Ticket #362: Moved all HTTP Exception handling into AOP magic.

guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/AuthProviderRESTExceptionWrapper.java

@@ -0,0 +1,55 @@
+package org.glyptodon.guacamole.net.basic.rest;
+
+import javax.ws.rs.core.Response;
+import org.aopalliance.intercept.MethodInterceptor;
+import org.aopalliance.intercept.MethodInvocation;
+import org.glyptodon.guacamole.GuacamoleClientException;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.GuacamoleSecurityException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/*
+ *  Guacamole - Clientless Remote Desktop
+ *  Copyright (C) 2010  Michael Jumper
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * A method interceptor to wrap some custom exception handling around methods
+ * that expose AuthenticationProvider functionality through the REST interface.
+ * Translates various types of GuacamoleExceptions into appropriate HTTP responses.
+ * 
+ * @author James Muehlner
+ */
+public class AuthProviderRESTExceptionWrapper implements MethodInterceptor {
+
+    @Override
+    public Object invoke(MethodInvocation invocation) throws Throwable {
+        // Get the logger for the intercepted class
+        Logger logger = LoggerFactory.getLogger(invocation.getMethod().getDeclaringClass());
+        
+        try {
+            return invocation.proceed();
+        } catch(GuacamoleSecurityException e) {
+            throw new HTTPException(Response.Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
+        } catch(GuacamoleClientException e) {
+            throw new HTTPException(Response.Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
+        } catch(GuacamoleException e) {
+            logger.error("Unexpected GuacamoleException caught while executing " + invocation.getMethod().getName() + ".", e);
+            throw new HTTPException(Response.Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
+        }
+    }
+}

guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/AuthProviderRESTExposure.java

@@ -0,0 +1,34 @@
+package org.glyptodon.guacamole.net.basic.rest;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/*
+ *  Guacamole - Clientless Remote Desktop
+ *  Copyright (C) 2010  Michael Jumper
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * Marks that a method exposes functionality from the Guacamole AuthenticationProvider
+ * using a REST interface.
+ * 
+ * @author James Muehlner
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.METHOD})
+public @interface AuthProviderRESTExposure {}

guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/RESTModule.java

@@ -19,6 +19,7 @@ package org.glyptodon.guacamole.net.basic.rest;
  */
 
 import com.google.inject.AbstractModule;
+import com.google.inject.matcher.Matchers;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.AuthenticationProvider;
 import org.glyptodon.guacamole.net.basic.properties.BasicGuacamoleProperties;
@@ -74,6 +75,8 @@ public class RESTModule extends AbstractModule {
         bind(AuthenticationService.class);
         
         bind(AuthTokenGenerator.class).to(SecureRandomAuthTokenGenerator.class);
+        
+        bindInterceptor(Matchers.any(), Matchers.annotatedWith(AuthProviderRESTExposure.class), new AuthProviderRESTExceptionWrapper());
     }
     
 }

guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/auth/LoginRESTService.java

@@ -11,6 +11,7 @@ import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.AuthenticationProvider;
 import org.glyptodon.guacamole.net.auth.Credentials;
 import org.glyptodon.guacamole.net.auth.UserContext;
+import org.glyptodon.guacamole.net.basic.rest.AuthProviderRESTExposure;
 import org.glyptodon.guacamole.net.basic.rest.HTTPException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -78,6 +79,7 @@ public class LoginRESTService {
      * @return The auth token for the newly logged-in user.
      */
     @POST
+    @AuthProviderRESTExposure
     public APIAuthToken login(@QueryParam("username") String username,
             @QueryParam("password") String password) {
         

guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/connection/ConnectionRESTService.java

@@ -39,6 +39,7 @@ import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.Directory;
 import org.glyptodon.guacamole.net.auth.UserContext;
+import org.glyptodon.guacamole.net.basic.rest.AuthProviderRESTExposure;
 import org.glyptodon.guacamole.net.basic.rest.HTTPException;
 import org.glyptodon.guacamole.net.basic.rest.auth.AuthenticationService;
 import org.slf4j.Logger;
@@ -80,12 +81,14 @@ public class ConnectionRESTService {
      * @param parentID The ID of the ConnectionGroup the connections
      *                 belong to. If null, the root connection group will be used.
      * @return The connection list.
+     * @throws GuacamoleException If a problem is encountered while listing connections.
      */
     @GET
-    public List<APIConnection> getConnections(@QueryParam("token") String authToken, @QueryParam("parentID") String parentID) {
+    @AuthProviderRESTExposure
+    public List<APIConnection> getConnections(@QueryParam("token") String authToken, @QueryParam("parentID") String parentID) 
+            throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
         
-        try {
         // If the parent connection group is passed in, try to find it.
         ConnectionGroup parentConnectionGroup;
         if(parentID == null)
@@ -104,14 +107,6 @@ public class ConnectionRESTService {
 
         // Return the converted connection directory
         return connectionService.convertConnectionList(connectionDirectory);
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught while listing connections.", e);
-            throw new HTTPException(Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
     
     /**
@@ -121,14 +116,15 @@ public class ConnectionRESTService {
      *                  the user performing the operation.
      * @param connectionID The ID of the Connection..
      * @return The connection.
+     * @throws GuacamoleException If a problem is encountered while retrieving the connection.
      */
     @GET
     @Path("/{connectionID}")
+    @AuthProviderRESTExposure
     public APIConnection getConnection(@QueryParam("token") String authToken, 
-            @PathParam("connectionID") String connectionID) {
+            @PathParam("connectionID") String connectionID) throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
         
-        try {
         // Get the connection directory
         ConnectionGroup rootGroup = userContext.getRootConnectionGroup();
         Directory<String, Connection> connectionDirectory =
@@ -141,14 +137,6 @@ public class ConnectionRESTService {
             throw new HTTPException(Status.NOT_FOUND, "No Connection found with the provided ID.");
 
         return new APIConnection(connection);
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught while getting connection.", e);
-            throw new HTTPException(Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
     
     /**
@@ -157,13 +145,15 @@ public class ConnectionRESTService {
      * @param authToken The authentication token that is used to authenticate
      *                  the user performing the operation.
      * @param connectionID The ID of the Connection to delete.
+     * @throws GuacamoleException If a problem is encountered while deleting the connection.
      */
     @DELETE
     @Path("/{connectionID}")
-    public void deleteConnection(@QueryParam("token") String authToken, @PathParam("connectionID") String connectionID) {
+    @AuthProviderRESTExposure
+    public void deleteConnection(@QueryParam("token") String authToken, @PathParam("connectionID") String connectionID) 
+            throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
 
-        try {
         // Get the connection directory
         ConnectionGroup rootGroup = userContext.getRootConnectionGroup();
         Directory<String, Connection> connectionDirectory =
@@ -175,14 +165,6 @@ public class ConnectionRESTService {
 
         // Delete the connection
         connectionDirectory.remove(connectionID);
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught while deleting connection.", e);
-            throw new HTTPException(Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
     
     /**
@@ -197,13 +179,14 @@ public class ConnectionRESTService {
      *                 belong to. If null, the root connection group will be used.
      * @param connection The connection to create.
      * @return The identifier of the new connection.
+     * @throws GuacamoleException If a problem is encountered while creating the connection.
      */
     @POST
+    @AuthProviderRESTExposure
     public String createConnection(@QueryParam("token") String authToken, 
-            @QueryParam("parentID") String parentID, APIConnection connection) {
+            @QueryParam("parentID") String parentID, APIConnection connection) throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
         
-        try {
         if(connection == null)
             throw new GuacamoleClientException("A connection is required for this request.");
 
@@ -228,14 +211,6 @@ public class ConnectionRESTService {
 
         // Return the new connection identifier
         return connection.getIdentifier();
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught while creating connection.", e);
-            throw new HTTPException(Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
     
     /**
@@ -245,14 +220,15 @@ public class ConnectionRESTService {
      *                  the user performing the operation.
      * @param connectionID The ID of the Connection to move.
      * @param connection The connection to update.
+     * @throws GuacamoleException If a problem is encountered while updating the connection.
      */
     @POST
     @Path("/{connectionID}")
+    @AuthProviderRESTExposure
     public void updateConnection(@QueryParam("token") String authToken, 
-            @PathParam("connectionID") String connectionID, APIConnection connection) {
+            @PathParam("connectionID") String connectionID, APIConnection connection) throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
         
-        try {
         if(connection == null)
             throw new GuacamoleClientException("A connection is required for this request.");
 
@@ -267,14 +243,6 @@ public class ConnectionRESTService {
 
         // Update the connection
         connectionDirectory.update(new APIConnectionWrapper(connection));
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught updating connection.", e);
-            throw new HTTPException(Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
     
     /**
@@ -283,16 +251,17 @@ public class ConnectionRESTService {
      * @param authToken The authentication token that is used to authenticate
      *                  the user performing the operation.
      * @param connectionID The ID of the Connection to move.
-     * @param parentID The ID of the ConnectionGroup the connections
+     * @param parentID The ID of the ConnectionGroup the connection is to be moved to.
-     *                 belong to. If null, the root connection group will be used.
+     * @throws GuacamoleException If a problem is encountered while moving the connection.
      */
     @PUT
     @Path("/{connectionID}")
+    @AuthProviderRESTExposure
     public void moveConnection(@QueryParam("token") String authToken, 
-            @PathParam("connectionID") String connectionID, @QueryParam("parentID") String parentID) {
+            @PathParam("connectionID") String connectionID, @QueryParam("parentID") String parentID) 
+            throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
 
-        try {
         // Get the connection directory
         ConnectionGroup rootGroup = userContext.getRootConnectionGroup();
         Directory<String, Connection> connectionDirectory =
@@ -307,14 +276,6 @@ public class ConnectionRESTService {
 
         // Move the connection
         connectionDirectory.move(connectionID, parentConnectionGroup.getConnectionDirectory());
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught moving connection.", e);
-            throw new HTTPException(Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
 
 }

guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/connectiongroup/ConnectionGroupRESTService.java

@@ -38,6 +38,7 @@ import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.Directory;
 import org.glyptodon.guacamole.net.auth.UserContext;
+import org.glyptodon.guacamole.net.basic.rest.AuthProviderRESTExposure;
 import org.glyptodon.guacamole.net.basic.rest.HTTPException;
 import org.glyptodon.guacamole.net.basic.rest.auth.AuthenticationService;
 import org.slf4j.Logger;
@@ -79,12 +80,14 @@ public class ConnectionGroupRESTService {
      * @param parentID The ID of the ConnectionGroup the connection groups
      *                 belong to. If null, the root connection group will be used.
      * @return The connection list.
+     * @throws GuacamoleException If a problem is encountered while listing connection groups.
      */
     @GET
-    public List<APIConnectionGroup> getConnectionGroups(@QueryParam("token") String authToken, @QueryParam("parentID") String parentID) {
+    @AuthProviderRESTExposure
+    public List<APIConnectionGroup> getConnectionGroups(@QueryParam("token") String authToken, @QueryParam("parentID") String parentID) 
+            throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
         
-        try {
         // If the parent connection group is passed in, try to find it.
         ConnectionGroup parentConnectionGroup;
         if(parentID == null)
@@ -103,14 +106,6 @@ public class ConnectionGroupRESTService {
 
         // return the converted connection group list
         return connectionGroupService.convertConnectionGroupList(connectionGroupDirectory);
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught while listing connection groups.", e);
-            throw new HTTPException(Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
     
     /**
@@ -120,14 +115,15 @@ public class ConnectionGroupRESTService {
      *                  the user performing the operation.
      * @param connectionGroupID The ID of the ConnectionGroup.
      * @return The connection group.
+     * @throws GuacamoleException If a problem is encountered while retrieving the connection group.
      */
     @GET
     @Path("/{connectionGroupID}")
+    @AuthProviderRESTExposure
     public APIConnectionGroup getConnectionGroup(@QueryParam("token") String authToken, 
-            @PathParam("connectionGroupID") String connectionGroupID) {
+            @PathParam("connectionGroupID") String connectionGroupID) throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
         
-        try {
         // Get the connection group directory
         ConnectionGroup rootGroup = userContext.getRootConnectionGroup();
         Directory<String, ConnectionGroup> connectionGroupDirectory =
@@ -141,14 +137,6 @@ public class ConnectionGroupRESTService {
 
         // Return the connectiion group
         return new APIConnectionGroup(connectionGroup);
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught while getting connection group.", e);
-            throw new HTTPException(Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
     
     /**
@@ -157,13 +145,15 @@ public class ConnectionGroupRESTService {
      * @param authToken The authentication token that is used to authenticate
      *                  the user performing the operation.
      * @param connectionGroupID The ID of the ConnectionGroup to delete.
+     * @throws GuacamoleException If a problem is encountered while deleting the connection group.
      */
     @DELETE
     @Path("/{connectionGroupID}")
-    public void deleteConnectionGroup(@QueryParam("token") String authToken, @PathParam("connectionGroupID") String connectionGroupID) {
+    @AuthProviderRESTExposure
+    public void deleteConnectionGroup(@QueryParam("token") String authToken, 
+            @PathParam("connectionGroupID") String connectionGroupID) throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
 
-        try {
         // Get the connection group directory
         ConnectionGroup rootGroup = userContext.getRootConnectionGroup();
         Directory<String, ConnectionGroup> connectionGroupDirectory =
@@ -175,14 +165,6 @@ public class ConnectionGroupRESTService {
 
         // Delete the connection group
         connectionGroupDirectory.remove(connectionGroupID);
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught while deleting connection group.", e);
-            throw new HTTPException(Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
     
     /**
@@ -197,13 +179,14 @@ public class ConnectionGroupRESTService {
      *                 belong to. If null, the root connection group will be used.
      * @param connection The connection group to create.
      * @return The identifier of the new connection group.
+     * @throws GuacamoleException If a problem is encountered while creating the connection group.
      */
     @POST
+    @AuthProviderRESTExposure
     public String createConnectionGroup(@QueryParam("token") String authToken, 
-            @QueryParam("parentID") String parentID, APIConnectionGroup connectionGroup) {
+            @QueryParam("parentID") String parentID, APIConnectionGroup connectionGroup) throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
 
-        try {
         if(connectionGroup == null)
             throw new GuacamoleClientException("A connection group is required for this request.");
 
@@ -228,14 +211,6 @@ public class ConnectionGroupRESTService {
 
         // Return the new connection group identifier
         return connectionGroup.getIdentifier();
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught while creating connection group.", e);
-            throw new HTTPException(Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
     
     /**
@@ -245,16 +220,18 @@ public class ConnectionGroupRESTService {
      *                  the user performing the operation.
      * @param connectionID The ID of the ConnectionGroup to update.
      * @param connection The connection group to update.
+     * @throws GuacamoleException If a problem is encountered while updating the connection group.
      */
     @POST
     @Path("/{connectionGroupID}")
+    @AuthProviderRESTExposure
     public void updateConnectionGroup(@QueryParam("token") String authToken, 
-            @PathParam("connectionGroupID") String connectionGroupID, APIConnectionGroup connectionGroup) {
+            @PathParam("connectionGroupID") String connectionGroupID, APIConnectionGroup connectionGroup) 
+            throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
         
-        try {
         if(connectionGroup == null)
-                throw new GuacamoleClientException("A connection is required for this request.");
+            throw new GuacamoleClientException("A connection group is required for this request.");
 
         // Get the connection directory
         ConnectionGroup rootGroup = userContext.getRootConnectionGroup();
@@ -267,14 +244,6 @@ public class ConnectionGroupRESTService {
 
         // Update the connection group
         connectionGroupDirectory.update(new APIConnectionGroupWrapper(connectionGroup));
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught updating connection group.", e);
-            throw new HTTPException(Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
     
     /**
@@ -282,17 +251,18 @@ public class ConnectionGroupRESTService {
      * 
      * @param authToken The authentication token that is used to authenticate
      *                  the user performing the operation.
-     * @param connectionID The ID of the ConnectionGroup to move.
+     * @param connectionGroupID The ID of the ConnectionGroup to move.
-     * @param parentID The ID of the ConnectionGroup the connection groups
+     * @param parentID The ID of the ConnectionGroup the connection group is to be moved to.
-     *                 belong to. If null, the root connection group will be used.
+     * @throws GuacamoleException If a problem is encountered while moving the connection group.
      */
     @PUT
     @Path("/{connectionGroupID}")
+    @AuthProviderRESTExposure
     public void moveConnectionGroup(@QueryParam("token") String authToken, 
-            @PathParam("connectionGroupID") String connectionGroupID, @QueryParam("parentID") String parentID) {
+            @PathParam("connectionGroupID") String connectionGroupID, 
+            @QueryParam("parentID") String parentID) throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
         
-        try {
         // Get the connection group directory
         ConnectionGroup rootGroup = userContext.getRootConnectionGroup();
         Directory<String, ConnectionGroup> connectionGroupDirectory =
@@ -307,14 +277,6 @@ public class ConnectionGroupRESTService {
 
         // Move the connection group
         connectionGroupDirectory.move(connectionGroupID, parentConnectionGroup.getConnectionGroupDirectory());
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught moving connection group.", e);
-            throw new HTTPException(Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
 
 }

guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/permission/PermissionRESTService.java

@@ -34,6 +34,7 @@ import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.UserContext;
+import org.glyptodon.guacamole.net.basic.rest.AuthProviderRESTExposure;
 import org.glyptodon.guacamole.net.basic.rest.HTTPException;
 import org.glyptodon.guacamole.net.basic.rest.auth.AuthenticationService;
 import org.slf4j.Logger;
@@ -73,13 +74,15 @@ public class PermissionRESTService {
      *                  the user performing the operation.
      * @param userID The ID of the user to retrieve permissions for.
      * @return The permission list.
+     * @throws GuacamoleException If a problem is encountered while listing permissions.
      */
     @GET
     @Path("/{userID}")
-    public List<APIPermission> getPermissions(@QueryParam("token") String authToken, @PathParam("userID") String userID) {
+    @AuthProviderRESTExposure
+    public List<APIPermission> getPermissions(@QueryParam("token") String authToken, @PathParam("userID") String userID) 
+            throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
 
-        try {
         // Get the user
         User user = userContext.getUserDirectory().get(userID);
 
@@ -87,15 +90,6 @@ public class PermissionRESTService {
             throw new HTTPException(Status.NOT_FOUND, "User not found with the provided userID.");
 
         return permissionService.convertPermissionList(user.getPermissions());
-            
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught while listing permissions.", e);
-            throw new HTTPException(Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
     
     /**
@@ -105,14 +99,16 @@ public class PermissionRESTService {
      *                  the user performing the operation.
      * @param userID The user ID to add the permission for.
      * @param permission The permission to add for the user with the given userID.
+     * @throws GuacamoleException If a problem is encountered while adding the permission.
      */
     @POST
     @Path("/{userID}")
+    @AuthProviderRESTExposure
     public void addPermission(@QueryParam("token") String authToken, 
-            @PathParam("userID") String userID, APIPermission permission) {
+            @PathParam("userID") String userID, APIPermission permission) 
+            throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
 
-        try {
         // Get the user
         User user = userContext.getUserDirectory().get(userID);
 
@@ -121,14 +117,6 @@ public class PermissionRESTService {
 
         // Add the new permission
         user.addPermission(permission.toPermission());
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught adding permission.", e);
-            throw new HTTPException(Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
     
     /**
@@ -138,14 +126,16 @@ public class PermissionRESTService {
      *                  the user performing the operation.
      * @param userID The user ID to remove the permission for.
      * @param permission The permission to remove for the user with the given userID.
+     * @throws GuacamoleException If a problem is encountered while removing the permission.
      */
     @POST
     @Path("/remove{userID}/")
+    @AuthProviderRESTExposure
     public void removePermission(@QueryParam("token") String authToken, 
-            @PathParam("userID") String userID, APIPermission permission) {
+            @PathParam("userID") String userID, APIPermission permission) 
+            throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
         
-        try {
         // Get the user
         User user = userContext.getUserDirectory().get(userID);
 
@@ -154,14 +144,6 @@ public class PermissionRESTService {
 
         // Remove the permission
         user.removePermission(permission.toPermission());
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught removing permission.", e);
-            throw new HTTPException(Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
 
 }

guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/user/UserRESTService.java

@@ -18,6 +18,7 @@ import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.Directory;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.UserContext;
+import org.glyptodon.guacamole.net.basic.rest.AuthProviderRESTExposure;
 import org.glyptodon.guacamole.net.basic.rest.HTTPException;
 import org.glyptodon.guacamole.net.basic.rest.auth.AuthenticationService;
 import org.slf4j.Logger;
@@ -74,25 +75,18 @@ public class UserRESTService {
      * @param authToken The authentication token that is used to authenticate
      *                  the user performing the operation.
      * @return The user list.
+     * @throws GuacamoleException If a problem is encountered while listing users.
      */
     @GET
-    public List<APIUser> getUsers(@QueryParam("token") String authToken) {
+    @AuthProviderRESTExposure
+    public List<APIUser> getUsers(@QueryParam("token") String authToken) throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
 
-        try {
         // Get the directory
         Directory<String, User> userDirectory = userContext.getUserDirectory();
 
         // Convert and return the user directory listing
         return userService.convertUserList(userDirectory);
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Response.Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Response.Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught while listing users.", e);
-            throw new HTTPException(Response.Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
     
     /**
@@ -100,13 +94,15 @@ public class UserRESTService {
      * @param authToken The authentication token that is used to authenticate
      *                  the user performing the operation.
      * @return user The user.
+     * @throws GuacamoleException If a problem is encountered while retrieving the user.
      */
     @GET
     @Path("/{userID}")
-    public APIUser getUser(@QueryParam("token") String authToken, @PathParam("userID") String userID) {
+    @AuthProviderRESTExposure
+    public APIUser getUser(@QueryParam("token") String authToken, @PathParam("userID") String userID) 
+            throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
 
-        try {
         // Get the directory
         Directory<String, User> userDirectory = userContext.getUserDirectory();
 
@@ -118,14 +114,6 @@ public class UserRESTService {
 
         // Return the user
         return new APIUser(user);
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Response.Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Response.Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught while getting user.", e);
-            throw new HTTPException(Response.Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
     
     /**
@@ -133,12 +121,14 @@ public class UserRESTService {
      * @param authToken The authentication token that is used to authenticate
      *                  the user performing the operation.
      * @param user The new user to create.
+     * @throws GuacamoleException If a problem is encountered while creating the user.
      */
     @POST
-    public String createUser(@QueryParam("token") String authToken, APIUser user) {
+    @AuthProviderRESTExposure
+    public String createUser(@QueryParam("token") String authToken, APIUser user) 
+            throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
         
-        try {
         // Get the directory
         Directory<String, User> userDirectory = userContext.getUserDirectory();
 
@@ -146,14 +136,6 @@ public class UserRESTService {
         userDirectory.add(new APIUserWrapper(user));
 
         return user.getUsername();
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Response.Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Response.Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught while creating user.", e);
-            throw new HTTPException(Response.Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
     
     /**
@@ -162,13 +144,15 @@ public class UserRESTService {
      *                  the user performing the operation.
      * @param userID The unique identifier of the user to update.
      * @param user The updated user.
+     * @throws GuacamoleException If a problem is encountered while updating the user.
      */
     @POST
     @Path("/{userID}")
-    public void updateUser(@QueryParam("token") String authToken, @PathParam("userID") String userID, APIUser user) {
+    @AuthProviderRESTExposure
+    public void updateUser(@QueryParam("token") String authToken, @PathParam("userID") String userID, APIUser user) 
+            throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
         
-        try {
         // Get the directory
         Directory<String, User> userDirectory = userContext.getUserDirectory();
 
@@ -186,14 +170,6 @@ public class UserRESTService {
          * since the user REST endpoints do not expose permissions
          */
         userDirectory.update(new APIUserWrapper(user, existingUser.getPermissions()));
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Response.Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Response.Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught while updating user.", e);
-            throw new HTTPException(Response.Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
     
     /**
@@ -201,13 +177,15 @@ public class UserRESTService {
      * @param authToken The authentication token that is used to authenticate
      *                  the user performing the operation.
      * @param userID The unique identifier of the user to delete.
+     * @throws GuacamoleException If a problem is encountered while deleting the user.
      */
     @DELETE
     @Path("/{userID}")
-    public void deleteUser(@QueryParam("token") String authToken, @PathParam("userID") String userID) {
+    @AuthProviderRESTExposure
+    public void deleteUser(@QueryParam("token") String authToken, @PathParam("userID") String userID) 
+            throws GuacamoleException {
         UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
         
-        try {
         // Get the directory
         Directory<String, User> userDirectory = userContext.getUserDirectory();
 
@@ -219,13 +197,5 @@ public class UserRESTService {
 
         // Delete the user
         userDirectory.remove(userID);
-        } catch(GuacamoleSecurityException e) {
-            throw new HTTPException(Response.Status.FORBIDDEN, e.getMessage() != null ? e.getMessage() : "Permission denied.");
-        } catch(GuacamoleClientException e) {
-            throw new HTTPException(Response.Status.BAD_REQUEST, e.getMessage() != null ? e.getMessage() : "Invalid Request.");
-        } catch(GuacamoleException e) {
-            logger.error("Unexpected GuacamoleException caught while deleting user.", e);
-            throw new HTTPException(Response.Status.INTERNAL_SERVER_ERROR, e.getMessage() != null ? e.getMessage() : "Unexpected server error.");
-        }
     }
 }