From 7686a892d556333194349f73fee3a268b6202d66 Mon Sep 17 00:00:00 2001
From: rsanchez <rsanchez@curisit.net>
Date: Wed, 15 Oct 2014 16:52:56 +0000
Subject: [PATCH] #2021 config - Fixed some catalogs, LicenseType and Users
---
securis/src/main/java/net/curisit/securis/services/UserResource.java | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++------
1 files changed, 50 insertions(+), 6 deletions(-)
diff --git a/securis/src/main/java/net/curisit/securis/services/UserResource.java b/securis/src/main/java/net/curisit/securis/services/UserResource.java
index a832493..f2e8b89 100644
--- a/securis/src/main/java/net/curisit/securis/services/UserResource.java
+++ b/securis/src/main/java/net/curisit/securis/services/UserResource.java
@@ -5,9 +5,11 @@
import java.util.List;
import java.util.Set;
+import javax.annotation.security.RolesAllowed;
import javax.inject.Inject;
import javax.inject.Provider;
import javax.persistence.EntityManager;
+import javax.persistence.PersistenceException;
import javax.persistence.TypedQuery;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
@@ -31,6 +33,8 @@
import net.curisit.securis.SeCurisException;
import net.curisit.securis.db.Organization;
import net.curisit.securis.db.User;
+import net.curisit.securis.security.BasicSecurityContext;
+import net.curisit.securis.security.Securable;
import net.curisit.securis.utils.TokenHelper;
import org.apache.logging.log4j.LogManager;
@@ -66,6 +70,8 @@
@Produces({
MediaType.APPLICATION_JSON
})
+ @Securable
+ @RolesAllowed(BasicSecurityContext.ROL_ADMIN)
public Response index() {
LOG.info("Getting users list ");
@@ -86,6 +92,8 @@
@Produces({
MediaType.APPLICATION_JSON
})
+ @Securable
+ @RolesAllowed(BasicSecurityContext.ROL_ADMIN)
public Response get(@PathParam("uid") String uid, @HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) {
LOG.info("Getting user data for id: {}: ", uid);
if (uid == null || "".equals(uid)) {
@@ -109,6 +117,8 @@
MediaType.APPLICATION_JSON
})
@Transactional
+ @Securable
+ @RolesAllowed(BasicSecurityContext.ROL_ADMIN)
public Response create(User user, @HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) {
LOG.info("Creating new user");
EntityManager em = emProvider.get();
@@ -122,6 +132,11 @@
this.setUserOrg(user, user.getOrgsIds(), em);
} catch (SeCurisException e) {
return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, e.getMessage()).build();
+ }
+ if (user.getPassword() != null && !"".equals(user.getPassword())) {
+ user.setPassword(Utils.sha256(user.getPassword()));
+ } else {
+ return Response.status(DefaultExceptionHandler.DEFAULT_APP_ERROR_STATUS_CODE).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "User password is mandatory").build();
}
user.setModificationTimestamp(new Date());
user.setLastLogin(null);
@@ -157,6 +172,8 @@
@Produces({
MediaType.APPLICATION_JSON
})
+ @Securable
+ @RolesAllowed(BasicSecurityContext.ROL_ADMIN)
public Response modify(User user, @PathParam("uid") String uid, @HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) {
LOG.info("Modifying user with id: {}", uid);
EntityManager em = emProvider.get();
@@ -176,7 +193,13 @@
currentUser.setRoles(user.getRoles());
currentUser.setLang(user.getLang());
currentUser.setModificationTimestamp(new Date());
- currentUser.setPassword(user.getPassword());
+ if (user.getPassword() != null && !"".equals(user.getPassword())) {
+ currentUser.setPassword(Utils.sha256(user.getPassword()));
+ } else {
+ // Password has not been modified
+ //return Response.status(DefaultExceptionHandler.DEFAULT_APP_ERROR_STATUS_CODE).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "User password is mandatory").build();
+ }
+
currentUser.setLastLogin(user.getLastLogin());
em.persist(currentUser);
@@ -190,6 +213,8 @@
@Produces({
MediaType.APPLICATION_JSON
})
+ @Securable
+ @RolesAllowed(BasicSecurityContext.ROL_ADMIN)
public Response delete(@PathParam("uid") String uid, @Context HttpServletRequest request) {
LOG.info("Deleting app with id: {}", uid);
EntityManager em = emProvider.get();
@@ -208,16 +233,35 @@
@Produces({
MediaType.APPLICATION_JSON
})
- public Response login(@FormParam("username") String user, @FormParam("password") String password, @Context HttpServletRequest request) {
+ public Response login(@FormParam("username") String username, @FormParam("password") String password, @Context HttpServletRequest request) {
LOG.info("index session: " + request.getSession());
- LOG.info("user: {}, pass: {}", user, password);
+ LOG.info("user: {}, pass: {}", username, password);
LOG.info("is user in role: {} == {} ? ", "advance", request.isUserInRole("advance"));
-
- if ("no".equals(password)) {
+ LOG.info("is user in role: {} == {} ? ", "admin", request.isUserInRole("admin"));
+
+ EntityManager em = emProvider.get();
+ User user = em.find(User.class, username);
+ if (user == null) {
+ LOG.error("Inknown username {} used in login service", username);
+ return Response.status(Status.UNAUTHORIZED).build();
+ }
+ String securedPassword = Utils.sha256(password);
+
+ if (securedPassword == null || !securedPassword.equals(user.getPassword())) {
// TODO: Code to test exception handling
return Response.status(Status.UNAUTHORIZED).build();
}
- String tokenAuth = tokenHelper.generateToken(user);
+ user.setLastLogin(new Date());
+ em.getTransaction().begin();
+ try {
+ em.persist(user);
+ em.getTransaction().commit();
+ } catch(PersistenceException ex) {
+ LOG.error("Error updating last login date for user: {}", username);
+ LOG.error(ex);
+ em.getTransaction().rollback();
+ }
+ String tokenAuth = tokenHelper.generateToken(username);
return Response.ok(Utils.createMap("success", true, "token", tokenAuth)).build();
}
--
Gitblit v1.3.2