From 441c660af706fd3c6d0e06b36b8f25a808fcdf5f Mon Sep 17 00:00:00 2001
From: Roberto Sánchez <roberto.sanchez@curisit.net>
Date: Fri, 17 Jan 2014 17:35:50 +0000
Subject: [PATCH] #396 feature - Added security management methods for REST API
---
securis/src/main/java/net/curisit/securis/services/BasicServices.java | 70 +++++++++++++++++++++++++++++++++++
1 files changed, 70 insertions(+), 0 deletions(-)
diff --git a/securis/src/main/java/net/curisit/securis/services/BasicServices.java b/securis/src/main/java/net/curisit/securis/services/BasicServices.java
index 38addaa..ef66c32 100644
--- a/securis/src/main/java/net/curisit/securis/services/BasicServices.java
+++ b/securis/src/main/java/net/curisit/securis/services/BasicServices.java
@@ -6,14 +6,23 @@
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
+import javax.ws.rs.HeaderParam;
+import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.UriBuilder;
+
+import net.curisit.integrity.commons.Utils;
+import net.curisit.securis.db.User;
+import net.curisit.securis.utils.TokenHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -28,6 +37,9 @@
public class BasicServices {
private static final Logger log = LoggerFactory.getLogger(BasicServices.class);
+
+ @Inject
+ TokenHelper tokenHelper;
@Inject
public BasicServices() {
@@ -52,4 +64,62 @@
return Response.seeOther(uri).build();
}
+ @POST
+ @Path("/login")
+ @Produces(
+ { MediaType.APPLICATION_JSON })
+ public Response login(@FormParam("username") String user, @FormParam("password") String password, @Context HttpServletRequest request) {
+ log.info("index session: " + request.getSession());
+ log.info("user: {}, pass: {}", user, password);
+ log.info("is user in role: {} == {} ? ", "advance", request.isUserInRole("advance"));
+
+ if ("no".equals(password))
+ return Response.status(Status.UNAUTHORIZED).build();
+ String tokenAuth = tokenHelper.generateToken(user);
+ return Response.ok(Utils.createMap("success", true, "token", tokenAuth)).build();
+ }
+
+ /**
+ * Check if current token is valid
+ *
+ * @param user
+ * @param password
+ * @param request
+ * @return
+ */
+ @GET
+ @Securable(roles = User.Rol.ADMIN)
+ @Path("/check")
+ @Produces(
+ { MediaType.APPLICATION_JSON })
+ public Response check(@HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token, @QueryParam("token") String token2) {
+ if (token == null)
+ token = token2;
+ if (token == null)
+ return Response.status(Status.FORBIDDEN).build();
+ boolean valid = tokenHelper.isTokenValid(token);
+ if (!valid)
+ return Response.status(Status.UNAUTHORIZED).build();
+
+ // log.info("Token : " + token);
+ String user = tokenHelper.extractUserFromToken(token);
+ // log.info("Token user: " + user);
+ Date date = tokenHelper.extractDateCreationFromToken(token);
+ // log.info("Token date: " + date);
+
+ return Response.ok(Utils.createMap("valid", true, "user", user, "date", date)).build();
+ }
+
+ @GET
+ @POST
+ @Path("/logout")
+ @Produces(
+ { MediaType.APPLICATION_JSON })
+ public Response logout(@HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) {
+ if (token == null)
+ Response.status(Status.BAD_REQUEST).build();
+ String user = tokenHelper.extractUserFromToken(token);
+ log.info("User {} has logged out", user);
+ return Response.ok().build();
+ }
}
--
Gitblit v1.3.2