Mercurial > lada > lada-server

comparison src/main/java/de/intevation/lada/rest/StatusService.java @ 582:a04658486ede

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Use authentication info for authorization of requested objects.
author Raimund Renkert <raimund.renkert@intevation.de>
date Mon, 23 Mar 2015 17:52:17 +0100
parents 61ce3ce0100e
children 746e03da9fad
comparison
equal deleted inserted replaced
581:bb76a5d7a98d 582:a04658486ede
7 */ 7 */
8 package de.intevation.lada.rest; 8 package de.intevation.lada.rest;
9 9
10 import javax.enterprise.context.RequestScoped; 10 import javax.enterprise.context.RequestScoped;
11 import javax.inject.Inject; 11 import javax.inject.Inject;
12 import javax.servlet.http.HttpServletRequest;
12 import javax.ws.rs.DELETE; 13 import javax.ws.rs.DELETE;
13 import javax.ws.rs.GET; 14 import javax.ws.rs.GET;
14 import javax.ws.rs.POST; 15 import javax.ws.rs.POST;
15 import javax.ws.rs.PUT; 16 import javax.ws.rs.PUT;
16 import javax.ws.rs.Path; 17 import javax.ws.rs.Path;
20 import javax.ws.rs.core.HttpHeaders; 21 import javax.ws.rs.core.HttpHeaders;
21 import javax.ws.rs.core.MediaType; 22 import javax.ws.rs.core.MediaType;
22 import javax.ws.rs.core.MultivaluedMap; 23 import javax.ws.rs.core.MultivaluedMap;
23 import javax.ws.rs.core.UriInfo; 24 import javax.ws.rs.core.UriInfo;
24 25
25 import org.apache.log4j.Logger;
26
27 import de.intevation.lada.model.land.LStatus; 26 import de.intevation.lada.model.land.LStatus;
28 import de.intevation.lada.util.annotation.AuthenticationConfig;
29 import de.intevation.lada.util.annotation.AuthorizationConfig; 27 import de.intevation.lada.util.annotation.AuthorizationConfig;
30 import de.intevation.lada.util.annotation.RepositoryConfig; 28 import de.intevation.lada.util.annotation.RepositoryConfig;
31 import de.intevation.lada.util.auth.Authentication;
32 import de.intevation.lada.util.auth.AuthenticationType;
33 import de.intevation.lada.util.auth.Authorization; 29 import de.intevation.lada.util.auth.Authorization;
34 import de.intevation.lada.util.auth.AuthorizationType; 30 import de.intevation.lada.util.auth.AuthorizationType;
35 import de.intevation.lada.util.data.QueryBuilder; 31 import de.intevation.lada.util.data.QueryBuilder;
36 import de.intevation.lada.util.data.Repository; 32 import de.intevation.lada.util.data.Repository;
37 import de.intevation.lada.util.data.RepositoryType; 33 import de.intevation.lada.util.data.RepositoryType;
34 import de.intevation.lada.util.rest.RequestMethod;
38 import de.intevation.lada.util.rest.Response; 35 import de.intevation.lada.util.rest.Response;
39 36
40 @Path("status") 37 @Path("status")
41 @RequestScoped 38 @RequestScoped
42 public class StatusService { 39 public class StatusService {
43 40
44 /* The logger used in this class.*/
45 @Inject
46 private Logger logger;
47
48 /* The data repository granting read/write access.*/ 41 /* The data repository granting read/write access.*/
49 @Inject 42 @Inject
50 @RepositoryConfig(type=RepositoryType.RW) 43 @RepositoryConfig(type=RepositoryType.RW)
51 private Repository defaultRepo; 44 private Repository defaultRepo;
52 45
53 /* The authentication module.*/
54 @Inject
55 @AuthenticationConfig(type=AuthenticationType.NONE)
56 private Authentication authentication;
57
58 /* The authorization module.*/ 46 /* The authorization module.*/
59 @Inject 47 @Inject
60 @AuthorizationConfig(type=AuthorizationType.NONE) 48 @AuthorizationConfig(type=AuthorizationType.OPEN_ID)
61 private Authorization authorization; 49 private Authorization authorization;
62 50
63 /** 51 /**
64 * Get all objects. 52 * Get all objects.
65 * 53 *
68 @GET 56 @GET
69 @Path("/") 57 @Path("/")
70 @Produces(MediaType.APPLICATION_JSON) 58 @Produces(MediaType.APPLICATION_JSON)
71 public Response get( 59 public Response get(
72 @Context HttpHeaders headers, 60 @Context HttpHeaders headers,
73 @Context UriInfo info 61 @Context UriInfo info,
62 @Context HttpServletRequest request
74 ) { 63 ) {
75 if (!authentication.isAuthenticated(headers)) {
76 logger.debug("User is not authenticated!");
77 return new Response(false, 699, null);
78 }
79 MultivaluedMap<String, String> params = info.getQueryParameters(); 64 MultivaluedMap<String, String> params = info.getQueryParameters();
80 if (params.isEmpty() || !params.containsKey("messungsId")) { 65 if (params.isEmpty() || !params.containsKey("messungsId")) {
81 return defaultRepo.getAll(LStatus.class, "land"); 66 return defaultRepo.getAll(LStatus.class, "land");
82 } 67 }
83 String messungId = params.getFirst("messungsId"); 68 String messungId = params.getFirst("messungsId");
84 QueryBuilder<LStatus> builder = 69 QueryBuilder<LStatus> builder =
85 new QueryBuilder<LStatus>( 70 new QueryBuilder<LStatus>(
86 defaultRepo.entityManager("land"), 71 defaultRepo.entityManager("land"),
87 LStatus.class); 72 LStatus.class);
88 builder.and("messungsId", messungId); 73 builder.and("messungsId", messungId);
89 return defaultRepo.filter(builder.getQuery(), "land"); 74 return authorization.filter(
75 request,
76 defaultRepo.filter(builder.getQuery(), "land"),
77 LStatus.class);
90 } 78 }
91 79
92 /** 80 /**
93 * Get an object by id. 81 * Get an object by id.
94 * 82 *
97 @GET 85 @GET
98 @Path("/{id}") 86 @Path("/{id}")
99 @Produces(MediaType.APPLICATION_JSON) 87 @Produces(MediaType.APPLICATION_JSON)
100 public Response getById( 88 public Response getById(
101 @Context HttpHeaders headers, 89 @Context HttpHeaders headers,
90 @Context HttpServletRequest request,
102 @PathParam("id") String id 91 @PathParam("id") String id
103 ) { 92 ) {
104 if (!authentication.isAuthenticated(headers)) { 93 return authorization.filter(
105 logger.debug("User is not authenticated!"); 94 request,
106 return new Response(false, 699, null); 95 defaultRepo.getById(LStatus.class, Integer.valueOf(id), "land"),
107 } 96 LStatus.class);
108 return defaultRepo.getById(LStatus.class, Integer.valueOf(id), "land");
109 } 97 }
110 98
111 @POST 99 @POST
112 @Path("/") 100 @Path("/")
113 @Produces(MediaType.APPLICATION_JSON) 101 @Produces(MediaType.APPLICATION_JSON)
114 public Response create( 102 public Response create(
115 @Context HttpHeaders headers, 103 @Context HttpHeaders headers,
104 @Context HttpServletRequest request,
116 LStatus status 105 LStatus status
117 ) { 106 ) {
118 if (!authentication.isAuthenticated(headers)) { 107 if (!authorization.isAuthorized(
108 request,
109 status,
110 RequestMethod.POST,
111 LStatus.class)
112 ) {
119 return new Response(false, 699, null); 113 return new Response(false, 699, null);
120 } 114 }
121 /* Persist the new object*/ 115 /* Persist the new object*/
122 return defaultRepo.create(status, "land"); 116 return defaultRepo.create(status, "land");
123 } 117 }
128 * @return Response object containing the updated probe object. 122 * @return Response object containing the updated probe object.
129 */ 123 */
130 @PUT 124 @PUT
131 @Path("/{id}") 125 @Path("/{id}")
132 @Produces(MediaType.APPLICATION_JSON) 126 @Produces(MediaType.APPLICATION_JSON)
133 public Response update(@Context HttpHeaders headers, LStatus status) { 127 public Response update(
134 if (!authentication.isAuthenticated(headers)) { 128 @Context HttpHeaders headers,
135 logger.debug("User is not authenticated!"); 129 @Context HttpServletRequest request,
130 LStatus status
131 ) {
132 if (!authorization.isAuthorized(
133 request,
134 status,
135 RequestMethod.PUT,
136 LStatus.class)
137 ) {
136 return new Response(false, 699, null); 138 return new Response(false, 699, null);
137 } 139 }
138 Response response = defaultRepo.update(status, "land"); 140 Response response = defaultRepo.update(status, "land");
139 Response updated = defaultRepo.getById( 141 Response updated = defaultRepo.getById(
140 LStatus.class, 142 LStatus.class,
150 @DELETE 152 @DELETE
151 @Path("/{id}") 153 @Path("/{id}")
152 @Produces(MediaType.APPLICATION_JSON) 154 @Produces(MediaType.APPLICATION_JSON)
153 public Response delete( 155 public Response delete(
154 @Context HttpHeaders headers, 156 @Context HttpHeaders headers,
157 @Context HttpServletRequest request,
155 @PathParam("id") String id 158 @PathParam("id") String id
156 ) { 159 ) {
157 if (!authentication.isAuthenticated(headers)) {
158 logger.debug("User is not authenticated!");
159 return new Response(false, 699, null);
160 }
161 /* Get the object by id*/ 160 /* Get the object by id*/
162 Response object = 161 Response object =
163 defaultRepo.getById(LStatus.class, Integer.valueOf(id), "land"); 162 defaultRepo.getById(LStatus.class, Integer.valueOf(id), "land");
164 LStatus obj = (LStatus)object.getData(); 163 LStatus obj = (LStatus)object.getData();
164 if (!authorization.isAuthorized(
165 request,
166 obj,
167 RequestMethod.DELETE,
168 LStatus.class)
169 ) {
170 return new Response(false, 699, null);
171 }
165 /* Delete the object*/ 172 /* Delete the object*/
166 return defaultRepo.delete(obj, "land"); 173 return defaultRepo.delete(obj, "land");
167 } 174 }
168 } 175 }
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)