added blacklist API

openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java

@@ -0,0 +1,64 @@
+/**
+ * 
+ */
+package org.mitre.openid.connect.model;
+
+import javax.persistence.Basic;
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
+import javax.persistence.Table;
+
+/**
+ * @author jricher
+ *
+ */
+@Entity
+@Table(name="blacklisted_site")
+@NamedQueries({
+	@NamedQuery(name = "BlacklistedSite.getAll", query = "select b from BlacklistedSite b"),
+})
+public class BlacklistedSite {
+
+    // unique id
+    private Long id;
+    
+    // URI pattern to black list
+    private String uri;
+    
+    public BlacklistedSite() {
+    	
+    }
+    
+	/**
+     * @return the id
+     */
+	@Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    public Long getId() {
+    	return id;
+    }
+
+	/**
+     * @param id the id to set
+     */
+    public void setId(Long id) {
+    	this.id = id;
+    }
+
+    @Basic
+    @Column(name="uri")
+    public String getUri() {
+    	return uri;
+    }
+
+    public void setUri(String uri) {
+    	this.uri = uri;
+    }
+
+    
+}

openid-connect-common/src/main/java/org/mitre/openid/connect/repository/BlacklistedSiteRepository.java

@@ -0,0 +1,26 @@
+/**
+ * 
+ */
+package org.mitre.openid.connect.repository;
+
+import java.util.Collection;
+
+import org.mitre.openid.connect.model.BlacklistedSite;
+
+/**
+ * @author jricher
+ *
+ */
+public interface BlacklistedSiteRepository {
+
+	public Collection<BlacklistedSite> getAll();
+	
+	public BlacklistedSite getById(Long id);
+	
+	public void remove(BlacklistedSite blacklistedSite);
+	
+	public BlacklistedSite save(BlacklistedSite blacklistedSite);
+	
+	public BlacklistedSite update(BlacklistedSite oldBlacklistedSite, BlacklistedSite blacklistedSite);
+	
+}

openid-connect-common/src/main/java/org/mitre/openid/connect/service/BlacklistedSiteService.java

@@ -0,0 +1,28 @@
+/**
+ * 
+ */
+package org.mitre.openid.connect.service;
+
+import java.util.Collection;
+
+import org.mitre.openid.connect.model.BlacklistedSite;
+
+/**
+ * @author jricher
+ *
+ */
+public interface BlacklistedSiteService {
+
+	public Collection<BlacklistedSite> getAll();
+	
+	public BlacklistedSite getById(Long id);
+	
+	public void remove(BlacklistedSite blacklistedSite);
+	
+	public BlacklistedSite saveNew(BlacklistedSite blacklistedSite);
+	
+	public BlacklistedSite update(BlacklistedSite oldBlacklistedSite, BlacklistedSite blacklistedSite);
+
+	public boolean isBlacklisted(String uri);
+	
+}

openid-connect-server/db/tables/database_tables.sql

@@ -56,6 +56,11 @@ CREATE TABLE authorized_grant_type (
 	authorized_grant_type VARCHAR(2000)
 );
 
+CREATE TABLE blacklisted_site (
+	id BIGINT AUTO_INCREMENT PRIMARY KEY,
+	uri VARCHAR(2048)
+);
+
 CREATE TABLE client_details (
 	id BIGINT AUTO_INCREMENT PRIMARY KEY,
 	client_description VARCHAR(256),

openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java

@@ -0,0 +1,85 @@
+/**
+ * 
+ */
+package org.mitre.openid.connect.repository.impl;
+
+import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
+
+import java.util.Collection;
+
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+import javax.persistence.TypedQuery;
+
+import org.mitre.openid.connect.model.BlacklistedSite;
+import org.mitre.openid.connect.repository.BlacklistedSiteRepository;
+import org.springframework.stereotype.Repository;
+import org.springframework.transaction.annotation.Transactional;
+
+/**
+ * @author jricher
+ *
+ */
+@Repository
+public class JpaBlacklistedSiteRepository implements BlacklistedSiteRepository {
+
+	@PersistenceContext
+	private EntityManager manager;
+	
+	/* (non-Javadoc)
+	 * @see org.mitre.openid.connect.repository.BlacklistedSiteRepository#getAll()
+	 */
+	@Override
+	@Transactional
+	public Collection<BlacklistedSite> getAll() {
+		TypedQuery<BlacklistedSite> query = manager.createNamedQuery("BlacklistedSite.getAll", BlacklistedSite.class);
+		return query.getResultList();
+	}
+
+	/* (non-Javadoc)
+	 * @see org.mitre.openid.connect.repository.BlacklistedSiteRepository#getById(java.lang.Long)
+	 */
+	@Override
+	@Transactional
+	public BlacklistedSite getById(Long id) {
+		return manager.find(BlacklistedSite.class, id);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.mitre.openid.connect.repository.BlacklistedSiteRepository#remove(org.mitre.openid.connect.model.BlacklistedSite)
+	 */
+	@Override
+	@Transactional
+	public void remove(BlacklistedSite blacklistedSite) {
+		BlacklistedSite found = manager.find(BlacklistedSite.class, blacklistedSite.getId());
+		
+		if (found != null) {
+			manager.remove(found);
+		} else {
+			throw new IllegalArgumentException();
+		}
+
+	}
+
+	/* (non-Javadoc)
+	 * @see org.mitre.openid.connect.repository.BlacklistedSiteRepository#save(org.mitre.openid.connect.model.BlacklistedSite)
+	 */
+	@Override
+	@Transactional
+	public BlacklistedSite save(BlacklistedSite blacklistedSite) {
+		return saveOrUpdate(blacklistedSite.getId(), manager, blacklistedSite);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.mitre.openid.connect.repository.BlacklistedSiteRepository#update(org.mitre.openid.connect.model.BlacklistedSite, org.mitre.openid.connect.model.BlacklistedSite)
+	 */
+	@Override
+	@Transactional
+	public BlacklistedSite update(BlacklistedSite oldBlacklistedSite, BlacklistedSite blacklistedSite) {
+
+		blacklistedSite.setId(oldBlacklistedSite.getId());
+		return saveOrUpdate(oldBlacklistedSite.getId(), manager, blacklistedSite);
+		
+	}
+
+}

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultBlacklistedSiteService.java

@@ -0,0 +1,91 @@
+/**
+ * 
+ */
+package org.mitre.openid.connect.service.impl;
+
+import java.util.Collection;
+
+import org.mitre.openid.connect.model.BlacklistedSite;
+import org.mitre.openid.connect.repository.BlacklistedSiteRepository;
+import org.mitre.openid.connect.service.BlacklistedSiteService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.google.common.base.Strings;
+
+/**
+ * @author jricher
+ *
+ */
+@Service
+@Transactional
+public class DefaultBlacklistedSiteService implements BlacklistedSiteService {
+
+	@Autowired
+	private BlacklistedSiteRepository repository;
+	
+	/* (non-Javadoc)
+	 * @see org.mitre.openid.connect.service.BlacklistedSiteService#getAll()
+	 */
+	@Override
+	public Collection<BlacklistedSite> getAll() {
+		return repository.getAll();
+	}
+
+	/* (non-Javadoc)
+	 * @see org.mitre.openid.connect.service.BlacklistedSiteService#getById(java.lang.Long)
+	 */
+	@Override
+	public BlacklistedSite getById(Long id) {
+		return repository.getById(id);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.mitre.openid.connect.service.BlacklistedSiteService#remove(org.mitre.openid.connect.model.BlacklistedSite)
+	 */
+	@Override
+	public void remove(BlacklistedSite blacklistedSite) {
+		repository.remove(blacklistedSite);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.mitre.openid.connect.service.BlacklistedSiteService#saveNew(org.mitre.openid.connect.model.BlacklistedSite)
+	 */
+	@Override
+	public BlacklistedSite saveNew(BlacklistedSite blacklistedSite) {
+		return repository.save(blacklistedSite);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.mitre.openid.connect.service.BlacklistedSiteService#update(org.mitre.openid.connect.model.BlacklistedSite, org.mitre.openid.connect.model.BlacklistedSite)
+	 */
+	@Override
+	public BlacklistedSite update(BlacklistedSite oldBlacklistedSite, BlacklistedSite blacklistedSite) {
+		return repository.update(oldBlacklistedSite, blacklistedSite);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.mitre.openid.connect.service.BlacklistedSiteService#isBlacklisted(java.lang.String)
+	 */
+	@Override
+	public boolean isBlacklisted(String uri) {
+		
+		if (Strings.isNullOrEmpty(uri)) {
+			return false; // can't be blacklisted if you don't exist
+		}
+		
+		Collection<BlacklistedSite> sites = getAll();
+
+		// TODO: rewrite this to do regex matching and use the Guava predicates collection
+		
+		for (BlacklistedSite blacklistedSite : sites) {
+	        if (Strings.nullToEmpty(blacklistedSite.getUri()).equals(uri)) {
+	        	return true;
+	        }
+	    }
+		
+		return false;
+	}
+
+}

openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java

@@ -0,0 +1,137 @@
+/**
+ * 
+ */
+package org.mitre.openid.connect.web;
+
+import java.security.Principal;
+import java.util.Collection;
+
+import org.mitre.openid.connect.model.BlacklistedSite;
+import org.mitre.openid.connect.service.BlacklistedSiteService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import com.google.gson.Gson;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+
+/**
+ * @author jricher
+ *
+ */
+@Controller
+@RequestMapping("/api/blacklist")
+@PreAuthorize("hasRole('ROLE_ADMIN')")
+public class BlacklistAPI {
+
+
+	@Autowired
+	private BlacklistedSiteService blacklistService;
+	
+	private Gson gson = new Gson();
+	private JsonParser parser = new JsonParser();
+	
+	/**
+	 * Get a list of all blacklisted sites
+	 * @param m
+	 * @return
+	 */
+	@RequestMapping(method = RequestMethod.GET, headers = "Accept=application/json")
+	public String getAllBlacklistedSites(ModelMap m) {
+		
+		Collection<BlacklistedSite> all = blacklistService.getAll();
+		
+		m.put("entity", all);
+		
+		return "jsonEntityView";
+	}
+	
+	/**
+	 * Create a new blacklisted site
+	 * @param jsonString
+	 * @param m
+	 * @param p
+	 * @return
+	 */
+	@RequestMapping(method = RequestMethod.POST, headers = "Accept=application/json")
+	public String addNewBlacklistedSite(@RequestBody String jsonString, ModelMap m, Principal p) {
+		
+		JsonObject json = parser.parse(jsonString).getAsJsonObject();
+		
+		BlacklistedSite blacklist = gson.fromJson(json, BlacklistedSite.class);
+
+		BlacklistedSite newBlacklist = blacklistService.saveNew(blacklist);
+		
+		m.put("entity", newBlacklist);
+		
+		return "jsonEntityView";
+		
+	}
+	
+	/**
+	 * Update an existing blacklisted site
+	 */
+	@RequestMapping(value="/{id}", method = RequestMethod.PUT, headers = "Accept=application/json")
+	public String updateBlacklistedSite(@PathVariable("id") Long id, @RequestBody String jsonString, ModelMap m, Principal p) {
+		
+		JsonObject json = parser.parse(jsonString).getAsJsonObject();
+		
+		BlacklistedSite blacklist = gson.fromJson(json, BlacklistedSite.class);
+		
+		BlacklistedSite oldBlacklist = blacklistService.getById(id);
+		
+		if (oldBlacklist == null) {
+			m.put("code", HttpStatus.NOT_FOUND);
+			return "httpCodeView";
+		} else {
+			
+			BlacklistedSite newBlacklist = blacklistService.update(oldBlacklist, blacklist);
+			
+			m.put("entity", newBlacklist);
+			
+			return "jsonEntityView";
+		}
+	}
+	
+	/**
+	 * Delete a blacklisted site
+	 * 
+	 */
+	@RequestMapping(value="/{id}", method = RequestMethod.DELETE, headers = "Accept=application/json")
+	public String deleteBlacklistedSite(@PathVariable("id") Long id, ModelMap m) {
+		BlacklistedSite blacklist = blacklistService.getById(id);
+		
+		if (blacklist == null) {
+			m.put("code", HttpStatus.NOT_FOUND);
+		} else {
+			blacklistService.remove(blacklist);
+		}		
+		
+		return "httpCodeView";
+	}
+	
+	/**
+	 * Get a single blacklisted site
+	 */
+	@RequestMapping(value="/{id}", method = RequestMethod.GET, headers = "Accept=application/json")
+	public String getBlacklistedSite(@PathVariable("id") Long id, ModelMap m) {
+		BlacklistedSite blacklist = blacklistService.getById(id);
+		if (blacklist == null) {
+			m.put("code", HttpStatus.NOT_FOUND);
+			return "httpCodeView";
+		} else {
+		
+			m.put("entity", blacklist);
+			
+			return "jsonEntityView";
+		}
+		
+	}
+}

openid-connect-server/src/main/resources/META-INF/persistence.xml

@@ -18,6 +18,7 @@
         <class>org.mitre.openid.connect.model.DefaultUserInfo</class>
 <!--         <class>org.mitre.openid.connect.model.UserInfo</class> -->
         <class>org.mitre.openid.connect.model.WhitelistedSite</class>
+        <class>org.mitre.openid.connect.model.BlacklistedSite</class>
         <shared-cache-mode>NONE</shared-cache-mode>
     </persistence-unit>
 </persistence>

openid-connect-server/src/main/webapp/resources/template/admin.html

@@ -420,3 +420,26 @@
 
 </script>
 
+<!-- blacklist -->
+<script type="text/html" id="tmpl-blacklist-form">
+
+    <form class="form-horizontal">
+        <fieldset>
+            <div class="well">
+                <button class="btn btn-small btn-primary">Save</button>&nbsp;<button class="btn btn-small btn-cancel">Cancel</button>
+            </div>
+
+            <div class="control-group" id="blacklist">
+                <label class="control-label">Blacklisted URIs</label>
+                <div class="controls">
+                </div>
+            </div>
+
+            <div class="well">
+                <button class="btn btn-small btn-primary">Save</button>&nbsp;<button class="btn btn-small btn-cancel">Cancel</button>
+            </div>
+
+        </fieldset>
+    </form>
+
+</script>