SECOAUTH-68: use @MVC features in sparklr2

sparklr/src/main/webapp/WEB-INF/spring-servlet.xml

@@ -22,7 +22,7 @@
     <property name="alwaysUseFullPath" value="true"/>
   </bean>
 
-  <bean id="photosController" class="org.springframework.security.oauth.examples.sparklr.mvc.PhotosController">
+  <bean id="sparklrController" class="org.springframework.security.oauth.examples.sparklr.mvc.SparklrController">
     <property name="photoService" ref="photoServices"/>
   </bean>
 

sparklr2/pom.xml

@@ -88,7 +88,7 @@
           </container>
           <configuration>
             <properties>
-              <!--<cargo.jvmargs>-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005</cargo.jvmargs>-->
+              <cargo.jvmargs>-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005</cargo.jvmargs>
             </properties>
             <home>${project.build.directory}/tomcat5x</home>
             <deployables>

sparklr2/src/main/java/org/springframework/security/oauth/examples/sparklr/impl/PhotoServiceImpl.java

@@ -24,6 +24,9 @@ public class PhotoServiceImpl implements PhotoService {
   private List<PhotoInfo> photos;
 
   public Collection<PhotoInfo> getPhotosForCurrentUser() {
+
+	// TODO: why is this necessary?  Spring Security should handle it, and the net result is a 404 when you should be seeing a 403.
+
     Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
     if (authentication.getPrincipal() instanceof UserDetails) {
       UserDetails details = (UserDetails) authentication.getPrincipal();

sparklr2/src/main/java/org/springframework/security/oauth/examples/sparklr/mvc/AccessConfirmationController.java

@@ -1,14 +1,13 @@
 package org.springframework.security.oauth.examples.sparklr.mvc;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
 import org.springframework.security.oauth2.provider.ClientAuthenticationToken;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.verification.ClientAuthenticationCache;
 import org.springframework.security.oauth2.provider.verification.DefaultClientAuthenticationCache;
-import org.springframework.util.Assert;
-import org.springframework.web.servlet.mvc.AbstractController;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.servlet.ModelAndView;
 
 import javax.servlet.http.HttpServletRequest;
@@ -21,18 +20,14 @@
  *
  * @author Ryan Heaton
  */
-public class AccessConfirmationController extends AbstractController {
+@Controller
+public class AccessConfirmationController {
 
   private ClientAuthenticationCache authenticationCache = new DefaultClientAuthenticationCache();
   private ClientDetailsService clientDetailsService;
 
-  @Override
-  protected void initApplicationContext(ApplicationContext context) {
-    super.initApplicationContext(context);
-    Assert.notNull(clientDetailsService, "A client details service must be supplied.");
-  }
-
-  protected ModelAndView handleRequestInternal(HttpServletRequest request, HttpServletResponse response) throws Exception {
+  @RequestMapping("/oauth/confirm_access")
+  public ModelAndView getAccessConfirmation(HttpServletRequest request, HttpServletResponse response) throws Exception {
     ClientAuthenticationToken clientAuth = getAuthenticationCache().getAuthentication(request, response);
     if (clientAuth == null) {
       throw new IllegalStateException("No client authentication request to authorize.");

sparklr2/src/main/java/org/springframework/security/oauth/examples/sparklr/mvc/SparklrController.java

@@ -0,0 +1,105 @@
+package org.springframework.security.oauth.examples.sparklr.mvc;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Collection;
+import java.util.Iterator;
+
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.oauth.examples.sparklr.PhotoInfo;
+import org.springframework.security.oauth.examples.sparklr.PhotoService;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+/**
+ * @author Ryan Heaton
+ * @author Dave Syer
+ */
+@Controller
+public class SparklrController {
+
+	private PhotoService photoService;
+
+	@RequestMapping("/rest/jpg/photo/{photoId}")
+	public ResponseEntity<byte[]> getPhoto(@PathVariable("photoId") String id) throws IOException {
+		InputStream photo = getPhotoService().loadPhoto(id);
+		if (photo == null) {
+			return new ResponseEntity<byte[]>(HttpStatus.NOT_FOUND);
+		} else {
+			ByteArrayOutputStream out = new ByteArrayOutputStream();
+			byte[] buffer = new byte[1024];
+			int len = photo.read(buffer);
+			while (len >= 0) {
+				out.write(buffer, 0, len);
+				len = photo.read(buffer);
+			}
+			HttpHeaders headers = new HttpHeaders();
+			headers.set("Content-Type", "image/jpeg");
+			return new ResponseEntity<byte[]>(out.toByteArray(), headers, HttpStatus.OK);
+		}
+	}
+
+	@RequestMapping("/json/photos")
+	public ResponseEntity<String> getJsonPhotos(@RequestParam(value = "callback", required = false) String callback) {
+		Collection<PhotoInfo> photos = getPhotoService().getPhotosForCurrentUser();
+		StringBuilder out = new StringBuilder();
+		if (callback != null) {
+			out.append(callback).append("( ");
+		}
+		out.append("{ \"photos\" : [ ");
+		Iterator<PhotoInfo> photosIt = photos.iterator();
+		while (photosIt.hasNext()) {
+			PhotoInfo photo = photosIt.next();
+			out.append(String.format("{ \"id\" : \"%s\" , \"name\" : \"%s\" }", photo.getId(), photo.getName()));
+			if (photosIt.hasNext()) {
+				out.append(" , ");
+			}
+		}
+		out.append("] }");
+		if (callback != null) {
+			out.append(" )");
+		}
+
+		HttpHeaders headers = new HttpHeaders();
+		headers.set("Content-Type", "application/json");
+		return new ResponseEntity<String>(out.toString(), headers, HttpStatus.OK);
+	}
+
+	@RequestMapping("/rest/photos")
+	public ResponseEntity<String> getXmlPhotos() {
+		Collection<PhotoInfo> photos = photoService.getPhotosForCurrentUser();
+		StringBuilder out = new StringBuilder();
+		out.append("<photos>");
+		for (PhotoInfo photo : photos) {
+			out.append(String.format("<photo id=\"%s\" name=\"%s\"/>", photo.getId(), photo.getName()));
+		}
+		out.append("</photos>");
+
+		HttpHeaders headers = new HttpHeaders();
+		headers.set("Content-Type", "application/xml");
+		return new ResponseEntity<String>(out.toString(), headers, HttpStatus.OK);
+	}
+
+	@RequestMapping("/trusted/message")
+	@PreAuthorize("oauthClientHasRole('ROLE_TRUSTED_CLIENT')")
+	@ResponseBody
+	public String getTrustedClientMessage() {
+		return "Hello, Trusted Client";
+	}
+
+	public PhotoService getPhotoService() {
+		return photoService;
+	}
+
+	public void setPhotoService(PhotoService photoService) {
+		this.photoService = photoService;
+	}
+
+}