedInfo info = (FeedInfo) fetchFeed(url).getEntity(); feedSubscriptionService.subscribe(getUser(), info.getUrl(), req.getTitle(), category); diff --git a/src/main/java/com/commafeed/frontend/rest/resources/ServerREST.java b/src/main/java/com/commafeed/frontend/rest/resources/ServerREST.java index d2c5cd5c..b5e57061 100644 --- a/src/main/java/com/commafeed/frontend/rest/resources/ServerREST.java +++ b/src/main/java/com/commafeed/frontend/rest/resources/ServerREST.java @@ -2,6 +2,7 @@ package com.commafeed.frontend.rest.resources; import javax.ws.rs.GET; import javax.ws.rs.Path; +import javax.ws.rs.core.Response; import com.commafeed.frontend.model.ServerInfo; import com.wordnik.swagger.annotations.Api; @@ -13,13 +14,13 @@ public class ServerREST extends AbstractResourceREST { @Path("/get") @GET - @ApiOperation(value = "Get server infos", notes = "Get server infos") - public ServerInfo get() { + @ApiOperation(value = "Get server infos", notes = "Get server infos", responseClass = "com.commafeed.frontend.model.ServerInfo") + public Response get() { ServerInfo infos = new ServerInfo(); infos.setAnnouncement(applicationSettingsService.get() .getAnnouncement()); infos.getSupportedLanguages().putAll( startupBean.getSupportedLanguages()); - return infos; + return Response.ok(infos).build(); } } diff --git a/src/main/java/com/commafeed/frontend/rest/resources/UserREST.java b/src/main/java/com/commafeed/frontend/rest/resources/UserREST.java index f6fb6eda..a6775114 100644 --- a/src/main/java/com/commafeed/frontend/rest/resources/UserREST.java +++ b/src/main/java/com/commafeed/frontend/rest/resources/UserREST.java @@ -34,7 +34,7 @@ public class UserREST extends AbstractResourceREST { @Path("/settings") @GET @ApiOperation(value = "Retrieve user settings", notes = "Retrieve user settings", responseClass = "com.commafeed.frontend.model.Settings") - public Settings getSettings() { + public Response getSettings() { Settings s = new Settings(); UserSettings settings = userSettingsDAO.findByUser(getUser()); if (settings != null) { @@ -55,7 +55,7 @@ public class UserREST extends AbstractResourceREST { s.setScrollMarks(true); s.setLanguage("en"); } - return s; + return Response.ok(s).build(); } @Path("/settings") @@ -89,7 +89,7 @@ public class UserREST extends AbstractResourceREST { @Path("/profile") @GET @ApiOperation(value = "Retrieve user's profile", responseClass = "com.commafeed.frontend.model.UserModel") - public UserModel get() { + public Response get() { User user = getUser(); UserModel userModel = new UserModel(); userModel.setId(user.getId()); @@ -102,7 +102,7 @@ public class UserREST extends AbstractResourceREST { userModel.setAdmin(true); } } - return userModel; + return Response.ok(userModel).build(); } @Path("/profile")