Mercurial > lada > lada-server
diff src/main/java/de/intevation/lada/rest/KommentarPService.java @ 582:a04658486ede
Use authentication info for authorization of requested objects.
| author | Raimund Renkert <raimund.renkert@intevation.de> |
|---|---|
| date | Mon, 23 Mar 2015 17:52:17 +0100 |
| parents | 61ce3ce0100e |
| children | ddab1ecb2898 |
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/rest/KommentarPService.java Mon Mar 23 17:50:51 2015 +0100 +++ b/src/main/java/de/intevation/lada/rest/KommentarPService.java Mon Mar 23 17:52:17 2015 +0100 @@ -9,6 +9,7 @@ import javax.enterprise.context.RequestScoped; import javax.inject.Inject; +import javax.servlet.http.HttpServletRequest; import javax.ws.rs.DELETE; import javax.ws.rs.GET; import javax.ws.rs.POST; @@ -25,16 +26,14 @@ import org.apache.log4j.Logger; import de.intevation.lada.model.land.LKommentarP; -import de.intevation.lada.util.annotation.AuthenticationConfig; import de.intevation.lada.util.annotation.AuthorizationConfig; import de.intevation.lada.util.annotation.RepositoryConfig; -import de.intevation.lada.util.auth.Authentication; -import de.intevation.lada.util.auth.AuthenticationType; import de.intevation.lada.util.auth.Authorization; import de.intevation.lada.util.auth.AuthorizationType; import de.intevation.lada.util.data.QueryBuilder; import de.intevation.lada.util.data.Repository; import de.intevation.lada.util.data.RepositoryType; +import de.intevation.lada.util.rest.RequestMethod; import de.intevation.lada.util.rest.Response; @Path("pkommentar") @@ -50,14 +49,9 @@ @RepositoryConfig(type=RepositoryType.RW) private Repository defaultRepo; - /* The authentication module.*/ - @Inject - @AuthenticationConfig(type=AuthenticationType.NONE) - private Authentication authentication; - /* The authorization module.*/ @Inject - @AuthorizationConfig(type=AuthorizationType.NONE) + @AuthorizationConfig(type=AuthorizationType.OPEN_ID) private Authorization authorization; /** @@ -70,12 +64,9 @@ @Produces(MediaType.APPLICATION_JSON) public Response get( @Context HttpHeaders headers, - @Context UriInfo info + @Context UriInfo info, + @Context HttpServletRequest request ) { - if (!authentication.isAuthenticated(headers)) { - logger.debug("User is not authenticated!"); - return new Response(false, 699, null); - } MultivaluedMap<String, String> params = info.getQueryParameters(); if (params.isEmpty() || !params.containsKey("probeId")) { return defaultRepo.getAll(LKommentarP.class, "land"); @@ -86,7 +77,10 @@ defaultRepo.entityManager("land"), LKommentarP.class); builder.and("probeId", probeId); - return defaultRepo.filter(builder.getQuery(), "land"); + return authorization.filter( + request, + defaultRepo.filter(builder.getQuery(), "land"), + LKommentarP.class); } /** @@ -99,16 +93,13 @@ @Produces(MediaType.APPLICATION_JSON) public Response getById( @Context HttpHeaders headers, + @Context HttpServletRequest request, @PathParam("id") String id ) { - if (!authentication.isAuthenticated(headers)) { - logger.debug("User is not authenticated!"); - return new Response(false, 699, null); - } - return defaultRepo.getById( - LKommentarP.class, - Integer.valueOf(id), - "land"); + return authorization.filter( + request, + defaultRepo.getById(LKommentarP.class,Integer.valueOf(id), "land"), + LKommentarP.class); } @POST @@ -116,9 +107,15 @@ @Produces(MediaType.APPLICATION_JSON) public Response create( @Context HttpHeaders headers, + @Context HttpServletRequest request, LKommentarP kommentar ) { - if (!authentication.isAuthenticated(headers)) { + if (!authorization.isAuthorized( + request, + kommentar, + RequestMethod.POST, + LKommentarP.class) + ) { return new Response(false, 699, null); } /* Persist the new object*/ @@ -133,9 +130,18 @@ @PUT @Path("/{id}") @Produces(MediaType.APPLICATION_JSON) - public Response update(@Context HttpHeaders headers, LKommentarP kommentar) { - if (!authentication.isAuthenticated(headers)) { - logger.debug("User is not authenticated!"); + public Response update( + @Context HttpHeaders headers, + @Context HttpServletRequest request, + LKommentarP kommentar + ) { + if (!authorization.isAuthorized( + request, + kommentar, + RequestMethod.PUT, + LKommentarP.class) + ) { + logger.debug("User is not authorized!"); return new Response(false, 699, null); } return defaultRepo.update(kommentar, "land"); @@ -151,16 +157,22 @@ @Produces(MediaType.APPLICATION_JSON) public Response delete( @Context HttpHeaders headers, + @Context HttpServletRequest request, @PathParam("id") String id ) { - if (!authentication.isAuthenticated(headers)) { - logger.debug("User is not authenticated!"); - return new Response(false, 699, null); - } /* Get the object by id*/ Response kommentar = defaultRepo.getById(LKommentarP.class, Integer.valueOf(id), "land"); LKommentarP kommentarObj = (LKommentarP)kommentar.getData(); + if (!authorization.isAuthorized( + request, + kommentarObj, + RequestMethod.DELETE, + LKommentarP.class) + ) { + logger.debug("User is not authorized!"); + return new Response(false, 699, null); + } return defaultRepo.delete(kommentarObj, "land"); } }