@RequestMapping(
method = RequestMethod.POST,
produces = MimeTypeUtils.APPLICATION_JSON_VALUE,
consumes = MimeTypeUtils.APPLICATION_JSON_VALUE)
public String createResourceSet(@RequestBody String jsonString, Model m, Authentication auth) {
ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);
ResourceSet rs = parseResourceSet(jsonString);
if (rs == null) { // there was no resource set in the body
logger.warn("Resource set registration missing body.");
m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("error_description", "Resource request was missing body.");
return JsonErrorView.VIEWNAME;
}
if (auth instanceof OAuth2Authentication) {
// if it's an OAuth mediated call, it's on behalf of a client, so store that
OAuth2Authentication o2a = (OAuth2Authentication) auth;
rs.setClientId(o2a.getOAuth2Request().getClientId());
rs.setOwner(auth.getName()); // the username is going to be in the auth object
} else {
// this one shouldn't be called if it's not OAuth
m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
m.addAttribute(JsonErrorView.ERROR_MESSAGE, "This call must be made with an OAuth token");
return JsonErrorView.VIEWNAME;
}
rs = validateScopes(rs);
if (Strings.isNullOrEmpty(rs.getName()) // there was no name (required)
|| rs.getScopes() == null // there were no scopes (required)
) {
logger.warn("Resource set registration missing one or more required fields.");
m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
m.addAttribute(
JsonErrorView.ERROR_MESSAGE, "Resource request was missing one or more required fields.");
return JsonErrorView.VIEWNAME;
}
ResourceSet saved = resourceSetService.saveNew(rs);
m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED);
m.addAttribute(JsonEntityView.ENTITY, saved);
m.addAttribute(
ResourceSetEntityAbbreviatedView.LOCATION, config.getIssuer() + URL + "/" + saved.getId());
return ResourceSetEntityAbbreviatedView.VIEWNAME;
}
