Mercurial > lada > lada-server
comparison src/main/java/de/intevation/lada/rest/StatusService.java @ 582:a04658486ede
Use authentication info for authorization of requested objects.
author | Raimund Renkert <raimund.renkert@intevation.de> |
---|---|
date | Mon, 23 Mar 2015 17:52:17 +0100 |
parents | 61ce3ce0100e |
children | 746e03da9fad |
comparison
equal
deleted
inserted
replaced
581:bb76a5d7a98d | 582:a04658486ede |
---|---|
7 */ | 7 */ |
8 package de.intevation.lada.rest; | 8 package de.intevation.lada.rest; |
9 | 9 |
10 import javax.enterprise.context.RequestScoped; | 10 import javax.enterprise.context.RequestScoped; |
11 import javax.inject.Inject; | 11 import javax.inject.Inject; |
12 import javax.servlet.http.HttpServletRequest; | |
12 import javax.ws.rs.DELETE; | 13 import javax.ws.rs.DELETE; |
13 import javax.ws.rs.GET; | 14 import javax.ws.rs.GET; |
14 import javax.ws.rs.POST; | 15 import javax.ws.rs.POST; |
15 import javax.ws.rs.PUT; | 16 import javax.ws.rs.PUT; |
16 import javax.ws.rs.Path; | 17 import javax.ws.rs.Path; |
20 import javax.ws.rs.core.HttpHeaders; | 21 import javax.ws.rs.core.HttpHeaders; |
21 import javax.ws.rs.core.MediaType; | 22 import javax.ws.rs.core.MediaType; |
22 import javax.ws.rs.core.MultivaluedMap; | 23 import javax.ws.rs.core.MultivaluedMap; |
23 import javax.ws.rs.core.UriInfo; | 24 import javax.ws.rs.core.UriInfo; |
24 | 25 |
25 import org.apache.log4j.Logger; | |
26 | |
27 import de.intevation.lada.model.land.LStatus; | 26 import de.intevation.lada.model.land.LStatus; |
28 import de.intevation.lada.util.annotation.AuthenticationConfig; | |
29 import de.intevation.lada.util.annotation.AuthorizationConfig; | 27 import de.intevation.lada.util.annotation.AuthorizationConfig; |
30 import de.intevation.lada.util.annotation.RepositoryConfig; | 28 import de.intevation.lada.util.annotation.RepositoryConfig; |
31 import de.intevation.lada.util.auth.Authentication; | |
32 import de.intevation.lada.util.auth.AuthenticationType; | |
33 import de.intevation.lada.util.auth.Authorization; | 29 import de.intevation.lada.util.auth.Authorization; |
34 import de.intevation.lada.util.auth.AuthorizationType; | 30 import de.intevation.lada.util.auth.AuthorizationType; |
35 import de.intevation.lada.util.data.QueryBuilder; | 31 import de.intevation.lada.util.data.QueryBuilder; |
36 import de.intevation.lada.util.data.Repository; | 32 import de.intevation.lada.util.data.Repository; |
37 import de.intevation.lada.util.data.RepositoryType; | 33 import de.intevation.lada.util.data.RepositoryType; |
34 import de.intevation.lada.util.rest.RequestMethod; | |
38 import de.intevation.lada.util.rest.Response; | 35 import de.intevation.lada.util.rest.Response; |
39 | 36 |
40 @Path("status") | 37 @Path("status") |
41 @RequestScoped | 38 @RequestScoped |
42 public class StatusService { | 39 public class StatusService { |
43 | 40 |
44 /* The logger used in this class.*/ | |
45 @Inject | |
46 private Logger logger; | |
47 | |
48 /* The data repository granting read/write access.*/ | 41 /* The data repository granting read/write access.*/ |
49 @Inject | 42 @Inject |
50 @RepositoryConfig(type=RepositoryType.RW) | 43 @RepositoryConfig(type=RepositoryType.RW) |
51 private Repository defaultRepo; | 44 private Repository defaultRepo; |
52 | 45 |
53 /* The authentication module.*/ | |
54 @Inject | |
55 @AuthenticationConfig(type=AuthenticationType.NONE) | |
56 private Authentication authentication; | |
57 | |
58 /* The authorization module.*/ | 46 /* The authorization module.*/ |
59 @Inject | 47 @Inject |
60 @AuthorizationConfig(type=AuthorizationType.NONE) | 48 @AuthorizationConfig(type=AuthorizationType.OPEN_ID) |
61 private Authorization authorization; | 49 private Authorization authorization; |
62 | 50 |
63 /** | 51 /** |
64 * Get all objects. | 52 * Get all objects. |
65 * | 53 * |
68 @GET | 56 @GET |
69 @Path("/") | 57 @Path("/") |
70 @Produces(MediaType.APPLICATION_JSON) | 58 @Produces(MediaType.APPLICATION_JSON) |
71 public Response get( | 59 public Response get( |
72 @Context HttpHeaders headers, | 60 @Context HttpHeaders headers, |
73 @Context UriInfo info | 61 @Context UriInfo info, |
62 @Context HttpServletRequest request | |
74 ) { | 63 ) { |
75 if (!authentication.isAuthenticated(headers)) { | |
76 logger.debug("User is not authenticated!"); | |
77 return new Response(false, 699, null); | |
78 } | |
79 MultivaluedMap<String, String> params = info.getQueryParameters(); | 64 MultivaluedMap<String, String> params = info.getQueryParameters(); |
80 if (params.isEmpty() || !params.containsKey("messungsId")) { | 65 if (params.isEmpty() || !params.containsKey("messungsId")) { |
81 return defaultRepo.getAll(LStatus.class, "land"); | 66 return defaultRepo.getAll(LStatus.class, "land"); |
82 } | 67 } |
83 String messungId = params.getFirst("messungsId"); | 68 String messungId = params.getFirst("messungsId"); |
84 QueryBuilder<LStatus> builder = | 69 QueryBuilder<LStatus> builder = |
85 new QueryBuilder<LStatus>( | 70 new QueryBuilder<LStatus>( |
86 defaultRepo.entityManager("land"), | 71 defaultRepo.entityManager("land"), |
87 LStatus.class); | 72 LStatus.class); |
88 builder.and("messungsId", messungId); | 73 builder.and("messungsId", messungId); |
89 return defaultRepo.filter(builder.getQuery(), "land"); | 74 return authorization.filter( |
75 request, | |
76 defaultRepo.filter(builder.getQuery(), "land"), | |
77 LStatus.class); | |
90 } | 78 } |
91 | 79 |
92 /** | 80 /** |
93 * Get an object by id. | 81 * Get an object by id. |
94 * | 82 * |
97 @GET | 85 @GET |
98 @Path("/{id}") | 86 @Path("/{id}") |
99 @Produces(MediaType.APPLICATION_JSON) | 87 @Produces(MediaType.APPLICATION_JSON) |
100 public Response getById( | 88 public Response getById( |
101 @Context HttpHeaders headers, | 89 @Context HttpHeaders headers, |
90 @Context HttpServletRequest request, | |
102 @PathParam("id") String id | 91 @PathParam("id") String id |
103 ) { | 92 ) { |
104 if (!authentication.isAuthenticated(headers)) { | 93 return authorization.filter( |
105 logger.debug("User is not authenticated!"); | 94 request, |
106 return new Response(false, 699, null); | 95 defaultRepo.getById(LStatus.class, Integer.valueOf(id), "land"), |
107 } | 96 LStatus.class); |
108 return defaultRepo.getById(LStatus.class, Integer.valueOf(id), "land"); | |
109 } | 97 } |
110 | 98 |
111 @POST | 99 @POST |
112 @Path("/") | 100 @Path("/") |
113 @Produces(MediaType.APPLICATION_JSON) | 101 @Produces(MediaType.APPLICATION_JSON) |
114 public Response create( | 102 public Response create( |
115 @Context HttpHeaders headers, | 103 @Context HttpHeaders headers, |
104 @Context HttpServletRequest request, | |
116 LStatus status | 105 LStatus status |
117 ) { | 106 ) { |
118 if (!authentication.isAuthenticated(headers)) { | 107 if (!authorization.isAuthorized( |
108 request, | |
109 status, | |
110 RequestMethod.POST, | |
111 LStatus.class) | |
112 ) { | |
119 return new Response(false, 699, null); | 113 return new Response(false, 699, null); |
120 } | 114 } |
121 /* Persist the new object*/ | 115 /* Persist the new object*/ |
122 return defaultRepo.create(status, "land"); | 116 return defaultRepo.create(status, "land"); |
123 } | 117 } |
128 * @return Response object containing the updated probe object. | 122 * @return Response object containing the updated probe object. |
129 */ | 123 */ |
130 @PUT | 124 @PUT |
131 @Path("/{id}") | 125 @Path("/{id}") |
132 @Produces(MediaType.APPLICATION_JSON) | 126 @Produces(MediaType.APPLICATION_JSON) |
133 public Response update(@Context HttpHeaders headers, LStatus status) { | 127 public Response update( |
134 if (!authentication.isAuthenticated(headers)) { | 128 @Context HttpHeaders headers, |
135 logger.debug("User is not authenticated!"); | 129 @Context HttpServletRequest request, |
130 LStatus status | |
131 ) { | |
132 if (!authorization.isAuthorized( | |
133 request, | |
134 status, | |
135 RequestMethod.PUT, | |
136 LStatus.class) | |
137 ) { | |
136 return new Response(false, 699, null); | 138 return new Response(false, 699, null); |
137 } | 139 } |
138 Response response = defaultRepo.update(status, "land"); | 140 Response response = defaultRepo.update(status, "land"); |
139 Response updated = defaultRepo.getById( | 141 Response updated = defaultRepo.getById( |
140 LStatus.class, | 142 LStatus.class, |
150 @DELETE | 152 @DELETE |
151 @Path("/{id}") | 153 @Path("/{id}") |
152 @Produces(MediaType.APPLICATION_JSON) | 154 @Produces(MediaType.APPLICATION_JSON) |
153 public Response delete( | 155 public Response delete( |
154 @Context HttpHeaders headers, | 156 @Context HttpHeaders headers, |
157 @Context HttpServletRequest request, | |
155 @PathParam("id") String id | 158 @PathParam("id") String id |
156 ) { | 159 ) { |
157 if (!authentication.isAuthenticated(headers)) { | |
158 logger.debug("User is not authenticated!"); | |
159 return new Response(false, 699, null); | |
160 } | |
161 /* Get the object by id*/ | 160 /* Get the object by id*/ |
162 Response object = | 161 Response object = |
163 defaultRepo.getById(LStatus.class, Integer.valueOf(id), "land"); | 162 defaultRepo.getById(LStatus.class, Integer.valueOf(id), "land"); |
164 LStatus obj = (LStatus)object.getData(); | 163 LStatus obj = (LStatus)object.getData(); |
164 if (!authorization.isAuthorized( | |
165 request, | |
166 obj, | |
167 RequestMethod.DELETE, | |
168 LStatus.class) | |
169 ) { | |
170 return new Response(false, 699, null); | |
171 } | |
165 /* Delete the object*/ | 172 /* Delete the object*/ |
166 return defaultRepo.delete(obj, "land"); | 173 return defaultRepo.delete(obj, "land"); |
167 } | 174 } |
168 } | 175 } |