#396 feature - Added security management methods for REST API

Roberto Sánchez

2014-01-17 441c660af706fd3c6d0e06b36b8f25a808fcdf5f

 securis/src/main/java/net/curisit/securis/services/BasicServices.java
..
..
@@ -6,14 +6,23 @@
6
6
 import javax.inject.Inject;
7
7
 import javax.inject.Singleton;
8
8
 import javax.servlet.http.HttpServletRequest;
9
+import javax.ws.rs.FormParam;
9
10
 import javax.ws.rs.GET;
11
+import javax.ws.rs.HeaderParam;
12
+import javax.ws.rs.POST;
10
13
 import javax.ws.rs.Path;
11
14
 import javax.ws.rs.PathParam;
12
15
 import javax.ws.rs.Produces;
16
+import javax.ws.rs.QueryParam;
13
17
 import javax.ws.rs.core.Context;
14
18
 import javax.ws.rs.core.MediaType;
15
19
 import javax.ws.rs.core.Response;
20
+import javax.ws.rs.core.Response.Status;
16
21
 import javax.ws.rs.core.UriBuilder;
22
+
23
+import net.curisit.integrity.commons.Utils;
24
+import net.curisit.securis.db.User;
25
+import net.curisit.securis.utils.TokenHelper;
17
26
 
18
27
 import org.slf4j.Logger;
19
28
 import org.slf4j.LoggerFactory;
..
..
@@ -28,6 +37,9 @@
28
37
 public class BasicServices {
29
38
 
30
39
 	private static final Logger log = LoggerFactory.getLogger(BasicServices.class);
40
+
41
+	@Inject
42
+	TokenHelper tokenHelper;
31
43
 
32
44
 	@Inject
33
45
 	public BasicServices() {
..
..
@@ -52,4 +64,62 @@
52
64
 		return Response.seeOther(uri).build();
53
65
 	}
54
66
 
67
+	@POST
68
+	@Path("/login")
69
+	@Produces(
70
+		{ MediaType.APPLICATION_JSON })
71
+	public Response login(@FormParam("username") String user, @FormParam("password") String password, @Context HttpServletRequest request) {
72
+		log.info("index session: " + request.getSession());
73
+		log.info("user: {}, pass: {}", user, password);
74
+		log.info("is user in role: {} == {} ? ", "advance", request.isUserInRole("advance"));
75
+
76
+		if ("no".equals(password))
77
+			return Response.status(Status.UNAUTHORIZED).build();
78
+		String tokenAuth = tokenHelper.generateToken(user);
79
+		return Response.ok(Utils.createMap("success", true, "token", tokenAuth)).build();
80
+	}
81
+
82
+	/**
83
+	 * Check if current token is valid
84
+	 * 
85
+	 * @param user
86
+	 * @param password
87
+	 * @param request
88
+	 * @return
89
+	 */
90
+	@GET
91
+	@Securable(roles = User.Rol.ADMIN)
92
+	@Path("/check")
93
+	@Produces(
94
+		{ MediaType.APPLICATION_JSON })
95
+	public Response check(@HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token, @QueryParam("token") String token2) {
96
+		if (token == null)
97
+			token = token2;
98
+		if (token == null)
99
+			return Response.status(Status.FORBIDDEN).build();
100
+		boolean valid = tokenHelper.isTokenValid(token);
101
+		if (!valid)
102
+			return Response.status(Status.UNAUTHORIZED).build();
103
+
104
+		// log.info("Token : " + token);
105
+		String user = tokenHelper.extractUserFromToken(token);
106
+		// log.info("Token user: " + user);
107
+		Date date = tokenHelper.extractDateCreationFromToken(token);
108
+		// log.info("Token date: " + date);
109
+
110
+		return Response.ok(Utils.createMap("valid", true, "user", user, "date", date)).build();
111
+	}
112
+
113
+	@GET
114
+	@POST
115
+	@Path("/logout")
116
+	@Produces(
117
+		{ MediaType.APPLICATION_JSON })
118
+	public Response logout(@HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) {
119
+		if (token == null)
120
+			Response.status(Status.BAD_REQUEST).build();
121
+		String user = tokenHelper.extractUserFromToken(token);
122
+		log.info("User {} has logged out", user);
123
+		return Response.ok().build();
124
+	}
55
125
 }