[GEOS-8204] Move users/roles REST from geofence-server to rest-config (…

…#2439)

doc/en/user/source/community/geofence-server/index.rst

@@ -15,6 +15,5 @@ The integrated geofence server can be configured using its WebGUI page or REST c
    gui
    rest
    rest-adminrule
-   rest-userrole
    tutorial
    migration

doc/en/user/source/community/geofence-server/tutorial.rst

@@ -10,9 +10,9 @@ The tutorial assumes:
 
 * GeoServer is running on http://localhost:8080/geoserver
 
-* You have a user/group service called "default" that allows the creation of new users. If your primary user/group service is not called "default", create a new text file called :file:`/geofence/geofence-server.properties` in the geoserver data directory and add the following line::
+* You have a user/group service called "default" that allows the creation of new users. If your primary user/group service is not called "default", you must start geoserver with the following java system property present::
 
-        defaultUserGroupServiceName=<name_of_usergroupservice>
+        org.geoserver.rest.DefaultUserGroupServiceName=<name_of_usergroupservice>
 
 with <name_of_usergroupservice> a user/group service that allows the creation of new users.
 
@@ -77,7 +77,7 @@ You should get an XML representation of your rules::
   </Rules>
 
 2. Let us first create a new user. 
-Do this by sending a POST request to the following URL http://localhost:8080/geoserver/geofence/rest/usergroup/users with the following content::
+Do this by sending a POST request to the following URL http://localhost:8080/geoserver/rest/security/usergroup/users with the following content::
 
   <user>
         <userName>michaeljfox</userName>

doc/en/user/source/rest/api/index.rst

@@ -28,5 +28,6 @@ This section describes the GeoServer REST configuration API.
    masterpassword
    selfadmin
    accesscontrol
+   userrole
    resources
 

doc/en/user/source/community/geofence-server/rest-userrole.rst → doc/en/user/source/rest/api/userrole.rst

@@ -1,7 +1,7 @@
 .. _rest_api_user_roles:
 
-Users/Groups and Roles Rest API
-===============================
+Users/Groups and Roles
+======================
 
 Security
 --------
@@ -72,10 +72,9 @@ Configuration
 The default user/group service is by default the service named "default". This can be 
 altered in the following manner: 
 
-    #. Edit or create the file '/geofence/geofence-server.properties' in the geoserver data directory.
-    #. Modify or add the following line::
+    #. Start geoserver with the following java system property present::
 
-        defaultUserGroupServiceName= ..
+          org.geoserver.rest.DefaultUserGroupServiceName=<name_of_usergroupservice>
 
 Requests
 --------

src/community/geofence-server/src/main/resources/applicationContext.xml

@@ -133,28 +133,40 @@
         <constructor-arg index="0" ref="adminRuleAdminService"/>
     </bean>
 
-    <bean id="usersRestController" class="org.geoserver.geofence.rest.UsersRestController">
-        <constructor-arg index="0" ref="geoServerSecurityManager"/>
-    </bean>
-
-    <bean id="rolesRestController" class="org.geoserver.geofence.rest.RolesRestController">
-        <constructor-arg index="0" ref="geoServerSecurityManager"/>
-    </bean>
-
     <bean id="geofenceRestURLMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
         <property name="alwaysUseFullPath" value="true"/>
         <property name="mappings">
             <props>
                 <prop key="/geofence/rest/rules**">rulesRestController</prop>
-                <prop key="/geofence/rest/usergroup**">usersRestController</prop>
-                <prop key="/geofence/rest/roles**">rolesRestController</prop>
             </props>
         </property>
     </bean>
 
     <mvc:interceptors>
        <bean class="org.geoserver.geofence.rest.GeofenceSecurityInterceptor"/>
     </mvc:interceptors>
+
+    <bean id="geofenceViewResolver" class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver">
+        <property name="order" value="1" />
+        <property name="defaultViews">
+            <list>
+                <!-- XML view using a JAXB marshaller -->
+                <bean id="jaxbView" class="org.springframework.web.servlet.view.xml.MarshallingView">
+                    <constructor-arg>
+                        <bean id="jaxb2Marshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
+                            <property name="classesToBeBound">
+                                <list>
+                                    <value>org.geoserver.geofence.rest.xml.JaxbRule</value>
+                                    <value>org.geoserver.geofence.rest.xml.JaxbRuleList</value>
+                                </list>
+                            </property>
+                        </bean>
+                    </constructor-arg>
+                </bean>
+                <bean class="org.springframework.web.servlet.view.json.MappingJackson2JsonView" />
+            </list>
+        </property>
+    </bean>
 
     <!-- Resolve views based on string names -->
     <bean class="org.springframework.web.servlet.view.BeanNameViewResolver"/>

src/community/geofence-server/src/main/java/org/geoserver/geofence/rest/RolesRestController.java → src/restconfig/src/main/java/org/geoserver/rest/security/RolesRestController.java

@@ -2,110 +2,105 @@
  * This code is licensed under the GPL 2.0 license, available at the root
  * application directory.
  */
-package org.geoserver.geofence.rest;
+package org.geoserver.rest.security;
 
-import java.io.IOException;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.geoserver.geofence.rest.xml.JaxbRoleList;
+import org.geoserver.rest.RestBaseController;
+import org.geoserver.rest.security.xml.JaxbRoleList;
 import org.geoserver.security.GeoServerRoleService;
 import org.geoserver.security.GeoServerRoleStore;
 import org.geoserver.security.GeoServerSecurityManager;
 import org.geoserver.security.impl.GeoServerRole;
 import org.springframework.http.HttpStatus;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ExceptionHandler;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.bind.annotation.ResponseStatus;
-
-@Controller
+import org.springframework.http.MediaType;
+import org.springframework.web.bind.annotation.*;
+
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@RestController(value = "rolesRestController")
+@RequestMapping(path = RestBaseController.ROOT_PATH + "/security/roles")
 public class RolesRestController {
 
     protected GeoServerSecurityManager securityManager;
 
     public RolesRestController(GeoServerSecurityManager securityManager) {
         this.securityManager = securityManager;
     }
-    
+
     @ExceptionHandler(IllegalArgumentException.class)
-    public void somethingNotFound(IllegalArgumentException exception, HttpServletRequest request, HttpServletResponse response) throws IOException {
+    public void somethingNotFound(IllegalArgumentException exception, HttpServletResponse response) throws IOException {
     	response.sendError(404, exception.getMessage());
     }
 
-    @RequestMapping(value = "/rest/roles", method = RequestMethod.GET, produces = {"application/xml", "application/json"})
-    public @ResponseBody JaxbRoleList get() throws IOException {
+    @GetMapping(value = "", produces = {MediaType.APPLICATION_XML_VALUE, MediaType.APPLICATION_JSON_VALUE})
+    public JaxbRoleList get() throws IOException {
         return get(securityManager.getActiveRoleService());
     }
 
-    @RequestMapping(value = "/rest/roles/user/{user}", method = RequestMethod.GET, produces = {"application/xml", "application/json"})
-    protected @ResponseBody JaxbRoleList getUser(@PathVariable("user") String userName)
+    @GetMapping(value = "/user/{user}", produces = {MediaType.APPLICATION_XML_VALUE, MediaType.APPLICATION_JSON_VALUE})
+    protected JaxbRoleList getUser(@PathVariable("user") String userName)
             throws IOException {
         return getUser(securityManager.getActiveRoleService(), userName);
     }
 
-    @RequestMapping(value = "/rest/roles/role/{role}", method = RequestMethod.POST, produces = {"application/xml", "application/json"})
+    @PostMapping(value = "/role/{role}", produces = {MediaType.APPLICATION_XML_VALUE, MediaType.APPLICATION_JSON_VALUE})
     public @ResponseStatus(HttpStatus.CREATED) void insert(@PathVariable("role") String roleName)
             throws IOException {
         insert(securityManager.getActiveRoleService(), roleName);
     }
 
-    @RequestMapping(value = "/rest/roles/role/{role}", method = RequestMethod.DELETE, produces = {"application/xml", "application/json"})
+    @DeleteMapping(value = "/role/{role}", produces = {MediaType.APPLICATION_XML_VALUE, MediaType.APPLICATION_JSON_VALUE})
     public @ResponseStatus(HttpStatus.OK) void delete(@PathVariable("role") String roleName)
             throws IOException {
         delete(securityManager.getActiveRoleService(), roleName);
     }
 
-    @RequestMapping(value = "/rest/roles/role/{role}/user/{user}", method = RequestMethod.POST)
+    @PostMapping(value = "/role/{role}/user/{user}")
     public @ResponseStatus(HttpStatus.OK) void associate(@PathVariable("role") String roleName,
             @PathVariable("user") String userName) throws IOException {
         associate(securityManager.getActiveRoleService(), roleName, userName);
     }
 
-    @RequestMapping(value = "/rest/roles/role/{role}/user/{user}", method = RequestMethod.DELETE)
+    @DeleteMapping(value = "/role/{role}/user/{user}")
     public @ResponseStatus(HttpStatus.OK) void disassociate(@PathVariable("role") String roleName,
             @PathVariable("user") String userName) throws IOException {
         disassociate(securityManager.getActiveRoleService(), roleName, userName);
     }
 
-    @RequestMapping(value = "/rest/roles/service/{serviceName}", method = RequestMethod.GET, produces = {"application/xml", "application/json"})
-    protected @ResponseBody JaxbRoleList get(@PathVariable("serviceName") String serviceName)
+    @GetMapping(value = "/service/{serviceName}", produces = {MediaType.APPLICATION_XML_VALUE, MediaType.APPLICATION_JSON_VALUE})
+    protected JaxbRoleList get(@PathVariable("serviceName") String serviceName)
             throws IOException {
         return get(getService(serviceName));
     }
 
-    @RequestMapping(value = "/rest/roles/service/{serviceName}/user/{user}", method = RequestMethod.GET, produces = {"application/xml", "application/json"})
-    protected @ResponseBody JaxbRoleList getUser(@PathVariable("serviceName") String serviceName,
+    @GetMapping(value = "/service/{serviceName}/user/{user}", produces = {MediaType.APPLICATION_XML_VALUE, MediaType.APPLICATION_JSON_VALUE})
+    protected JaxbRoleList getUser(@PathVariable("serviceName") String serviceName,
             @PathVariable("user") String userName) throws IOException {
         return getUser(getService(serviceName), userName);
     }
 
-    @RequestMapping(value = "/rest/roles/service/{serviceName}/role/{role}", method = RequestMethod.POST)
+    @PostMapping(value = "/service/{serviceName}/role/{role}")
     public @ResponseStatus(HttpStatus.CREATED) void insert(
             @PathVariable("serviceName") String serviceName, @PathVariable("role") String roleName)
             throws IOException {
         insert(getService(serviceName), roleName);
     }
 
-    @RequestMapping(value = "/rest/roles/service/{serviceName}/role/{role}", method = RequestMethod.DELETE)
+    @DeleteMapping(value = "/service/{serviceName}/role/{role}")
     public @ResponseStatus(HttpStatus.OK) void delete(
             @PathVariable("serviceName") String serviceName, @PathVariable("role") String roleName)
             throws IOException {
         delete(getService(serviceName), roleName);
     }
 
-    @RequestMapping(value = "/rest/roles/service/{serviceName}/role/{role}/user/{user}", method = RequestMethod.POST)
+    @PostMapping(value = "/service/{serviceName}/role/{role}/user/{user}")
     public @ResponseStatus(HttpStatus.OK) void associate(
             @PathVariable("serviceName") String serviceName, @PathVariable("role") String roleName,
             @PathVariable("user") String userName) throws IOException {
         associate(getService(serviceName), roleName, userName);
     }
 
-    @RequestMapping(value = "/rest/roles/service/{serviceName}/role/{role}/user/{user}", method = RequestMethod.DELETE)
+    @DeleteMapping(value = "/service/{serviceName}/role/{role}/user/{user}")
     public @ResponseStatus(HttpStatus.OK) void disassociate(
             @PathVariable("serviceName") String serviceName, @PathVariable("role") String roleName,
             @PathVariable("user") String userName) throws IOException {
@@ -114,11 +109,11 @@ public void somethingNotFound(IllegalArgumentException exception, HttpServletReq
 
     protected JaxbRoleList getUser(GeoServerRoleService roleService, String userName)
             throws IOException {
-        return new JaxbRoleList(roleService.getRolesForUser(userName));
+        return JaxbRoleList.fromGS(roleService.getRolesForUser(userName));
     }
 
     protected JaxbRoleList get(GeoServerRoleService roleService) throws IOException {
-        return new JaxbRoleList(roleService.getRoles());
+        return JaxbRoleList.fromGS(roleService.getRoles());
     }
 
     protected void insert(GeoServerRoleService roleService, String roleName) throws IOException {