@RequestMapping( method = RequestMethod.POST, produces = MimeTypeUtils.APPLICATION_JSON_VALUE, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE) public String createResourceSet(@RequestBody String jsonString, Model m, Authentication auth) { ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE); ResourceSet rs = parseResourceSet(jsonString); if (rs == null) { // there was no resource set in the body logger.warn("Resource set registration missing body."); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("error_description", "Resource request was missing body."); return JsonErrorView.VIEWNAME; } if (auth instanceof OAuth2Authentication) { // if it's an OAuth mediated call, it's on behalf of a client, so store that OAuth2Authentication o2a = (OAuth2Authentication) auth; rs.setClientId(o2a.getOAuth2Request().getClientId()); rs.setOwner(auth.getName()); // the username is going to be in the auth object } else { // this one shouldn't be called if it's not OAuth m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.addAttribute(JsonErrorView.ERROR_MESSAGE, "This call must be made with an OAuth token"); return JsonErrorView.VIEWNAME; } rs = validateScopes(rs); if (Strings.isNullOrEmpty(rs.getName()) // there was no name (required) || rs.getScopes() == null // there were no scopes (required) ) { logger.warn("Resource set registration missing one or more required fields."); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.addAttribute( JsonErrorView.ERROR_MESSAGE, "Resource request was missing one or more required fields."); return JsonErrorView.VIEWNAME; } ResourceSet saved = resourceSetService.saveNew(rs); m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED); m.addAttribute(JsonEntityView.ENTITY, saved); m.addAttribute( ResourceSetEntityAbbreviatedView.LOCATION, config.getIssuer() + URL + "/" + saved.getId()); return ResourceSetEntityAbbreviatedView.VIEWNAME; }