From 6d04b0ae0f4eeb9f0963b1595d0f2e7469fa5f3f Mon Sep 17 00:00:00 2001
From: Roberto Sánchez <roberto.sanchez@curisit.net>
Date: Thu, 26 Dec 2013 14:53:29 +0000
Subject: [PATCH] #333 feature - Added schema and JPA entities
---
securis/src/main/java/net/curisit/securis/services/SecurityInterceptor.java | 49 +++
securis/src/main/java/net/curisit/securis/db/User.java | 160 ++++++++++
securis/src/main/java/net/curisit/securis/db/Application.java | 67 ++++
securis/src/main/java/net/curisit/securis/services/Securable.java | 12
securis/src/main/java/net/curisit/securis/db/Pack.java | 120 +++++++
securis/src/main/java/net/curisit/securis/db/License.java | 106 ++++++
securis/src/main/java/net/curisit/securis/utils/TokenHelper.java | 33 +
securis/src/main/java/net/curisit/securis/db/Organization.java | 111 ++++++
securis/src/main/java/net/curisit/securis/services/UserResource.java | 11
securis/src/main/java/net/curisit/securis/ioc/RequestsModule.java | 3
securis/src/main/java/net/curisit/securis/ioc/SecurisModule.java | 95 +++++
securis/src/main/java/net/curisit/securis/db/LicenseType.java | 90 +++++
securis/src/main/resources/db/schema.sql | 84 +++++
13 files changed, 924 insertions(+), 17 deletions(-)
diff --git a/securis/src/main/java/net/curisit/securis/db/Application.java b/securis/src/main/java/net/curisit/securis/db/Application.java
new file mode 100644
index 0000000..5f6c2ba
--- /dev/null
+++ b/securis/src/main/java/net/curisit/securis/db/Application.java
@@ -0,0 +1,67 @@
+package net.curisit.securis.db;
+
+import java.io.Serializable;
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
+import javax.persistence.Table;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+/**
+ * Entity implementation class for Entity: application
+ *
+ */
+@JsonAutoDetect
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@Entity
+@Table(name = "application")
+@NamedQueries(
+ { @NamedQuery(name = "list-applications", query = "SELECT a FROM Application a") })
+public class Application implements Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ private int id;
+
+ private String name;
+ private String description;
+
+ @Column(name = "creation_timestamp")
+ private Date creationTimestamp;
+
+ public int getId() {
+ return id;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ public Date getCreationTimestamp() {
+ return creationTimestamp;
+ }
+
+ public void setCreationTimestamp(Date creationTimestamp) {
+ this.creationTimestamp = creationTimestamp;
+ }
+
+}
diff --git a/securis/src/main/java/net/curisit/securis/db/License.java b/securis/src/main/java/net/curisit/securis/db/License.java
new file mode 100644
index 0000000..c23180b
--- /dev/null
+++ b/securis/src/main/java/net/curisit/securis/db/License.java
@@ -0,0 +1,106 @@
+package net.curisit.securis.db;
+
+import java.io.Serializable;
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.JoinColumn;
+import javax.persistence.ManyToOne;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
+import javax.persistence.Table;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+/**
+ * Entity implementation class for Entity: license
+ *
+ */
+@JsonAutoDetect
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@Entity
+@Table(name = "license")
+@NamedQueries(
+ { @NamedQuery(name = "list-licenses", query = "SELECT pa FROM Pack pa") })
+public class License implements Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ private int id;
+
+ private String code;
+
+ @Column(name = "creation_timestamp")
+ private Date creationTimestamp;
+
+ @ManyToOne
+ @JoinColumn(name = "organization_id")
+ private Organization organization;
+
+ @ManyToOne
+ @JoinColumn(name = "license_type_id")
+ private LicenseType licenseType;
+
+ @ManyToOne
+ @JoinColumn(name = "created_by")
+ private User createdBy;
+
+ private int numLicenses;
+
+ public int getId() {
+ return id;
+ }
+
+ public String getCode() {
+ return code;
+ }
+
+ public void setCode(String code) {
+ this.code = code;
+ }
+
+ public Date getCreationTimestamp() {
+ return creationTimestamp;
+ }
+
+ public void setCreationTimestamp(Date creationTimestamp) {
+ this.creationTimestamp = creationTimestamp;
+ }
+
+ public Organization getOrganization() {
+ return organization;
+ }
+
+ public void setOrganization(Organization organization) {
+ this.organization = organization;
+ }
+
+ public LicenseType getLicenseType() {
+ return licenseType;
+ }
+
+ public void setLicenseType(LicenseType licenseType) {
+ this.licenseType = licenseType;
+ }
+
+ public User getCreatedBy() {
+ return createdBy;
+ }
+
+ public void setCreatedBy(User createdBy) {
+ this.createdBy = createdBy;
+ }
+
+ public int getNumLicenses() {
+ return numLicenses;
+ }
+
+ public void setNumLicenses(int numLicenses) {
+ this.numLicenses = numLicenses;
+ }
+
+}
diff --git a/securis/src/main/java/net/curisit/securis/db/LicenseType.java b/securis/src/main/java/net/curisit/securis/db/LicenseType.java
new file mode 100644
index 0000000..771fb54
--- /dev/null
+++ b/securis/src/main/java/net/curisit/securis/db/LicenseType.java
@@ -0,0 +1,90 @@
+package net.curisit.securis.db;
+
+import java.io.Serializable;
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.JoinColumn;
+import javax.persistence.ManyToOne;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
+import javax.persistence.Table;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+/**
+ * Entity implementation class for Entity: license_type
+ *
+ */
+@JsonAutoDetect
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@Entity
+@Table(name = "license_type")
+@NamedQueries(
+ { @NamedQuery(name = "list-license_types", query = "SELECT a FROM Application a") })
+public class LicenseType implements Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ private int id;
+
+ private String code;
+ private String name;
+ private String description;
+
+ @Column(name = "creation_timestamp")
+ private Date creationTimestamp;
+
+ @ManyToOne
+ @JoinColumn(name = "application_id")
+ private Application application;
+
+ public int getId() {
+ return id;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ public String getCode() {
+ return code;
+ }
+
+ public void setCode(String code) {
+ this.code = code;
+ }
+
+ public Application getApplication() {
+ return application;
+ }
+
+ public void setApplication(Application application) {
+ this.application = application;
+ }
+
+ public Date getCreationTimestamp() {
+ return creationTimestamp;
+ }
+
+ public void setCreationTimestamp(Date creationTimestamp) {
+ this.creationTimestamp = creationTimestamp;
+ }
+
+}
diff --git a/securis/src/main/java/net/curisit/securis/db/Organization.java b/securis/src/main/java/net/curisit/securis/db/Organization.java
new file mode 100644
index 0000000..0f43b92
--- /dev/null
+++ b/securis/src/main/java/net/curisit/securis/db/Organization.java
@@ -0,0 +1,111 @@
+package net.curisit.securis.db;
+
+import java.io.Serializable;
+import java.util.Date;
+import java.util.List;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.Id;
+import javax.persistence.JoinColumn;
+import javax.persistence.JoinTable;
+import javax.persistence.ManyToMany;
+import javax.persistence.ManyToOne;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
+import javax.persistence.Table;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+/**
+ * Entity implementation class for Entity: organization
+ *
+ */
+@JsonAutoDetect
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@Entity
+@Table(name = "organization")
+@NamedQueries(
+ { @NamedQuery(name = "list-organizations", query = "SELECT o FROM Organization o") })
+public class Organization implements Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ @GeneratedValue
+ private int id;
+
+ private String code;
+ private String name;
+ private String description;
+
+ @Column(name = "creation_timestamp")
+ private Date creationTimestamp;
+
+ @ManyToMany
+ @JoinTable(name = "user_organization", //
+ joinColumns =
+ { @JoinColumn(name = "organization_id", referencedColumnName = "id") }, //
+ inverseJoinColumns =
+ { @JoinColumn(name = "user_id", referencedColumnName = "id") })
+ private List<User> users;
+
+ @ManyToOne
+ @JoinColumn(name = "org_parent_id")
+ private Organization parentOrganization;
+
+ public int getId() {
+ return id;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ public String getCode() {
+ return code;
+ }
+
+ public void setCode(String code) {
+ this.code = code;
+ }
+
+ public Date getCreationTimestamp() {
+ return creationTimestamp;
+ }
+
+ public void setCreationTimestamp(Date creationTimestamp) {
+ this.creationTimestamp = creationTimestamp;
+ }
+
+ public List<User> getUsers() {
+ return users;
+ }
+
+ public void setUsers(List<User> users) {
+ this.users = users;
+ }
+
+ public Organization getParentOrganization() {
+ return parentOrganization;
+ }
+
+ public void setParentOrganization(Organization parentOrganization) {
+ this.parentOrganization = parentOrganization;
+ }
+
+}
diff --git a/securis/src/main/java/net/curisit/securis/db/Pack.java b/securis/src/main/java/net/curisit/securis/db/Pack.java
new file mode 100644
index 0000000..04e3306
--- /dev/null
+++ b/securis/src/main/java/net/curisit/securis/db/Pack.java
@@ -0,0 +1,120 @@
+package net.curisit.securis.db;
+
+import java.io.Serializable;
+import java.util.Date;
+import java.util.Set;
+
+import javax.persistence.CascadeType;
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.FetchType;
+import javax.persistence.Id;
+import javax.persistence.JoinColumn;
+import javax.persistence.JoinTable;
+import javax.persistence.ManyToOne;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
+import javax.persistence.OneToMany;
+import javax.persistence.Table;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+/**
+ * Entity implementation class for Entity: pack
+ *
+ */
+@JsonAutoDetect
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@Entity
+@Table(name = "pack")
+@NamedQueries(
+ { @NamedQuery(name = "list-packs", query = "SELECT pa FROM Pack pa"),//
+ @NamedQuery(name = "list-packs-by-org", query = "SELECT pa FROM Pack pa where pa.organization = :organization") })
+public class Pack implements Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ private int id;
+
+ private String code;
+
+ @Column(name = "creation_timestamp")
+ private Date creationTimestamp;
+
+ @ManyToOne
+ @JoinColumn(name = "organization_id")
+ private Organization organization;
+
+ @ManyToOne
+ @JoinColumn(name = "license_type_id")
+ private LicenseType licenseType;
+
+ @ManyToOne
+ @JoinColumn(name = "created_by")
+ private User createdBy;
+
+ @OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
+ @JoinTable(name = "license", //
+ joinColumns =
+ { @JoinColumn(name = "pack_id") }, //
+ inverseJoinColumns =
+ { @JoinColumn(name = "id") })
+ private Set<License> licenses;
+
+ private int numLicenses;
+
+ public int getId() {
+ return id;
+ }
+
+ public String getCode() {
+ return code;
+ }
+
+ public void setCode(String code) {
+ this.code = code;
+ }
+
+ public Date getCreationTimestamp() {
+ return creationTimestamp;
+ }
+
+ public void setCreationTimestamp(Date creationTimestamp) {
+ this.creationTimestamp = creationTimestamp;
+ }
+
+ public Organization getOrganization() {
+ return organization;
+ }
+
+ public void setOrganization(Organization organization) {
+ this.organization = organization;
+ }
+
+ public LicenseType getLicenseType() {
+ return licenseType;
+ }
+
+ public void setLicenseType(LicenseType licenseType) {
+ this.licenseType = licenseType;
+ }
+
+ public User getCreatedBy() {
+ return createdBy;
+ }
+
+ public void setCreatedBy(User createdBy) {
+ this.createdBy = createdBy;
+ }
+
+ public int getNumLicenses() {
+ return numLicenses;
+ }
+
+ public void setNumLicenses(int numLicenses) {
+ this.numLicenses = numLicenses;
+ }
+
+}
diff --git a/securis/src/main/java/net/curisit/securis/db/User.java b/securis/src/main/java/net/curisit/securis/db/User.java
new file mode 100644
index 0000000..e96102e
--- /dev/null
+++ b/securis/src/main/java/net/curisit/securis/db/User.java
@@ -0,0 +1,160 @@
+package net.curisit.securis.db;
+
+import java.io.Serializable;
+import java.util.Date;
+import java.util.List;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.JoinColumn;
+import javax.persistence.JoinTable;
+import javax.persistence.ManyToMany;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
+import javax.persistence.Table;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonProperty;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+/**
+ * Entity implementation class for Entity: Users
+ *
+ */
+@JsonAutoDetect
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@Entity
+@Table(name = "user")
+@NamedQueries(
+ { @NamedQuery(name = "list-users", query = "SELECT u FROM User u"), @NamedQuery(name = "get-user", query = "SELECT u FROM User u where u.username = :username"),
+ @NamedQuery(name = "auth-user", query = "SELECT u FROM User u where u.username = :username and u.password = :password"), @NamedQuery(name = "delete-all-users", query = "delete FROM User u") })
+public class User implements Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ private String username;
+ private String password;
+ @JsonProperty(value = "short_name")
+ @Column(name = "short_name")
+ private String shortName;
+
+ private int role;
+
+ @JsonProperty(value = "full_name")
+ @Column(name = "full_name")
+ private String fullName;
+
+ @JsonProperty(value = "last_login")
+ @Column(name = "last_login")
+ private Date lastLogin;
+
+ @Column(name = "modification_timestamp")
+ private Date modificationTimestamp;
+
+ @Column(name = "creation_timestamp")
+ private Date creationTimestamp;
+
+ private String lang;
+
+ @ManyToMany
+ @JoinTable(name = "user_organization", //
+ joinColumns =
+ { @JoinColumn(name = "user_id", referencedColumnName = "id") }, //
+ inverseJoinColumns =
+ { @JoinColumn(name = "organization_id", referencedColumnName = "id") } //
+ )
+ private List<Organization> organizations;
+
+ public String getUsername() {
+ return username;
+ }
+
+ public void setUsername(String username) {
+ this.username = username;
+ }
+
+ public String getPassword() {
+ return password;
+ }
+
+ public void setPassword(String password) {
+ this.password = password;
+ }
+
+ public int getRole() {
+ return role;
+ }
+
+ public void setRole(int role) {
+ this.role = role;
+ }
+
+ public String getFullName() {
+ return fullName;
+ }
+
+ public void setFullName(String fullName) {
+ this.fullName = fullName;
+ }
+
+ public String getShortName() {
+ return shortName;
+ }
+
+ public void setShortName(String shortName) {
+ this.shortName = shortName;
+ }
+
+ public Date getLastLogin() {
+ return lastLogin;
+ }
+
+ public void setLastLogin(Date lastLogin) {
+ this.lastLogin = lastLogin;
+ }
+
+ public Date getModificationTimestamp() {
+ return modificationTimestamp;
+ }
+
+ public void setModificationTimestamp(Date modificationTimestamp) {
+ this.modificationTimestamp = modificationTimestamp;
+ }
+
+ public Date getCreationTimestamp() {
+ return creationTimestamp;
+ }
+
+ public void setCreationTimestamp(Date creationTimestamp) {
+ this.creationTimestamp = creationTimestamp;
+ }
+
+ @Override
+ public String toString() {
+ return "{User: " + username + " Full Name: " + fullName + ", last login: " + lastLogin + "}";
+ }
+
+ public String getLang() {
+ return lang;
+ }
+
+ public void setLang(String lang) {
+ this.lang = lang;
+ }
+
+ public List<Organization> getOrganizations() {
+ return organizations;
+ }
+
+ public void setOrganizations(List<Organization> organizations) {
+ this.organizations = organizations;
+ }
+
+ static public class Rol {
+ static public final int ADVANCE = 0x01;
+ static public final int ADMIN = 0x02;
+ }
+
+}
diff --git a/securis/src/main/java/net/curisit/securis/ioc/RequestsModule.java b/securis/src/main/java/net/curisit/securis/ioc/RequestsModule.java
index 34b9401..74301ad 100644
--- a/securis/src/main/java/net/curisit/securis/ioc/RequestsModule.java
+++ b/securis/src/main/java/net/curisit/securis/ioc/RequestsModule.java
@@ -2,6 +2,7 @@
import net.curisit.securis.services.BasicServices;
import net.curisit.securis.services.LicenseServices;
+import net.curisit.securis.services.SecurityInterceptor;
import net.curisit.securis.services.UserResource;
import org.eclipse.jetty.server.Authentication.User;
@@ -19,6 +20,8 @@
bind(BasicServices.class);
bind(LicenseServices.class);
bind(UserResource.class);
+ bind(SecurityInterceptor.class);
+
}
@Provides
diff --git a/securis/src/main/java/net/curisit/securis/ioc/SecurisModule.java b/securis/src/main/java/net/curisit/securis/ioc/SecurisModule.java
index 72c9c1f..ce82b61 100644
--- a/securis/src/main/java/net/curisit/securis/ioc/SecurisModule.java
+++ b/securis/src/main/java/net/curisit/securis/ioc/SecurisModule.java
@@ -9,9 +9,11 @@
import javax.inject.Named;
import javax.inject.Singleton;
+import javax.sql.DataSource;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriBuilderException;
+import org.h2.jdbcx.JdbcDataSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -31,7 +33,7 @@
}
public String getPassword() {
- return getFilePassword() + " " + "cur1s1nt3grity";
+ return getFilePassword() + " " + "53curi5";
}
public String getFilePassword() {
@@ -39,7 +41,7 @@
}
public String getUrl(File appDir) {
- return String.format("jdbc:h2:%s/db/curisintegrity_cs;CIPHER=AES", appDir.getAbsolutePath());
+ return String.format("jdbc:h2:%s/db/securis;CIPHER=AES", appDir.getAbsolutePath());
}
@Named("base-uri")
@@ -77,14 +79,85 @@
return Arrays.asList("/db/schema.sql");
}
- // @Provides
- // @Singleton
- // public HelloWorld provideHelloWorld() {
- // if (args.length > 0 && args[0].equals("fi")) {
- // return new HelloWorldFI();
- // } else {
- // return new HelloWorldPL();
- // }
- // }
+ @Named("temporary-dir")
+ @Provides
+ @Singleton
+ public File getTemporaryDir() {
+ String tmp = getAppDir().getAbsolutePath();
+ tmp += File.separator + ".TEMP";
+ File ftmp = new File(tmp);
+ if (!ftmp.exists()) {
+ if (!ftmp.mkdirs())
+ return null;
+ log.debug("Created temporary directory for app in: {}", ftmp.getAbsolutePath());
+ ftmp.deleteOnExit();
+ }
+ return ftmp;
+ }
+
+ @Named("app-dir")
+ @Provides
+ @Singleton
+ public File getAppDir() {
+ String appDir = System.getProperty("user.home", System.getProperty("user.dir"));
+ if (appDir == null) {
+ appDir = ".";
+ }
+ appDir += File.separator + ".SeCuris";
+ File fAppDir = new File(appDir);
+ if (!fAppDir.exists()) {
+ if (!fAppDir.mkdirs())
+ return null;
+ log.debug("Created app working directory app in: {}", fAppDir.getAbsolutePath());
+ }
+ return fAppDir;
+ }
+
+ @Named("support-email")
+ @Provides
+ @Singleton
+ public String getSupportEmail() {
+ return "integrity@curistec.com";
+ }
+
+ @Named("hash-logo")
+ @Provides
+ @Singleton
+ public String getHashLogo() {
+ return "1b42616809d4cd8ccf109e3c30d0ab25067f160b30b7354a08ddd563de0096ba";
+ }
+
+ @Named("license-req-file-name")
+ @Provides
+ @Singleton
+ public String getLicenseReqFileName() {
+ return "license.req";
+ }
+
+ @Named("license-file-name")
+ @Provides
+ @Singleton
+ public String getLicenseFileName() {
+ return "license.lic";
+ }
+
+ @Provides
+ @Singleton
+ public DataSource getDataSource(@Named("app-dir") File appDir) {
+
+ JdbcDataSource dataSource = new JdbcDataSource();
+ dataSource.setURL(getUrl(appDir));
+ dataSource.setUser("curis");
+ dataSource.setPassword(getPassword());
+ log.debug("JdbcDataSource: {}", dataSource);
+ return dataSource;
+ }
+
+ @Named("db-files")
+ @Provides
+ @Singleton
+ public List<String> getDbFiles() {
+ return getAppDbFiles();
+ }
}
diff --git a/securis/src/main/java/net/curisit/securis/services/Securable.java b/securis/src/main/java/net/curisit/securis/services/Securable.java
new file mode 100644
index 0000000..cad8f57
--- /dev/null
+++ b/securis/src/main/java/net/curisit/securis/services/Securable.java
@@ -0,0 +1,12 @@
+package net.curisit.securis.services;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.METHOD)
+public @interface Securable {
+ String header() default "session-token";
+}
\ No newline at end of file
diff --git a/securis/src/main/java/net/curisit/securis/services/SecurityInterceptor.java b/securis/src/main/java/net/curisit/securis/services/SecurityInterceptor.java
new file mode 100644
index 0000000..16e2444
--- /dev/null
+++ b/securis/src/main/java/net/curisit/securis/services/SecurityInterceptor.java
@@ -0,0 +1,49 @@
+package net.curisit.securis.services;
+
+import java.io.IOException;
+import java.lang.reflect.Method;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.ext.Provider;
+
+import org.jboss.resteasy.core.ResourceMethodInvoker;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@Provider
+public class SecurityInterceptor implements javax.ws.rs.container.ContainerRequestFilter {
+
+ private static final Logger log = LoggerFactory.getLogger(SecurityInterceptor.class);
+
+ @Context
+ private HttpServletRequest servletRequest;
+
+ @Override
+ public void filter(ContainerRequestContext containerRequestContext) throws IOException {
+ log.info("filter using REST interceptor, method: {}", containerRequestContext.getMethod());
+ log.info("filter using REST interceptor, ResourceMethodInvoker: {}", containerRequestContext.getProperty("org.jboss.resteasy.core.ResourceMethodInvoker"));
+ ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) containerRequestContext.getProperty("org.jboss.resteasy.core.ResourceMethodInvoker");
+ Method method = methodInvoker.getMethod();
+
+ if (!method.isAnnotationPresent(Securable.class))
+ return;
+ }
+
+ // @Override
+ // public ServerResponse preProcess(HttpRequest httpRequest, ResourceMethod resourceMethod) throws Failure, WebApplicationException {
+ //
+ // Securable securable = resourceMethod.getMethod().getAnnotation(Securable.class);
+ // String headerValue = servletRequest.getHeader(securable.header());
+ //
+ // if (headerValue == null) {
+ // return (ServerResponse) Response.status(Status.BAD_REQUEST).entity("Invalid Session").build();
+ // } else {
+ // // Validatation logic goes here
+ // }
+ //
+ // return null;
+ // }
+
+}
diff --git a/securis/src/main/java/net/curisit/securis/services/UserResource.java b/securis/src/main/java/net/curisit/securis/services/UserResource.java
index 603dd16..8048e89 100644
--- a/securis/src/main/java/net/curisit/securis/services/UserResource.java
+++ b/securis/src/main/java/net/curisit/securis/services/UserResource.java
@@ -1,6 +1,6 @@
package net.curisit.securis.services;
-import javax.annotation.security.RolesAllowed;
+import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
@@ -14,6 +14,7 @@
import javax.ws.rs.core.Response.Status;
import net.curisit.integrity.commons.Utils;
+import net.curisit.securis.utils.TokenHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -25,6 +26,9 @@
*/
@Path("/user")
public class UserResource {
+
+ @Inject
+ TokenHelper tokenHelper;
// private LicenseHelper licenseHelper = InjectorFactory.getInjector().getInstance(LicenseHelper.class);
private static final Logger log = LoggerFactory.getLogger(UserResource.class);
@@ -56,7 +60,8 @@
request.getSession().setAttribute("username", user);
if ("no".equals(password))
return Response.status(Status.FORBIDDEN).build();
- return Response.ok(Utils.createMap("name", "Pepito", "username", user)).build();
+ String tokenAuth = tokenHelper.generateToken(user);
+ return Response.ok(Utils.createMap("success", true, "token", tokenAuth)).build();
}
/**
@@ -66,7 +71,7 @@
@Path("/{username}")
@Produces(
{ MediaType.APPLICATION_JSON })
- @RolesAllowed("advance")
+ // @RolesAllowed("advance")
public Response main(@PathParam("username") String username) {
return Response.ok().entity(Utils.createMap("name", "Pepito", "username", username)).build();
}
diff --git a/securis/src/main/java/net/curisit/securis/utils/TokenHelper.java b/securis/src/main/java/net/curisit/securis/utils/TokenHelper.java
index aa1006a..a093e8e 100644
--- a/securis/src/main/java/net/curisit/securis/utils/TokenHelper.java
+++ b/securis/src/main/java/net/curisit/securis/utils/TokenHelper.java
@@ -22,6 +22,9 @@
private static final Logger log = LoggerFactory.getLogger(TokenHelper.class);
+ /**
+ * Period before token expires, set in hours.
+ */
private static int VALID_TOKEN_PERIOD = 24;
@Inject
@@ -30,6 +33,12 @@
private static byte[] seed = "S3Cur15S33dForT0k3nG3n3r@tion".getBytes();
+ /**
+ * Generate a token encoded in Base64 for user passed as parameter and taking the current moment as token timestamp
+ *
+ * @param user
+ * @return
+ */
public String generateToken(String user) {
try {
Date date = new Date();
@@ -50,7 +59,7 @@
}
- public String generateSecret(String user, Date date) throws UnsupportedEncodingException, NoSuchAlgorithmException {
+ private String generateSecret(String user, Date date) throws UnsupportedEncodingException, NoSuchAlgorithmException {
MessageDigest mDigest = MessageDigest.getInstance("SHA-256");
mDigest.update(seed, 0, seed.length);
byte[] userbytes = user.getBytes("utf-8");
@@ -62,6 +71,12 @@
return secret;
}
+ /**
+ * Check if passed token is still valid, It use to check if token is expired the attribute VALID_TOKEN_PERIOD (in hours)
+ *
+ * @param token
+ * @return
+ */
public boolean validateToken(String token) {
try {
String tokenDecoded = new String(Base64.decode(token));
@@ -69,18 +84,30 @@
String secret = parts[0];
String user = parts[1];
Date date = Utils.toDateFromIso(parts[2]);
- if (new Date(new Date().getTime() + 25 * 60 * 60 * 1000).after(new Date(date.getTime() + VALID_TOKEN_PERIOD * 60 * 60 * 1000)))
+ if (new Date().after(new Date(date.getTime() + VALID_TOKEN_PERIOD * 60 * 60 * 1000)))
return false;
String newSecret = generateSecret(user, date);
return newSecret.equals(secret);
} catch (IOException e) {
- log.error("Error decoding Bse64 token", e);
+ log.error("Error decoding Base64 token", e);
} catch (NoSuchAlgorithmException e) {
log.error("Error generation secret to compare with", e);
}
return false;
}
+ public String extractUserFromToken(String token) {
+ try {
+ String tokenDecoded = new String(Base64.decode(token));
+ String[] parts = StringUtils.split(tokenDecoded, ' ');
+ String user = parts[1];
+ return user;
+ } catch (IOException e) {
+ log.error("Error decoding Base64 token", e);
+ }
+ return null;
+ }
+
public static void main(String[] args) throws IOException {
TokenHelper th = new TokenHelper();
String token = th.generateToken("pepe");
diff --git a/securis/src/main/resources/db/schema.sql b/securis/src/main/resources/db/schema.sql
index e69de29..b631c95 100644
--- a/securis/src/main/resources/db/schema.sql
+++ b/securis/src/main/resources/db/schema.sql
@@ -0,0 +1,84 @@
+drop table IF EXISTS settings;
+CREATE TABLE IF NOT EXISTS settings (
+ key VARCHAR(100) NOT NULL ,
+ value VARCHAR(2000) NULL ,
+ timestamp DATETIME NOT NULL DEFAULT now() ,
+ PRIMARY KEY (key) );
+
+drop table IF EXISTS user;
+CREATE TABLE IF NOT EXISTS user (
+ username VARCHAR(45) NOT NULL ,
+ password VARCHAR(100) NULL ,
+ roles INT NULL ,
+ full_name VARCHAR(100) NULL ,
+ short_name VARCHAR(3) NULL ,
+ last_login DATETIME NULL ,
+ lang VARCHAR(10) NULL ,
+ creation_timestamp DATETIME NULL ,
+ modification_timestamp DATETIME NULL ,
+ PRIMARY KEY (username));
+
+drop table IF EXISTS application;
+CREATE TABLE IF NOT EXISTS application (
+ id INT NOT NULL,
+ name VARCHAR(45) NOT NULL ,
+ description VARCHAR(500) NULL ,
+ creation_timestamp DATETIME NULL ,
+ PRIMARY KEY (id));
+
+
+drop table IF EXISTS license_type;
+CREATE TABLE IF NOT EXISTS license_type (
+ id INT NOT NULL,
+ code VARCHAR(10) NOT NULL ,
+ name VARCHAR(45) NOT NULL ,
+ description VARCHAR(100) NULL ,
+ application_id INT NULL ,
+ creation_timestamp DATETIME NULL ,
+ PRIMARY KEY (id));
+
+drop table IF EXISTS organization;
+CREATE TABLE IF NOT EXISTS organization (
+ id INT NOT NULL auto_increment,
+ code VARCHAR(10) NOT NULL ,
+ name VARCHAR(45) NOT NULL ,
+ description VARCHAR(100) NULL ,
+ org_parent_id INT NULL ,
+ creation_timestamp DATETIME NULL ,
+ PRIMARY KEY (id));
+
+drop table IF EXISTS user_organization;
+CREATE TABLE IF NOT EXISTS user_organization (
+ user_id INT NOT NULL,
+ organization_id INT NOT NULL,
+ PRIMARY KEY (user_id, organization_id));
+
+drop table IF EXISTS pack;
+CREATE TABLE IF NOT EXISTS pack (
+ id INT NOT NULL,
+ code VARCHAR(50) NOT NULL ,
+ num_licenses INT NOT NULL ,
+ license_type_id INT NOT NULL,
+ organization_id INT NOT NULL,
+ created_by varchar(45) NULL ,
+ creation_timestamp DATETIME NOT NULL ,
+ PRIMARY KEY (id));
+
+drop table IF EXISTS license;
+CREATE TABLE IF NOT EXISTS license (
+ id INT NOT NULL,
+ code VARCHAR(100) NOT NULL ,
+ pack_id INT NOT NULL,
+ user_name INT NULL,
+ user_email INT NOT NULL,
+ creation_timestamp DATETIME NOT NULL ,
+ sent_timestamp DATETIME NULL ,
+ modification_timestamp DATETIME NULL ,
+ cancelation_timestamp DATETIME NULL ,
+ canceled_by varchar(45) NULL ,
+ created_by varchar(45) NULL ,
+ status VARCHAR(3) NULL ,
+ PRIMARY KEY (id));
+
+
+
\ No newline at end of file
--
Gitblit v1.3.2