RestHttpRouteProvider.java revision c7c09754c30011ad8f85141f9e73b5679feae6d8
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2015 ForgeRock AS.
*/
public class RestHttpRouteProvider implements HttpRouteProvider {
}
this.invalidRealms = invalidRealms;
}
public void setAuthenticationFilterProvider(
}
return Collections.singleton(
}
})));
}
// ------------------
// Realm based routes
// ------------------
//not protected
org.forgerock.json.resource.Router dashboardVersionRouter = new org.forgerock.json.resource.Router();
AuditFilterWrapper dashboardAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain dashboardFilterChain = new FilterChain(dashboardVersionRouter, defaultAuthenticationFilter, dashboardAuditFilter);
org.forgerock.json.resource.Router serverInfoVersionRouter = new org.forgerock.json.resource.Router();
serverInfoVersionRouter.addRoute(version(1, 1), InjectorHolder.getInstance(ServerInfoResource.class));
AuditFilterWrapper serverInfoAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain serverInfoFilterChain = new FilterChain(serverInfoVersionRouter, serverInfoAuthnFilter, serverInfoAuditFilter);
org.forgerock.json.resource.Router umaServerInfoVersionRouter = new org.forgerock.json.resource.Router();
umaServerInfoVersionRouter.addRoute(version(1), InjectorHolder.getInstance(UmaConfigurationResource.class));
AuditFilterWrapper umaServerInfoAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain umaServerInfoFilterChain = new FilterChain(umaServerInfoVersionRouter, defaultAuthenticationFilter, umaServerInfoAuditFilter);
usersVersionRouter.addRoute(version(1, 2), InjectorHolder.getInstance(Key.get(IdentityResourceV1.class, Names.named("UsersResource"))));
usersVersionRouter.addRoute(version(2, 1), InjectorHolder.getInstance(Key.get(IdentityResourceV2.class, Names.named("UsersResource"))));
AuditFilterWrapper usersAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
Filter usersAuthnFilter = authenticationFilterProvider.get().exceptActions("register", "confirm", "forgotPassword", "forgotPasswordReset", "anonymousCreate");
FilterChain usersFilterChain = new FilterChain(usersVersionRouter, usersAuthnFilter, usersAuditFilter);
groupsVersionRouter.addRoute(version(1, 2), InjectorHolder.getInstance(Key.get(IdentityResourceV1.class, Names.named("GroupsResource"))));
groupsVersionRouter.addRoute(version(2, 1), InjectorHolder.getInstance(Key.get(IdentityResourceV2.class, Names.named("GroupsResource"))));
AuditFilterWrapper groupsAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain groupsFilterChain = new FilterChain(groupsVersionRouter, defaultAuthenticationFilter, groupsAuditFilter);
agentsVersionRouter.addRoute(version(1, 2), InjectorHolder.getInstance(Key.get(IdentityResourceV1.class, Names.named("AgentsResource"))));
agentsVersionRouter.addRoute(version(2, 1), InjectorHolder.getInstance(Key.get(IdentityResourceV2.class, Names.named("AgentsResource"))));
AuditFilterWrapper agentsAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain agentsFilterChain = new FilterChain(agentsVersionRouter, defaultAuthenticationFilter, agentsAuditFilter);
org.forgerock.json.resource.Router trustedDevicesVersionRouter = new org.forgerock.json.resource.Router();
trustedDevicesVersionRouter.addRoute(version(1), InjectorHolder.getInstance(TrustedDevicesResource.class));
AuditFilterWrapper trustedDevicesAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain trustedDevicesFilterChain = new FilterChain(trustedDevicesVersionRouter, defaultAuthenticationFilter, trustedDevicesAuditFilter);
realmRouter.addRoute(requestUriMatcher(STARTS_WITH, "users/{user}/devices/trusted"), trustedDevicesFilterChain);
org.forgerock.json.resource.Router oathDevicesVersionRouter = new org.forgerock.json.resource.Router();
oathDevicesVersionRouter.addRoute(version(1), InjectorHolder.getInstance(OathDevicesResource.class));
AuditFilterWrapper oathDevicesAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain oathDevicesFilterChain = new FilterChain(oathDevicesVersionRouter, defaultAuthenticationFilter, oathDevicesAuditFilter);
realmRouter.addRoute(requestUriMatcher(STARTS_WITH, "users/{user}/devices/2fa/oath"), oathDevicesFilterChain);
org.forgerock.json.resource.Router oauth2ResourceSetsVersionRouter = new org.forgerock.json.resource.Router();
oauth2ResourceSetsVersionRouter.addRoute(version(1), InjectorHolder.getInstance(ResourceSetResource.class));
FilterChain oauth2ResourceSetsAuthzFilter = createFilter(oauth2ResourceSetsVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(UmaPolicyResourceAuthzFilter.class), UmaPolicyResourceAuthzFilter.NAME));
AuditFilterWrapper oauth2ResourceSetsAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain oauth2ResourceSetsFilterChain = new FilterChain(oauth2ResourceSetsAuthzFilter, defaultAuthenticationFilter, InjectorHolder.getInstance(UmaEnabledFilter.class), oauth2ResourceSetsAuditFilter);
realmRouter.addRoute(requestUriMatcher(STARTS_WITH, "users/{user}/oauth2/resources/sets"), oauth2ResourceSetsFilterChain);
org.forgerock.json.resource.Router umaPoliciesVersionRouter = new org.forgerock.json.resource.Router();
FilterChain umaPoliciesAuthzFilter = createFilter(umaPoliciesVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(UmaPolicyResourceAuthzFilter.class), UmaPolicyResourceAuthzFilter.NAME));
AuditFilterWrapper umaPoliciesAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain umaPoliciesFilterChain = new FilterChain(umaPoliciesAuthzFilter, defaultAuthenticationFilter, InjectorHolder.getInstance(UmaEnabledFilter.class), umaPoliciesAuditFilter);
realmRouter.addRoute(requestUriMatcher(STARTS_WITH, "users/{user}/uma/policies"), umaPoliciesFilterChain);
org.forgerock.json.resource.Router umaAuditHistoryVersionRouter = new org.forgerock.json.resource.Router();
umaAuditHistoryVersionRouter.addRoute(version(1), InjectorHolder.getInstance(ResourceSetResource.class));
FilterChain umaAuditHistoryAuthzFilter = createFilter(umaAuditHistoryVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(ResourceOwnerOrSuperUserAuthzModule.class), ResourceOwnerOrSuperUserAuthzModule.NAME));
AuditFilterWrapper umaAuditHistoryAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain umaAuditHistoryFilterChain = new FilterChain(umaAuditHistoryAuthzFilter, defaultAuthenticationFilter, InjectorHolder.getInstance(UmaEnabledFilter.class), umaAuditHistoryAuditFilter);
realmRouter.addRoute(requestUriMatcher(STARTS_WITH, "users/{user}/uma/auditHistory"), umaAuditHistoryFilterChain);
org.forgerock.json.resource.Router umaPendingRequestsVersionRouter = new org.forgerock.json.resource.Router();
umaPendingRequestsVersionRouter.addRoute(version(1), InjectorHolder.getInstance(PendingRequestResource.class));
FilterChain umaPendingRequestsAuthzFilter = createFilter(umaPendingRequestsVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(ResourceOwnerOrSuperUserAuthzModule.class), ResourceOwnerOrSuperUserAuthzModule.NAME));
AuditFilterWrapper umaPendingRequestsAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain umaPendingRequestsFilterChain = new FilterChain(umaPendingRequestsAuthzFilter, defaultAuthenticationFilter, InjectorHolder.getInstance(UmaEnabledFilter.class), umaPendingRequestsAuditFilter);
realmRouter.addRoute(requestUriMatcher(STARTS_WITH, "users/{user}/uma/pendingrequests"), umaPendingRequestsFilterChain);
org.forgerock.json.resource.Router umaLabelsVersionRouter = new org.forgerock.json.resource.Router();
FilterChain umaLabelsAuthzFilter = createFilter(umaLabelsVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(ResourceOwnerOrSuperUserAuthzModule.class), ResourceOwnerOrSuperUserAuthzModule.NAME));
AuditFilterWrapper umaLabelsAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain umaLabelsFilterChain = new FilterChain(umaLabelsAuthzFilter, defaultAuthenticationFilter, umaLabelsAuditFilter);
realmRouter.addRoute(requestUriMatcher(STARTS_WITH, "users/{user}/resources/labels"), umaLabelsFilterChain);
//protected
org.forgerock.json.resource.Router policiesVersionRouter = new org.forgerock.json.resource.Router();
FilterChain policiesVersionOneFilterChain = new FilterChain(Resources.newCollection(InjectorHolder.getInstance(PolicyResource.class)), InjectorHolder.getInstance(PolicyV1Filter.class));
policiesVersionRouter.addRoute(requestResourceApiVersionMatcher(version(1)), policiesVersionOneFilterChain);
FilterChain policiesAuthzFilter = createFilter(policiesVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(PrivilegeAuthzModule.class), PrivilegeAuthzModule.NAME));
AuditFilterWrapper policiesAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain policiesFilterChain = new FilterChain(policiesAuthzFilter, defaultAuthenticationFilter, policiesAuditFilter);
org.forgerock.json.resource.Router referralsVersionRouter = new org.forgerock.json.resource.Router();
FilterChain referralsAuthzFilter = createFilter(referralsVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(PrivilegeAuthzModule.class), PrivilegeAuthzModule.NAME));
AuditFilterWrapper referralsAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain referralsFilterChain = new FilterChain(referralsAuthzFilter, defaultAuthenticationFilter, referralsAuditFilter);
FilterChain realmsAuthzFilter = createFilter(realmsVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(PrivilegeAuthzModule.class), PrivilegeAuthzModule.NAME));
AuditFilterWrapper realmsAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain realmsFilterChain = new FilterChain(realmsAuthzFilter, defaultAuthenticationFilter, realmsAuditFilter);
org.forgerock.json.resource.Router sessionsVersionRouter = new org.forgerock.json.resource.Router();
sessionsVersionRouter.addRoute(version(1, 1), InjectorHolder.getInstance(ReferralsResourceV1.class));
FilterChain sessionsAuthzFilter = createFilter(sessionsVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(SessionResourceAuthzModule.class), SessionResourceAuthzModule.NAME));
AuditFilterWrapper sessionsAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain sessionsFilterChain = new FilterChain(sessionsAuthzFilter, sessionsAuthnFilter, sessionsAuditFilter);
org.forgerock.json.resource.Router applicationsVersionRouter = new org.forgerock.json.resource.Router();
FilterChain applicationsVersionOneFilterChain = new FilterChain(Resources.newCollection(InjectorHolder.getInstance(ApplicationsResource.class)), InjectorHolder.getInstance(ApplicationV1Filter.class));
applicationsVersionRouter.addRoute(requestResourceApiVersionMatcher(version(1)), applicationsVersionOneFilterChain);
applicationsVersionRouter.addRoute(version(2), InjectorHolder.getInstance(ApplicationsResource.class));
FilterChain applicationsAuthzFilter = createFilter(applicationsVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(PrivilegeAuthzModule.class), PrivilegeAuthzModule.NAME));
AuditFilterWrapper applicationsAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain applicationsFilterChain = new FilterChain(applicationsAuthzFilter, defaultAuthenticationFilter, applicationsAuditFilter);
org.forgerock.json.resource.Router subjectAttributesVersionRouter = new org.forgerock.json.resource.Router();
subjectAttributesVersionRouter.addRoute(version(1), InjectorHolder.getInstance(SubjectAttributesResourceV1.class));
FilterChain subjectAttributesAuthzFilter = createFilter(subjectAttributesVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(SessionResourceAuthzModule.class), SessionResourceAuthzModule.NAME));
AuditFilterWrapper subjectAttributesAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain subjectAttributesFilterChain = new FilterChain(subjectAttributesAuthzFilter, defaultAuthenticationFilter, subjectAttributesAuditFilter);
realmRouter.addRoute(requestUriMatcher(STARTS_WITH, "subjectattributes"), subjectAttributesFilterChain);
org.forgerock.json.resource.Router applicationTypesVersionRouter = new org.forgerock.json.resource.Router();
applicationTypesVersionRouter.addRoute(version(1), InjectorHolder.getInstance(ApplicationTypesResource.class));
FilterChain applicationTypesAuthzFilter = createFilter(applicationTypesVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(PrivilegeAuthzModule.class), PrivilegeAuthzModule.NAME));
AuditFilterWrapper applicationTypesAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain applicationTypesFilterChain = new FilterChain(applicationTypesAuthzFilter, defaultAuthenticationFilter, applicationTypesAuditFilter);
rootRouter.addRoute(requestUriMatcher(STARTS_WITH, "applicationtypes"), applicationTypesFilterChain);
org.forgerock.json.resource.Router resourceTypesVersionRouter = new org.forgerock.json.resource.Router();
resourceTypesVersionRouter.addRoute(version(1), InjectorHolder.getInstance(ResourceTypesResource.class));
FilterChain resourceTypesAuthzFilter = createFilter(resourceTypesVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(SessionResourceAuthzModule.class), SessionResourceAuthzModule.NAME));
AuditFilterWrapper resourceTypesAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain resourceTypesFilterChain = new FilterChain(resourceTypesAuthzFilter, defaultAuthenticationFilter, resourceTypesAuditFilter);
FilterChain scriptsAuthzFilter = createFilter(scriptsVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(AdminOnlyAuthzModule.class), AdminOnlyAuthzModule.NAME));
AuditFilterWrapper scriptsAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain scriptsFilterChain = new FilterChain(scriptsAuthzFilter, defaultAuthenticationFilter, scriptsAuditFilter);
org.forgerock.json.resource.Router realmConfigVersionRouter = new org.forgerock.json.resource.Router();
realmConfigVersionRouter.addRoute(version(1), smsRequestHandlerFactory.create(SchemaType.ORGANIZATION));
FilterChain realmConfigAuthzFilter = createFilter(realmConfigVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(AdminOnlyAuthzModule.class), AdminOnlyAuthzModule.NAME));
AuditFilterWrapper realmConfigAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain realmConfigFilterChain = new FilterChain(realmConfigAuthzFilter, defaultAuthenticationFilter, realmConfigAuditFilter);
FilterChain batchAuthzFilter = createFilter(batchVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(AdminOnlyAuthzModule.class), AdminOnlyAuthzModule.NAME));
AuditFilterWrapper batchAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain batchFilterChain = new FilterChain(batchAuthzFilter, defaultAuthenticationFilter, batchAuditFilter);
// ------------------
// Global routes
// ------------------
org.forgerock.json.resource.Router decisionCombinersVersionRouter = new org.forgerock.json.resource.Router();
decisionCombinersVersionRouter.addRoute(version(1), InjectorHolder.getInstance(DecisionCombinersResource.class));
FilterChain decisionCombinersAuthzFilter = createFilter(decisionCombinersVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(PrivilegeAuthzModule.class), PrivilegeAuthzModule.NAME));
AuditFilterWrapper decisionCombinersAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain decisionCombinersFilterChain = new FilterChain(decisionCombinersAuthzFilter, defaultAuthenticationFilter, decisionCombinersAuditFilter);
rootRouter.addRoute(requestUriMatcher(STARTS_WITH, "decisioncombiners"), decisionCombinersFilterChain);
org.forgerock.json.resource.Router conditionTypesVersionRouter = new org.forgerock.json.resource.Router();
conditionTypesVersionRouter.addRoute(version(1), InjectorHolder.getInstance(ConditionTypesResource.class));
FilterChain conditionTypesAuthzFilter = createFilter(conditionTypesVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(PrivilegeAuthzModule.class), PrivilegeAuthzModule.NAME));
AuditFilterWrapper conditionTypesAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain conditionTypesFilterChain = new FilterChain(conditionTypesAuthzFilter, defaultAuthenticationFilter, conditionTypesAuditFilter);
org.forgerock.json.resource.Router subjectTypesVersionRouter = new org.forgerock.json.resource.Router();
subjectTypesVersionRouter.addRoute(version(1), InjectorHolder.getInstance(SubjectTypesResource.class));
FilterChain subjectTypesAuthzFilter = createFilter(subjectTypesVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(PrivilegeAuthzModule.class), PrivilegeAuthzModule.NAME));
AuditFilterWrapper subjectTypesAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain subjectTypesFilterChain = new FilterChain(subjectTypesAuthzFilter, defaultAuthenticationFilter, subjectTypesAuditFilter);
FilterChain tokensAuthzFilter = createFilter(tokensVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(CoreTokenResourceAuthzModule.class), CoreTokenResourceAuthzModule.NAME));
AuditFilterWrapper tokensAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain tokensFilterChain = new FilterChain(tokensAuthzFilter, defaultAuthenticationFilter, tokensAuditFilter);
org.forgerock.json.resource.Router globalConfigVersionRouter = new org.forgerock.json.resource.Router();
globalConfigVersionRouter.addRoute(requestResourceApiVersionMatcher(version(1)), smsRequestHandlerFactory.create(SchemaType.GLOBAL));
FilterChain globalConfigAuthzFilter = createFilter(globalConfigVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(AdminOnlyAuthzModule.class), AdminOnlyAuthzModule.NAME));
AuditFilterWrapper globalConfigAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain globalConfigFilterChain = new FilterChain(globalConfigAuthzFilter, defaultAuthenticationFilter, globalConfigAuditFilter);
org.forgerock.json.resource.Router globalConfigServersVersionRouter = new org.forgerock.json.resource.Router();
globalConfigServersVersionRouter.addRoute(version(1), InjectorHolder.getInstance(SmsServerPropertiesResource.class));
FilterChain globalConfigServersAuthzFilter = createFilter(globalConfigServersVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(AdminOnlyAuthzModule.class), AdminOnlyAuthzModule.NAME));
AuditFilterWrapper globalConfigServersAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain globalConfigServersFilterChain = new FilterChain(globalConfigServersAuthzFilter, defaultAuthenticationFilter, globalConfigServersAuditFilter);
rootRouter.addRoute(requestUriMatcher(STARTS_WITH, "global-config/servers/{serverName}/properties/{tab}"), globalConfigServersFilterChain);
FilterChain auditAuthzFilter = createFilter(auditVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(AgentOnlyAuthzModule.class), AgentOnlyAuthzModule.NAME));
AuditFilterWrapper auditAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditEndpointAuditFilter.class),
FilterChain auditFilterChain = new FilterChain(auditAuthzFilter, defaultAuthenticationFilter,auditAuditFilter);
FilterChain recordAuthzFilter = createFilter(recordVersionRouter, new LoggingAuthzModule(InjectorHolder.getInstance(AdminOnlyAuthzModule.class), AdminOnlyAuthzModule.NAME));
AuditFilterWrapper recordAuditFilter = new AuditFilterWrapper(InjectorHolder.getInstance(AuditFilter.class),
FilterChain recordFilterChain = new FilterChain(recordAuthzFilter, defaultAuthenticationFilter, recordAuditFilter);
rootRouter.addRoute(requestUriMatcher(STARTS_WITH, RecordConstants.RECORD_REST_ENDPOINT), recordFilterChain);
}
/**
* Returns the first path segment from a uri template. For example {@code /foo/bar} becomes {@code foo}.
*
* @param path the full uri template path.
* @return the first non-empty path segment.
* @throws IllegalArgumentException if the path contains no non-empty segments.
*/
return part;
}
}
}
}