Skip to content

Codecrew / Moya

Go to a project
Commit 662f4348 by Juho Juopperi
Options

Merge branch 'restauth' into 'master' 

Random minor fixes and additions for android app

Check commit messages.

See merge request !195
2 parents 0192b041 ccd37ebf
Inline Side-by-side
Showing with 129 additions and 25 deletions
code/moya-beans-client/ejbModule/fi/codecrew/moya/beans/PermissionBeanLocal.java
...@@ -60,6 +60,8 @@ public interface PermissionBeanLocal { ...@@ -60,6 +60,8 @@ public interface PermissionBeanLocal {
boolean hasPermission(SpecialPermission superadmin); boolean hasPermission(SpecialPermission superadmin);
boolean isCurrentUser(String login);
// boolean hasPermission(String perm); // boolean hasPermission(String perm);
} }
code/moya-beans/ejbModule/fi/codecrew/moya/beans/JaasBean.java
...@@ -114,7 +114,7 @@ public class JaasBean implements MoyaRealmBeanRemote { ...@@ -114,7 +114,7 @@ public class JaasBean implements MoyaRealmBeanRemote {
// If there is no eventuser found, try to create one. // If there is no eventuser found, try to create one.
if (user != null) { if (user != null) {
logger.info("TryLogin user not null: {}", user); logger.info("TryLogin user not null: {}, login {}", user, user.getLogin());
if (user.isAnonymous()) { if (user.isAnonymous()) {
logger.info("logging in as anonymous!!!"); logger.info("logging in as anonymous!!!");
} else if (!user.checkPassword(password)) { } else if (!user.checkPassword(password)) {
...@@ -140,7 +140,7 @@ public class JaasBean implements MoyaRealmBeanRemote { ...@@ -140,7 +140,7 @@ public class JaasBean implements MoyaRealmBeanRemote {
} }
// jos logitetaan anomuumi, niin uuden tapahtuman luominen hajoaa jännästi. // jos logitetaan anomuumi, niin uuden tapahtuman luominen hajoaa jännästi.
if (!user.isAnonymous()) if (user != null && !user.isAnonymous())
secubean.sendMessage(MoyaEventType.LOGIN_SUCCESSFULL, eventUser, "User logged in with username: '", username, "' eventuser: ", eventUser); secubean.sendMessage(MoyaEventType.LOGIN_SUCCESSFULL, eventUser, "User logged in with username: '", username, "' eventuser: ", eventUser);
} else { } else {
secubean.sendMessage(MoyaEventType.LOGIN_FAILED, eventUserFacade.findByLogin(User.ANONYMOUS_LOGINNAME), "Login failed: Username not found: ", username); secubean.sendMessage(MoyaEventType.LOGIN_FAILED, eventUserFacade.findByLogin(User.ANONYMOUS_LOGINNAME), "Login failed: Username not found: ", username);
......
code/moya-beans/ejbModule/fi/codecrew/moya/beans/PermissionBean.java
...@@ -156,7 +156,14 @@ public class PermissionBean implements PermissionBeanLocal { ...@@ -156,7 +156,14 @@ public class PermissionBean implements PermissionBeanLocal {
@Override @Override
public boolean isCurrentUser(User user) { public boolean isCurrentUser(User user) {
return (context.getCallerPrincipal() == null || user == null) ? false : context.getCallerPrincipal().getName().equals(user.getLogin());
return user != null && isCurrentUser(user.getLogin());
}
@Override
public boolean isCurrentUser(String login) {
return (context.getCallerPrincipal() == null || login == null) ? false : context.getCallerPrincipal().getName().equals(login);
} }
@Override @Override
......
code/moya-restpojo/pom.xml
...@@ -2,19 +2,50 @@ ...@@ -2,19 +2,50 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
<artifactId>moya-restpojo</artifactId> <artifactId>moya-restpojo</artifactId>
<parent>
<groupId>fi.codecrew.moya</groupId> <groupId>fi.codecrew.moya</groupId>
<artifactId>moya-parent</artifactId>
<version>1.0</version> <version>1.0</version>
<relativePath>../moya-parent/pom.xml</relativePath> <build>
</parent> <plugins>
<!-- <plugin>
<dependencies> <groupId>org.apache.maven.plugins</groupId>
<dependency> <artifactId>maven-compiler-plugin</artifactId>
<groupId>fi.codecrew.moya</groupId> <version>3.1</version>
<artifactId>moya-database</artifactId> <configuration>
<version>${moya.version}</version> <source>1.5</source>
</dependency> <target>1.5</target>
</dependencies> <encoding>UTF-8</encoding>
--> </configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
<extensions>
<extension>
<groupId>org.apache.maven.wagon</groupId>
<artifactId>wagon-ssh</artifactId>
<version>2.7</version>
</extension>
</extensions>
</build>
<distributionManagement>
<downloadUrl>http://codecrew.fi/mvn</downloadUrl>
<repository>
<id>Codecrew</id>
<name>codecrew</name>
<url>sftp://codecrew.fi/var/www/website/mvn</url>
</repository>
</distributionManagement>
</project> </project>
\ No newline at end of file
code/moya-restpojo/src/main/java/fi/codecrew/moya/rest/pojo/network/v1/NetworkAssociationInfolistResponseRoot.java
...@@ -28,7 +28,7 @@ public class NetworkAssociationInfolistResponseRoot { ...@@ -28,7 +28,7 @@ public class NetworkAssociationInfolistResponseRoot {
private List<NetworkAssociationInfoPojo> associations; private List<NetworkAssociationInfoPojo> associations;
public NetworkAssociationInfolistResponseRoot() { public NetworkAssociationInfolistResponseRoot() {
this.associations = new ArrayList<>(); this.associations = new ArrayList<NetworkAssociationInfoPojo>();
} }
public List<NetworkAssociationInfoPojo> getAssociations() { public List<NetworkAssociationInfoPojo> getAssociations() {
......
code/moya-restpojo/src/main/java/fi/codecrew/moya/rest/pojo/placemap/v1/PlacemapMapRootPojo.java
...@@ -5,15 +5,11 @@ import java.util.List; ...@@ -5,15 +5,11 @@ import java.util.List;
import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlRootElement;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@XmlRootElement @XmlRootElement
public class PlacemapMapRootPojo { public class PlacemapMapRootPojo {
private MapPojo map; private MapPojo map;
private List<ProductRestPojo> products; private List<ProductRestPojo> products;
private static final Logger logger = LoggerFactory.getLogger(PlacemapMapRootPojo.class);
public PlacemapMapRootPojo() { public PlacemapMapRootPojo() {
} }
......
code/moya-web/src/main/java/fi/codecrew/moya/HostnameFilter.java
...@@ -126,7 +126,7 @@ public class HostnameFilter implements Filter { ...@@ -126,7 +126,7 @@ public class HostnameFilter implements Filter {
*/ */
private static final String[] NOAUTH_RESTPATHS = new String[] { private static final String[] NOAUTH_RESTPATHS = new String[] {
"/reader/EventRole/", "/reader/EventRole/","/user/auth"
}; };
...@@ -197,6 +197,7 @@ public class HostnameFilter implements Filter { ...@@ -197,6 +197,7 @@ public class HostnameFilter implements Filter {
private boolean restAuth(HttpServletRequest httpRequest, ServletResponse response) { private boolean restAuth(HttpServletRequest httpRequest, ServletResponse response) {
String sp = httpRequest.getPathInfo(); String sp = httpRequest.getPathInfo();
for (String s : NOAUTH_RESTPATHS) { for (String s : NOAUTH_RESTPATHS) {
if (sp.startsWith(s)) { if (sp.startsWith(s)) {
......
code/moya-web/src/main/java/fi/codecrew/moya/rest/UserRestView.java
...@@ -18,18 +18,35 @@ ...@@ -18,18 +18,35 @@
*/ */
package fi.codecrew.moya.rest; package fi.codecrew.moya.rest;
import java.security.Principal;
import javax.annotation.Resource;
import javax.ejb.EJB; import javax.ejb.EJB;
import javax.ejb.SessionContext;
import javax.enterprise.context.RequestScoped; import javax.enterprise.context.RequestScoped;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.FormParam; import javax.ws.rs.FormParam;
import javax.ws.rs.GET; import javax.ws.rs.GET;
import javax.ws.rs.POST; import javax.ws.rs.POST;
import javax.ws.rs.Path; import javax.ws.rs.Path;
import javax.ws.rs.PathParam; import javax.ws.rs.PathParam;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.ResponseBuilder;
import javax.ws.rs.core.Response.Status;
import org.apache.http.HttpRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.codecrew.moya.beans.CardTemplateBeanLocal; import fi.codecrew.moya.beans.CardTemplateBeanLocal;
import fi.codecrew.moya.beans.PermissionBeanLocal;
import fi.codecrew.moya.beans.UserBeanLocal; import fi.codecrew.moya.beans.UserBeanLocal;
import fi.codecrew.moya.model.EventUser; import fi.codecrew.moya.model.EventUser;
import fi.codecrew.moya.rest.pojo.userinfo.v1.EventUserRestPojo; import fi.codecrew.moya.rest.pojo.userinfo.v1.EventUserRestPojo;
...@@ -51,10 +68,59 @@ public class UserRestView { ...@@ -51,10 +68,59 @@ public class UserRestView {
@EJB @EJB
private CardTemplateBeanLocal cardbean; private CardTemplateBeanLocal cardbean;
@Context
private HttpServletRequest servletRequest;
@EJB
private PermissionBeanLocal permbean;
private static final Logger logger = LoggerFactory.getLogger(UserRestView.class);
@POST
@Path("/auth")
@Produces({ MediaType.APPLICATION_JSON })
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response auth(
@FormParam("username") String username,
@FormParam("password") String password) {
logger.info("Tried to login with rest {} , {}", username, password);
boolean success = true;
try {
Principal principal = servletRequest.getUserPrincipal();
if (principal != null) {
logger.info("Current username {}", principal.getName());
if (principal.getName() != null && !principal.getName().equals(username)) {
logger.info("Trying to logout from user {}", principal.getName());
servletRequest.logout();
}
}
if (principal == null || principal.getName() == null || !principal.getName().equals(username)) {
servletRequest.getSession(true);
servletRequest.login(username, password);
}
} catch (ServletException e) {
success = false;
}
ResponseBuilder ret = null;
if (success)
ret = Response.ok(PojoUtils.initEventUserRestPojo(permbean.getCurrentUser()));
else
ret = Response.status(Status.FORBIDDEN);
return ret.build();
}
@GET @GET
@Path("/eventusers") @Path("/eventusers")
public SimpleEventuserRoot getEventUsers() { public SimpleEventuserRoot getEventUsers(
UserSearchQuery q = new UserSearchQuery(0, 0, null, null, QuerySortOrder.UNSORTED); @DefaultValue("0") @QueryParam("pagesize") Integer pagesize,
@DefaultValue("0") @QueryParam("page") Integer page,
@QueryParam("search") String search
) {
UserSearchQuery q = new UserSearchQuery(page, pagesize, null, search, QuerySortOrder.UNSORTED);
SearchResult<EventUser> users = userbean.getThisEventsUsers(q); SearchResult<EventUser> users = userbean.getThisEventsUsers(q);
return PojoUtils.parseEventusers(users.getResults()); return PojoUtils.parseEventusers(users.getResults());
} }
...@@ -72,7 +138,7 @@ public class UserRestView { ...@@ -72,7 +138,7 @@ public class UserRestView {
public EventUserRestPojo getEventUser(@PathParam("cardauthcode") String code) { public EventUserRestPojo getEventUser(@PathParam("cardauthcode") String code) {
EventUser user = userbean.getUserByAuthcode(code); EventUser user = userbean.getUserByAuthcode(code);
if(user != null) if (user != null)
return PojoUtils.initEventUserRestPojo(user); return PojoUtils.initEventUserRestPojo(user);
else else
return new EventUserRestPojo(); return new EventUserRestPojo();
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!