1 package org.springframework.security.oauth.examples.sparklr.mvc;
2
3 import java.io.ByteArrayOutputStream;
4 import java.io.IOException;
5 import java.io.InputStream;
6 import java.security.Principal;
7 import java.util.Collection;
8 import java.util.Iterator;
9
10 import org.springframework.http.HttpHeaders;
11 import org.springframework.http.HttpStatus;
12 import org.springframework.http.ResponseEntity;
13 import org.springframework.security.access.prepost.PreAuthorize;
14 import org.springframework.security.oauth.examples.sparklr.PhotoInfo;
15 import org.springframework.security.oauth.examples.sparklr.PhotoService;
16 import org.springframework.stereotype.Controller;
17 import org.springframework.web.bind.annotation.PathVariable;
18 import org.springframework.web.bind.annotation.RequestMapping;
19 import org.springframework.web.bind.annotation.RequestParam;
20 import org.springframework.web.bind.annotation.ResponseBody;
21
22
23
24
25
26 @Controller
27 public class PhotoController {
28
29 private PhotoService photoService;
30
31 @RequestMapping("/photos/{photoId}")
32 public ResponseEntity<byte[]> getPhoto(@PathVariable("photoId") String id) throws IOException {
33 InputStream photo = getPhotoService().loadPhoto(id);
34 if (photo == null) {
35 return new ResponseEntity<byte[]>(HttpStatus.NOT_FOUND);
36 }
37 else {
38 ByteArrayOutputStream out = new ByteArrayOutputStream();
39 byte[] buffer = new byte[1024];
40 int len = photo.read(buffer);
41 while (len >= 0) {
42 out.write(buffer, 0, len);
43 len = photo.read(buffer);
44 }
45 HttpHeaders headers = new HttpHeaders();
46 headers.set("Content-Type", "image/jpeg");
47 return new ResponseEntity<byte[]>(out.toByteArray(), headers, HttpStatus.OK);
48 }
49 }
50
51 @RequestMapping(value = "/photos", params = "format=json")
52 public ResponseEntity<String> getJsonPhotos(@RequestParam(value = "callback", required = false) String callback,
53 Principal principal) {
54 Collection<PhotoInfo> photos = getPhotoService().getPhotosForCurrentUser(principal.getName());
55 StringBuilder out = new StringBuilder();
56 if (callback != null) {
57 out.append(callback).append("( ");
58 }
59 out.append("{ \"photos\" : [ ");
60 Iterator<PhotoInfo> photosIt = photos.iterator();
61 while (photosIt.hasNext()) {
62 PhotoInfo photo = photosIt.next();
63 out.append(String.format("{ \"id\" : \"%s\" , \"name\" : \"%s\" }", photo.getId(), photo.getName()));
64 if (photosIt.hasNext()) {
65 out.append(" , ");
66 }
67 }
68 out.append("] }");
69 if (callback != null) {
70 out.append(" )");
71 }
72
73 HttpHeaders headers = new HttpHeaders();
74 headers.set("Content-Type", "application/javascript");
75 return new ResponseEntity<String>(out.toString(), headers, HttpStatus.OK);
76 }
77
78 @RequestMapping(value = "/photos", params = "format=xml")
79 public ResponseEntity<String> getXmlPhotos(Principal principal) {
80 Collection<PhotoInfo> photos = photoService.getPhotosForCurrentUser(principal.getName());
81 StringBuilder out = new StringBuilder();
82 out.append("<photos>");
83 for (PhotoInfo photo : photos) {
84 out.append(String.format("<photo id=\"%s\" name=\"%s\"/>", photo.getId(), photo.getName()));
85 }
86 out.append("</photos>");
87
88 HttpHeaders headers = new HttpHeaders();
89 headers.set("Content-Type", "application/xml");
90 return new ResponseEntity<String>(out.toString(), headers, HttpStatus.OK);
91 }
92
93 @RequestMapping("/photos/trusted/message")
94 @PreAuthorize("#oauth2.clientHasRole('ROLE_CLIENT')")
95 @ResponseBody
96 public String getTrustedClientMessage() {
97 return "Hello, Trusted Client";
98 }
99
100 @RequestMapping("/photos/user/message")
101 @ResponseBody
102 public String getTrustedUserMessage(Principal principal) {
103 return "Hello, Trusted User" + (principal != null ? " " + principal.getName() : "");
104 }
105
106 public PhotoService getPhotoService() {
107 return photoService;
108 }
109
110 public void setPhotoService(PhotoService photoService) {
111 this.photoService = photoService;
112 }
113
114 }