From f90f4ce7e466f1b71d233c6c84381c24439cd758 Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Wed, 1 Nov 2023 19:06:19 -0700
Subject: [PATCH] SHIBUI-2633

Fixing the MDQ "/entities"
---
 .../configuration/SpringSecurityConfig.java   |  1 +
 .../ui/controller/EntitiesController.java     | 31 ++++++++++++++++---
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/SpringSecurityConfig.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/SpringSecurityConfig.java
index 90194ede5..8a3b6c292 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/SpringSecurityConfig.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/SpringSecurityConfig.java
@@ -111,6 +111,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
             .authorizeHttpRequests()
             .requestMatchers(new AntPathRequestMatcher("/unsecured/**/*"),
+                             new AntPathRequestMatcher("/entities*"),
                              new AntPathRequestMatcher("/entities/**/*"),
                              new AntPathRequestMatcher("/actuator/**"),
                              new AntPathRequestMatcher("/api/beacon/send")).permitAll()
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesController.java
index ecb0809ae..833d3f71f 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesController.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesController.java
@@ -28,14 +28,14 @@
 import java.time.Instant;
 import java.time.ZoneOffset;
 import java.util.Date;
+import java.util.List;
 
 /**
  * EntitiesController is here to meet the requirements for this project being an MDQ. Despite similar logic to the
  * EntitiesDescriptorController, the required endpoints that make this project an MDQ server are served by this controller.
  */
 @RestController
-@RequestMapping(value = { "/entities", // per protocol - https://spaces.at.internet2.edu/display/MDQ/Metadata+Query+Protocol
-                          "/api/entities" }, // existing - included to break no existing code
+@RequestMapping(value = { "/" }, // per protocol - https://spaces.at.internet2.edu/display/MDQ/Metadata+Query+Protocol
                 method = RequestMethod.GET)
 @Slf4j
 @Tags(value = {@Tag(name = "MDQ")})
@@ -49,7 +49,30 @@ public class EntitiesController {
     @Autowired
     private EntityDescriptorRepository entityDescriptorRepository;
 
-    @RequestMapping(value = "/{entityId:.*}")
+    @RequestMapping(value = "/entities", produces = "application/xml")
+    @Operation(description = "Endpoint based on the MDQ spec to return all entity's information. see: https://spaces.at.internet2.edu/display/MDQ/Metadata+Query+Protocol",
+               summary = "Return all the entities from the entity's id", method = "GET")
+    @Transactional(readOnly = true)
+    public ResponseEntity<?> getAllXml() throws MarshallingException, ResolverException, UnsupportedEncodingException {
+        List<edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor> entityDescriptors = entityDescriptorRepository.findAll();
+        if (entityDescriptors == null || entityDescriptors.isEmpty()) {
+            return ResponseEntity.notFound().build();
+        }
+        StringBuilder result = new StringBuilder();
+        entityDescriptors.forEach(entityDescriptor -> {
+            try {
+                final String xml = this.openSamlObjects.marshalToXmlString(entityDescriptor);
+                result.append(xml);
+            }
+            catch (MarshallingException e) {
+                throw new RuntimeException(e);
+            }
+        });
+        String xmlDeclarationClean = result.toString().replace("<?xml version=\"1.0\" encoding=\"UTF-8\"?>","");
+        return new ResponseEntity<>("<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + xmlDeclarationClean, new HttpHeaders(), HttpStatus.OK);
+    }
+
+    @RequestMapping(value = "/entities/{entityId:.*}")
     @Operation(description = "Endpoint based on the MDQ spec to return a single entity's information. see: https://spaces.at.internet2.edu/display/MDQ/Metadata+Query+Protocol",
                summary = "Return a single entity from the entity's id", method = "GET")
     @Transactional(readOnly = true)
@@ -70,7 +93,7 @@ private String formatModifiedDate(EntityDescriptorRepresentation entityDescripto
         return DateUtils.formatDate(date, DateUtils.PATTERN_RFC1123);
     }
 
-    @RequestMapping(value = "/{entityId:.*}", produces = "application/xml")
+    @RequestMapping(value = "/entities/{entityId:.*}", produces = "application/xml")
     @Operation(description = "Endpoint based on the MDQ spec to return a single entity's information. see: https://spaces.at.internet2.edu/display/MDQ/Metadata+Query+Protocol",
                summary = "Return a single entity from the entity's id", method = "GET")
     @Transactional(readOnly = true)