Mercurial > lada > lada-server
changeset 208:832e67663fd9
Added authorization to all services.
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/rest/LKommentarMService.java Tue Jul 02 13:11:29 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/LKommentarMService.java Tue Jul 02 15:12:52 2013 +0200 @@ -10,12 +10,14 @@ import javax.ws.rs.POST; import javax.ws.rs.PUT; import javax.ws.rs.Path; -import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.UriInfo; +import de.intevation.lada.authentication.Authentication; +import de.intevation.lada.authentication.AuthenticationException; import de.intevation.lada.data.QueryBuilder; import de.intevation.lada.data.Repository; import de.intevation.lada.model.LKommentarM; @@ -37,18 +39,9 @@ @Named("lkommentarmrepository") private Repository repository; - /** - * Request a single SMessStelle via its id. - * - * @param id The mst_id - * @return JSON Object via REST service. - */ - @GET - @Path("/{id}") - @Produces("text/json") - public Response findById(@PathParam("id") String id) { - return repository.findById(LKommentarM.class, id); - } + @Inject + @Named("ldapauth") + private Authentication authentication; /** * Request LKommentarM via a filter. @@ -60,34 +53,72 @@ */ @GET @Produces("text/json") - public Response filter(@Context UriInfo info) { - MultivaluedMap<String, String> params = info.getQueryParameters(); - if (params.isEmpty() || - !params.containsKey("probeId") || - !params.containsKey("messungsId") - ) { - return new Response(false, 609, new ArrayList<LKommentarM>()); + public Response filter( + @Context UriInfo info, + @Context HttpHeaders headers + ) { + try { + if (!authentication.isAuthorizedUser(headers)) { + return new Response(false, 699, new ArrayList<LKommentarM>()); + } + MultivaluedMap<String, String> params = info.getQueryParameters(); + if (params.isEmpty() || + !params.containsKey("probeId") || + !params.containsKey("messungsId") + ) { + return new Response(false, 609, new ArrayList<LKommentarM>()); + } + String probeId = params.getFirst("probeId"); + if (authentication.hasAccess(headers, probeId)) { + QueryBuilder<LKommentarM> builder = + new QueryBuilder<LKommentarM>( + repository.getEntityManager(), LKommentarM.class); + builder.and("probeId", probeId) + .and("messungsId", params.getFirst("messungsId")); + return repository.filter(builder.getQuery()); + } + return new Response(false, 698, new ArrayList<LKommentarM>()); } - QueryBuilder<LKommentarM> builder = - new QueryBuilder<LKommentarM>( - repository.getEntityManager(), LKommentarM.class); - builder.and("probeId", params.getFirst("probeId")) - .and("messungsId", params.getFirst("messungsId")); - - return repository.filter(builder.getQuery()); + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LKommentarM>()); + } } @PUT @Produces("text/json") @Consumes("application/json") - public Response update(LKommentarM kommentar) { - return repository.update(kommentar); + public Response update( + LKommentarM kommentar, + @Context HttpHeaders headers + ) { + try { + String probeId = kommentar.getProbeId(); + if (authentication.hasAccess(headers, probeId)) { + return repository.update(kommentar); + } + return new Response(false, 698, new ArrayList<LKommentarM>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LKommentarM>()); + } } @POST @Produces("text/json") @Consumes("application/json") - public Response create(LKommentarM kommentar) { - return repository.create(kommentar); + public Response create( + LKommentarM kommentar, + @Context HttpHeaders headers + ) { + try { + String probeId = kommentar.getProbeId(); + if (authentication.hasAccess(headers, probeId)) { + return repository.create(kommentar); + } + return new Response(false, 698, new ArrayList<LKommentarM>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LKommentarM>()); + } } }
--- a/src/main/java/de/intevation/lada/rest/LKommentarService.java Tue Jul 02 13:11:29 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/LKommentarService.java Tue Jul 02 15:12:52 2013 +0200 @@ -16,9 +16,12 @@ import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.UriInfo; +import de.intevation.lada.authentication.Authentication; +import de.intevation.lada.authentication.AuthenticationException; import de.intevation.lada.data.QueryBuilder; import de.intevation.lada.data.Repository; import de.intevation.lada.model.LKommentarP; @@ -39,51 +42,46 @@ @Named("lkommentarRepository") private Repository repository; + @Inject + @Named("ldapauth") + private Authentication authentication; + /** * The logger for this class */ @Inject private Logger logger; - /** - * Request a single SKommentarP via its id. - * - * @param id The mst_id - * @return JSON Object via REST service. - */ - @GET - @Path("/{id}") - @Produces("text/json") - public Response findById(@PathParam("id") String id) { - return repository.findById(LKommentarP.class, id); - } - @DELETE @Path("/{kId}/{probeId}") @Produces("text/json") public Response delete( @PathParam("kId") String kId, - @PathParam("probeId") String probeId) { - QueryBuilder<LKommentarP> builder = - new QueryBuilder<LKommentarP>( - repository.getEntityManager(), - LKommentarP.class); - builder.and("probeId", probeId).and("kId", kId); - Response response = repository.filter(builder.getQuery()); - List<LKommentarP> list = (List<LKommentarP>)response.getData(); - if (!list.isEmpty()) { - repository.delete(list.get(0)); - return new Response(true, 200, null); + @PathParam("probeId") String probeId, + @Context HttpHeaders headers + ) { + try { + if (!authentication.isAuthorizedUser(headers)) { + return new Response(false, 699, new ArrayList<LKommentarP>()); + } + if (authentication.hasAccess(headers, probeId)) { + QueryBuilder<LKommentarP> builder = + new QueryBuilder<LKommentarP>( + repository.getEntityManager(), LKommentarP.class); + builder.and("probeId", probeId).and("kId", kId); + Response response = repository.filter(builder.getQuery()); + List<LKommentarP> list = (List<LKommentarP>)response.getData(); + if (!list.isEmpty()) { + repository.delete(list.get(0)); + return new Response(true, 200, null); + } + return new Response(false, 600, null); + } + return new Response(false, 698, new ArrayList<LKommentarP>()); } - return new Response(false, 600, null); - } - - @PUT - @Path("/{kId}/{probeId}") - @Produces("text/json") - @Consumes("application/json") - public Response update(LKommentarP kommentar) { - return repository.update(kommentar); + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LKommentarP>()); + } } /** @@ -94,24 +92,69 @@ */ @GET @Produces("text/json") - public Response filter(@Context UriInfo info) { - MultivaluedMap<String, String> params = info.getQueryParameters(); - if (params.isEmpty() || - !params.containsKey("probeId") - ) { - return new Response(false, 609, new ArrayList<LKommentarP>()); + public Response filter( + @Context UriInfo info, + @Context HttpHeaders headers + ) { + try { + if (!authentication.isAuthorizedUser(headers)) { + return new Response(false, 699, new ArrayList<LKommentarP>()); + } + MultivaluedMap<String, String> params = info.getQueryParameters(); + if (params.isEmpty() || !params.containsKey("probeId")) { + return new Response(false, 609, new ArrayList<LKommentarP>()); + } + String probeId = params.getFirst("probeId"); + if (authentication.hasAccess(headers, probeId)) { + QueryBuilder<LKommentarP> builder = + new QueryBuilder<LKommentarP>( + repository.getEntityManager(), LKommentarP.class); + builder.and("probeId", probeId); + return repository.filter(builder.getQuery()); + } + return new Response(false, 698, new ArrayList<LKommentarP>()); } - QueryBuilder<LKommentarP> builder = - new QueryBuilder<LKommentarP>( - repository.getEntityManager(), LKommentarP.class); - builder.and("probeId", params.getFirst("probeId")); - return repository.filter(builder.getQuery()); + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LKommentarP>()); + } + } + + @PUT + @Path("/{kId}/{probeId}") + @Produces("text/json") + @Consumes("application/json") + public Response update( + LKommentarP kommentar, + @Context HttpHeaders headers + ) { + try { + String probeId = kommentar.getProbeId(); + if (authentication.hasAccess(headers, probeId)) { + return repository.update(kommentar); + } + return new Response(false, 698, new ArrayList<LKommentarP>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LKommentarP>()); + } } @POST @Consumes("application/json") @Produces("text/json") - public Response create(LKommentarP kommentar) { - return repository.create(kommentar); + public Response create( + LKommentarP kommentar, + @Context HttpHeaders headers + ) { + try { + String probeId = kommentar.getProbeId(); + if (authentication.hasAccess(headers, probeId)) { + return repository.create(kommentar); + } + return new Response(false, 698, new ArrayList<LKommentarP>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LKommentarP>()); + } } -} +} \ No newline at end of file
--- a/src/main/java/de/intevation/lada/rest/LMessungService.java Tue Jul 02 13:11:29 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/LMessungService.java Tue Jul 02 15:12:52 2013 +0200 @@ -1,20 +1,26 @@ package de.intevation.lada.rest; +import java.util.ArrayList; + import javax.enterprise.context.RequestScoped; import javax.inject.Inject; +import javax.inject.Named; import javax.ws.rs.Consumes; import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.PUT; import javax.ws.rs.Path; -import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.UriInfo; -import de.intevation.lada.data.LMessungRepository; +import de.intevation.lada.authentication.Authentication; +import de.intevation.lada.authentication.AuthenticationException; +import de.intevation.lada.authentication.AuthenticationResponse; import de.intevation.lada.data.QueryBuilder; +import de.intevation.lada.data.Repository; import de.intevation.lada.model.LMessung; /** @@ -30,20 +36,12 @@ * The Repository for LMessung. */ @Inject - private LMessungRepository repository; + @Named("lmessungrepository") + private Repository repository; - /** - * Request a LMessung via its id. - * - * @param id The LMessung id - * @return JSON Object via REST service. - */ - @GET - @Path("/{id}") - @Produces("text/json") - public Response findById(@PathParam("id") String id) { - return repository.findById(LMessung.class, id); - } + @Inject + @Named("ldapauth") + private Authentication authentication; /** * Request LMessung via a filter. @@ -57,32 +55,70 @@ */ @GET @Produces("text/json") - public Response filter(@Context UriInfo info) { - MultivaluedMap<String, String> params = info.getQueryParameters(); - if (params.isEmpty()) { - repository.findAll(LMessung.class); + public Response filter( + @Context UriInfo info, + @Context HttpHeaders header + ) { + try { + AuthenticationResponse auth = + authentication.authorizedGroups(header); + QueryBuilder<LMessung> builder = + new QueryBuilder<LMessung>( + repository.getEntityManager(), + LMessung.class); + builder.or("netzbetreiberId", auth.getNetzbetreiber()); + MultivaluedMap<String, String> params = info.getQueryParameters(); + if (params.isEmpty()) { + repository.filter(builder.getQuery()); + } + QueryBuilder<LMessung> pBuilder = builder.getEmptyBuilder(); + if (params.containsKey("probeId")) { + pBuilder.and("probeId", params.getFirst("probeId")); + builder.and(pBuilder); + } + return repository.filter(builder.getQuery()); } - QueryBuilder<LMessung> builder = - new QueryBuilder<LMessung>( - repository.getEntityManager(), LMessung.class); - if (params.containsKey("probeId")) { - builder.and("probeId", params.getFirst("probeId")); + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LMessung>()); } - return repository.filter(builder.getQuery()); } @PUT @Path("/{id}") @Produces("text/json") @Consumes("application/json") - public Response update(LMessung messung) { - return repository.update(messung); + public Response update( + LMessung messung, + @Context HttpHeaders headers + ) { + try { + String probeId = messung.getLProbeId(); + if (authentication.hasAccess(headers, probeId)) { + return repository.update(messung); + } + return new Response(false, 698, new ArrayList<LMessung>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LMessung>()); + } } @POST @Produces("text/json") @Consumes("application/json") - public Response create(LMessung messung) { - return repository.create(messung); + public Response create( + LMessung messung, + @Context HttpHeaders headers + ) { + try { + String probeId = messung.getLProbeId(); + if (authentication.hasAccess(headers, probeId)) { + return repository.create(messung); + } + return new Response(false, 698, new ArrayList<LMessung>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LMessung>()); + } } }
--- a/src/main/java/de/intevation/lada/rest/LMesswertService.java Tue Jul 02 13:11:29 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/LMesswertService.java Tue Jul 02 15:12:52 2013 +0200 @@ -13,9 +13,12 @@ import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.UriInfo; +import de.intevation.lada.authentication.Authentication; +import de.intevation.lada.authentication.AuthenticationException; import de.intevation.lada.data.QueryBuilder; import de.intevation.lada.data.Repository; import de.intevation.lada.model.LMesswert; @@ -37,18 +40,9 @@ @Named("lmesswertrepository") private Repository repository; - /** - * Request a LProbe via its id. - * - * @param id The LProbe id - * @return JSON Object via REST service. - */ - @GET - @Path("/{id}") - @Produces("text/json") - public Response findById(@PathParam("id") String id) { - return repository.findById(LMesswert.class, id); - } + @Inject + @Named("ldapauth") + private Authentication authentication; /** * Request LMessert via a filter. @@ -60,33 +54,71 @@ */ @GET @Produces("text/json") - public Response filter(@Context UriInfo info) { - MultivaluedMap<String, String> params = info.getQueryParameters(); - if (params.isEmpty() || - !params.containsKey("probeId") || - !params.containsKey("messungsId")) { - return new Response(false, 609, new ArrayList<LMesswert>()); + public Response filter( + @Context UriInfo info, + @Context HttpHeaders headers + ) { + try { + if (!authentication.isAuthorizedUser(headers)) { + return new Response(false, 699, new ArrayList<LMesswert>()); + } + MultivaluedMap<String, String> params = info.getQueryParameters(); + if (params.isEmpty() || + !params.containsKey("probeId") || + !params.containsKey("messungId")) { + return new Response(false, 609, new ArrayList<LMesswert>()); + } + String probeId = params.getFirst("probeId"); + if (authentication.hasAccess(headers, probeId)) { + QueryBuilder<LMesswert> builder = + new QueryBuilder<LMesswert>( + repository.getEntityManager(), LMesswert.class); + builder.and("probeId", probeId) + .and("messungsId", params.getFirst("messungsId")); + return repository.filter(builder.getQuery()); + } + return new Response(false, 698, new ArrayList<LMesswert>()); } - QueryBuilder<LMesswert> builder = - new QueryBuilder<LMesswert>( - repository.getEntityManager(), LMesswert.class); - builder.and("probeId", params.getFirst("probeId")) - .and("messungsId", params.getFirst("messungsId")); - - return repository.filter(builder.getQuery()); + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LMesswert>()); + } } @PUT @Produces("text/json") @Consumes("application/json") - public Response update(LMesswert messwert) { - return repository.update(messwert); + public Response update( + LMesswert messwert, + @Context HttpHeaders headers + ) { + try { + String probeId = messwert.getProbeId(); + if (authentication.hasAccess(headers, probeId)) { + return repository.update(messwert); + } + return new Response(false, 698, new ArrayList<LMesswert>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LMesswert>()); + } } @POST @Produces("text/json") @Consumes("application/json") - public Response create(LMesswert messwert) { - return repository.create(messwert); + public Response create( + LMesswert messwert, + @Context HttpHeaders headers + ) { + try { + String probeId = messwert.getProbeId(); + if (authentication.hasAccess(headers, probeId)) { + return repository.create(messwert); + } + return new Response(false, 698, new ArrayList<LMesswert>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LMesswert>()); + } } }
--- a/src/main/java/de/intevation/lada/rest/LOrtService.java Tue Jul 02 13:11:29 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/LOrtService.java Tue Jul 02 15:12:52 2013 +0200 @@ -1,5 +1,7 @@ package de.intevation.lada.rest; +import java.util.ArrayList; + import javax.enterprise.context.RequestScoped; import javax.inject.Inject; import javax.inject.Named; @@ -8,12 +10,14 @@ import javax.ws.rs.POST; import javax.ws.rs.PUT; import javax.ws.rs.Path; -import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.UriInfo; +import de.intevation.lada.authentication.Authentication; +import de.intevation.lada.authentication.AuthenticationException; import de.intevation.lada.data.QueryBuilder; import de.intevation.lada.data.Repository; import de.intevation.lada.model.LOrt; @@ -30,41 +34,76 @@ @Named("lortrepository") private Repository repository; - @GET - @Path("/{id}") - @Produces("text/json") - public Response findById(@PathParam("id") String id) { - return repository.findById(LOrt.class, id); - } + @Inject + @Named("ldapauth") + private Authentication authentication; @GET @Produces("text/json") - public Response filter(@Context UriInfo info) { - MultivaluedMap<String, String> params = info.getQueryParameters(); - if (params.isEmpty()) { - repository.findAll(LOrt.class); + public Response filter( + @Context UriInfo info, + @Context HttpHeaders headers + ) { + try { + if (!authentication.isAuthorizedUser(headers)) { + return new Response(false, 699, new ArrayList<LOrt>()); + } + MultivaluedMap<String, String> params = info.getQueryParameters(); + if (params.isEmpty() || + !params.containsKey("probeId")) { + return new Response(false, 609, new ArrayList<LOrt>()); + } + String probeId = params.getFirst("probeId"); + if (authentication.hasAccess(headers, probeId)) { + QueryBuilder<LOrt> builder = + new QueryBuilder<LOrt>( + repository.getEntityManager(), LOrt.class); + builder.and("probeId", probeId); + return repository.filter(builder.getQuery()); + } + return new Response(false, 698, new ArrayList<LOrt>()); } - QueryBuilder<LOrt> builder = - new QueryBuilder<LOrt>( - repository.getEntityManager(), LOrt.class); - if (params.containsKey("probeId")) { - builder.and("probeId", params.getFirst("probeId")); + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LOrt>()); } - return repository.filter(builder.getQuery()); } @PUT @Path("/{id}") @Produces("text/json") @Consumes("application/json") - public Response update(LOrt probe) { - return repository.update(probe); + public Response update( + LOrt ort, + @Context HttpHeaders headers + ) { + try { + String probeId = ort.getProbeId(); + if (authentication.hasAccess(headers, probeId)) { + return repository.update(ort); + } + return new Response(false, 698, new ArrayList<LOrt>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LOrt>()); + } } @POST @Produces("text/json") @Consumes("application/json") - public Response create(LOrt probe) { - return repository.create(probe); + public Response create( + LOrt ort, + @Context HttpHeaders headers + ) { + try { + String probeId = ort.getProbeId(); + if (authentication.hasAccess(headers, probeId)) { + return repository.create(ort); + } + return new Response(false, 698, new ArrayList<LOrt>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LOrt>()); + } } }
--- a/src/main/java/de/intevation/lada/rest/LStatusService.java Tue Jul 02 13:11:29 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/LStatusService.java Tue Jul 02 15:12:52 2013 +0200 @@ -1,9 +1,6 @@ package de.intevation.lada.rest; import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; import javax.enterprise.context.RequestScoped; import javax.inject.Inject; @@ -13,12 +10,14 @@ import javax.ws.rs.POST; import javax.ws.rs.PUT; import javax.ws.rs.Path; -import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.UriInfo; +import de.intevation.lada.authentication.Authentication; +import de.intevation.lada.authentication.AuthenticationException; import de.intevation.lada.data.QueryBuilder; import de.intevation.lada.data.Repository; import de.intevation.lada.model.LStatus; @@ -40,18 +39,9 @@ @Named("lstatusrepository") private Repository repository; - /** - * Request a LStatus via its id. - * - * @param id The LStatus id - * @return JSON Object via REST service. - */ - @GET - @Path("/{id}") - @Produces("text/json") - public Response findById(@PathParam("id") String id) { - return repository.findById(LStatus.class, id); - } + @Inject + @Named("ldapauth") + private Authentication authentication; /** * Request LStatus via a filter. @@ -63,32 +53,71 @@ */ @GET @Produces("text/json") - public Response filter(@Context UriInfo info) { - MultivaluedMap<String, String> params = info.getQueryParameters(); - if (params.isEmpty() || - !params.containsKey("probeId") || - !params.containsKey("messungId")) { - return new Response(false, 609, new ArrayList<LStatus>()); + public Response filter( + @Context UriInfo info, + @Context HttpHeaders headers + ) { + try { + if (!authentication.isAuthorizedUser(headers)) { + return new Response(false, 699, new ArrayList<LStatus>()); + } + MultivaluedMap<String, String> params = info.getQueryParameters(); + if (params.isEmpty() || + !params.containsKey("probeId") || + !params.containsKey("messungId")) { + return new Response(false, 609, new ArrayList<LStatus>()); + } + String probeId = params.getFirst("probeId"); + if (authentication.hasAccess(headers, probeId)) { + QueryBuilder<LStatus> builder = + new QueryBuilder<LStatus>( + repository.getEntityManager(), LStatus.class); + builder.and("probeId", probeId) + .and("messungsId", params.getFirst("messungsId")); + return repository.filter(builder.getQuery()); + } + return new Response(false, 698, new ArrayList<LStatus>()); } - QueryBuilder<LStatus> builder = - new QueryBuilder<LStatus>( - repository.getEntityManager(), LStatus.class); - builder.and("probeId", params.getFirst("probeId")) - .and("messungsId", params.getFirst("messungsId")); - return repository.filter(builder.getQuery()); + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LStatus>()); + } } @PUT @Produces("text/json") @Consumes("application/json") - public Response update(LStatus status) { - return repository.update(status); + public Response update( + LStatus status, + @Context HttpHeaders headers + ) { + try { + String probeId = status.getProbeId(); + if (authentication.hasAccess(headers, probeId)) { + return repository.update(status); + } + return new Response(false, 698, new ArrayList<LStatus>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LStatus>()); + } } @POST @Produces("text/json") @Consumes("application/json") - public Response create(LStatus status) { - return repository.create(status); + public Response create( + LStatus status, + @Context HttpHeaders headers + ) { + try { + String probeId = status.getProbeId(); + if (authentication.hasAccess(headers, probeId)) { + return repository.create(status); + } + return new Response(false, 698, new ArrayList<LStatus>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LStatus>()); + } } }
--- a/src/main/java/de/intevation/lada/rest/LZusatzwertService.java Tue Jul 02 13:11:29 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/LZusatzwertService.java Tue Jul 02 15:12:52 2013 +0200 @@ -15,9 +15,12 @@ import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.UriInfo; +import de.intevation.lada.authentication.Authentication; +import de.intevation.lada.authentication.AuthenticationException; import de.intevation.lada.data.QueryBuilder; import de.intevation.lada.data.Repository; import de.intevation.lada.model.LZusatzWert; @@ -39,18 +42,9 @@ @Named("lzusatzwertrepository") private Repository repository; - /** - * Request a LZusatzWert via its id. - * - * @param id The LProbe id - * @return JSON Object via REST service. - */ - @GET - @Path("/{id}") - @Produces("text/json") - public Response findById(@PathParam("id") String id) { - return repository.findById(LZusatzWert.class, id); - } + @Inject + @Named("ldapauth") + private Authentication authentication; /** * Request LMessert via a filter. @@ -62,50 +56,98 @@ */ @GET @Produces("text/json") - public Response filter(@Context UriInfo info) { - MultivaluedMap<String, String> params = info.getQueryParameters(); - if (params.isEmpty() || !params.containsKey("probeId")) { - return new Response(false, 609, new ArrayList<LZusatzWert>()); + public Response filter( + @Context UriInfo info, + @Context HttpHeaders headers + ) { + try { + if (!authentication.isAuthorizedUser(headers)) { + return new Response(false, 699, new ArrayList<LZusatzWert>()); + } + MultivaluedMap<String, String> params = info.getQueryParameters(); + if (params.isEmpty() || !params.containsKey("probeId")) { + return new Response(false, 609, new ArrayList<LZusatzWert>()); + } + String probeId = params.getFirst("probeId"); + if (authentication.hasAccess(headers, probeId)) { + QueryBuilder<LZusatzWert> builder = + new QueryBuilder<LZusatzWert>( + repository.getEntityManager(), LZusatzWert.class); + builder.and("probeId", probeId); + return repository.filter(builder.getQuery()); + } + return new Response(false, 698, new ArrayList<LZusatzWert>()); } - String paramValue = params.getFirst("probeId"); - QueryBuilder<LZusatzWert> builder = - new QueryBuilder<LZusatzWert>( - repository.getEntityManager(), LZusatzWert.class); - builder.and("probeId", paramValue); - return repository.filter(builder.getQuery()); + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LZusatzWert>()); + } } @PUT @Produces("text/json") @Path("/{pzsId}/{probeId}") @Consumes("application/json") - public Response update(LZusatzWert zusatzwert) { - return repository.update(zusatzwert); + public Response update( + LZusatzWert zusatzwert, + @Context HttpHeaders headers + ) { + try { + String probeId = zusatzwert.getProbeId(); + if (authentication.hasAccess(headers, probeId)) { + return repository.update(zusatzwert); + } + return new Response(false, 698, new ArrayList<LZusatzWert>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LZusatzWert>()); + } } @POST @Produces("text/json") @Consumes("application/json") - public Response create(LZusatzWert zusatzwert) { - return repository.create(zusatzwert); + public Response create( + LZusatzWert zusatzwert, + @Context HttpHeaders headers + ) { + try { + String probeId = zusatzwert.getProbeId(); + if (authentication.hasAccess(headers, probeId)) { + return repository.create(zusatzwert); + } + return new Response(false, 698, new ArrayList<LZusatzWert>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LZusatzWert>()); + } } @DELETE @Path("/{pzsId}/{probeId}") public Response delete( @PathParam("pzsId") String pzsId, - @PathParam("probeId") String probeId ) { - QueryBuilder<LZusatzWert> builder = - new QueryBuilder<LZusatzWert>( - repository.getEntityManager(), - LZusatzWert.class); - builder.and("pzsId", pzsId).and("probeId", probeId); - Response response = repository.filter(builder.getQuery()); - List<LZusatzWert> list = (List<LZusatzWert>)response.getData(); - if (!list.isEmpty()) { - repository.delete(list.get(0)); - return new Response(true, 200, null); + @PathParam("probeId") String probeId, + @Context HttpHeaders headers + ) { + try { + if (authentication.hasAccess(headers, probeId)) { + QueryBuilder<LZusatzWert> builder = + new QueryBuilder<LZusatzWert>( + repository.getEntityManager(), + LZusatzWert.class); + builder.and("pzsId", pzsId).and("probeId", probeId); + Response response = repository.filter(builder.getQuery()); + List<LZusatzWert> list = (List<LZusatzWert>)response.getData(); + if (!list.isEmpty()) { + repository.delete(list.get(0)); + return new Response(true, 200, null); + } + return new Response(false, 600, null); + } + return new Response(false, 698, new ArrayList<LZusatzWert>()); } - return new Response(false, 600, null); + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<LZusatzWert>()); + } } }
--- a/src/main/java/de/intevation/lada/rest/OrtService.java Tue Jul 02 13:11:29 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/OrtService.java Tue Jul 02 15:12:52 2013 +0200 @@ -14,9 +14,12 @@ import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.UriInfo; +import de.intevation.lada.authentication.Authentication; +import de.intevation.lada.authentication.AuthenticationException; import de.intevation.lada.data.QueryBuilder; import de.intevation.lada.data.Repository; import de.intevation.lada.model.Ort; @@ -32,6 +35,10 @@ @Named("ortrepository") private Repository repository; + @Inject + @Named("ldapauth") + private Authentication authentication; + /** * Request a LZusatzWert via its id. * @@ -41,8 +48,19 @@ @GET @Path("/{id}") @Produces("text/json") - public Response findById(@PathParam("id") String id) { - return repository.findById(Ort.class, id); + public Response findById( + @PathParam("id") String id, + @Context HttpHeaders headers + ) { + try { + if (authentication.isAuthorizedUser(headers)) { + return repository.findById(Ort.class, id); + } + return new Response(false, 699, new ArrayList<Ort>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<Ort>()); + } } /** @@ -55,34 +73,69 @@ */ @GET @Produces("text/json") - public Response filter() { - return repository.findAll(Ort.class); + public Response filter(@Context HttpHeaders headers) { + try { + if (authentication.isAuthorizedUser(headers)) { + return repository.findAll(Ort.class); + } + return new Response(false, 699, new ArrayList<Ort>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<Ort>()); + } } @PUT @Produces("text/json") @Path("/{ortId}") @Consumes("application/json") - public Response update(Ort ort) { - return repository.update(ort); + public Response update(Ort ort, @Context HttpHeaders headers) { + try { + if (authentication.isAuthorizedUser(headers)) { + return repository.update(ort); + } + return new Response(false, 699, new ArrayList<Ort>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<Ort>()); + } } @POST @Produces("text/json") @Consumes("application/json") - public Response create(Ort ort) { - return repository.create(ort); + public Response create(Ort ort, @Context HttpHeaders headers) { + try { + if (authentication.isAuthorizedUser(headers)) { + return repository.create(ort); + } + return new Response(false, 699, new ArrayList<Ort>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<Ort>()); + } } @DELETE @Path("/{ortId}") - public Response delete(@PathParam("ortId") String ortId ) { - Response response = repository.findById(Ort.class, ortId); - Ort ort = (Ort)response.getData(); - if (ort != null) { - repository.delete(ort); - return new Response(true, 200, null); + public Response delete( + @PathParam("ortId") String ortId, + @Context HttpHeaders headers + ) { + try { + if (authentication.isAuthorizedUser(headers)) { + Response response = repository.findById(Ort.class, ortId); + Ort ort = (Ort)response.getData(); + if (ort != null) { + repository.delete(ort); + return new Response(true, 200, null); + } + return new Response(false, 600, null); + } + return new Response(false, 699, new ArrayList<Ort>()); } - return new Response(false, 600, null); + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<Ort>()); + } } }
--- a/src/main/java/de/intevation/lada/rest/SDatenbasisService.java Tue Jul 02 13:11:29 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/SDatenbasisService.java Tue Jul 02 15:12:52 2013 +0200 @@ -1,5 +1,6 @@ package de.intevation.lada.rest; +import java.util.ArrayList; import java.util.logging.Logger; import javax.faces.bean.RequestScoped; @@ -9,7 +10,11 @@ import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; +import de.intevation.lada.authentication.Authentication; +import de.intevation.lada.authentication.AuthenticationException; import de.intevation.lada.data.Repository; import de.intevation.lada.model.SDatenbasis; @@ -29,6 +34,10 @@ @Named("readonlyrepository") private Repository repository; + @Inject + @Named("ldapauth") + private Authentication authentication; + /** * The logger for this class */ @@ -42,8 +51,16 @@ */ @GET @Produces("text/json") - public Response findAll() { - return repository.findAll(SDatenbasis.class); + public Response findAll(@Context HttpHeaders headers) { + try { + if (authentication.isAuthorizedUser(headers)) { + return repository.findAll(SDatenbasis.class); + } + return new Response(false, 699, new ArrayList<SDatenbasis>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<SDatenbasis>()); + } } /** @@ -55,7 +72,18 @@ @GET @Path("/{id}") @Produces("text/json") - public Response findById(@PathParam("id") String id) { - return repository.findById(SDatenbasis.class, id); + public Response findById( + @PathParam("id") String id, + @Context HttpHeaders headers + ) { + try { + if (authentication.isAuthorizedUser(headers)) { + return repository.findById(SDatenbasis.class, id); + } + return new Response(false, 699, new ArrayList<SDatenbasis>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<SDatenbasis>()); + } } }
--- a/src/main/java/de/intevation/lada/rest/SMesseinheitService.java Tue Jul 02 13:11:29 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/SMesseinheitService.java Tue Jul 02 15:12:52 2013 +0200 @@ -1,5 +1,6 @@ package de.intevation.lada.rest; +import java.util.ArrayList; import java.util.logging.Logger; import javax.faces.bean.RequestScoped; @@ -8,7 +9,11 @@ import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; +import de.intevation.lada.authentication.Authentication; +import de.intevation.lada.authentication.AuthenticationException; import de.intevation.lada.data.Repository; import de.intevation.lada.model.SMessEinheit; @@ -28,6 +33,10 @@ @Named("readonlyrepository") private Repository repository; + @Inject + @Named("ldapauth") + private Authentication authentication; + /** * The logger for this class */ @@ -41,7 +50,15 @@ */ @GET @Produces("text/json") - public Response findAll() { - return repository.findAll(SMessEinheit.class); + public Response findAll(@Context HttpHeaders headers) { + try { + if (authentication.isAuthorizedUser(headers)) { + return repository.findAll(SMessEinheit.class); + } + return new Response(false, 699, new ArrayList<SMessEinheit>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<SMessEinheit>()); + } } }
--- a/src/main/java/de/intevation/lada/rest/SProbenartService.java Tue Jul 02 13:11:29 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/SProbenartService.java Tue Jul 02 15:12:52 2013 +0200 @@ -1,5 +1,6 @@ package de.intevation.lada.rest; +import java.util.ArrayList; import java.util.logging.Logger; import javax.enterprise.context.RequestScoped; @@ -9,7 +10,11 @@ import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; +import de.intevation.lada.authentication.Authentication; +import de.intevation.lada.authentication.AuthenticationException; import de.intevation.lada.data.Repository; import de.intevation.lada.model.SProbenart; @@ -29,6 +34,10 @@ @Named("readonlyrepository") private Repository repository; + @Inject + @Named("ldapauth") + private Authentication authentication; + /** * The logger for this class */ @@ -42,8 +51,16 @@ */ @GET @Produces("text/json") - public Response findAll() { - return repository.findAll(SProbenart.class); + public Response findAll(@Context HttpHeaders headers) { + try { + if (authentication.isAuthorizedUser(headers)) { + return repository.findAll(SProbenart.class); + } + return new Response(false, 699, new ArrayList<SProbenart>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<SProbenart>()); + } } /** @@ -55,7 +72,18 @@ @GET @Path("/{id}") @Produces("text/json") - public Response findById(@PathParam("id") String id) { - return repository.findById(SProbenart.class, id); + public Response findById( + @PathParam("id") String id, + @Context HttpHeaders headers + ) { + try { + if (authentication.isAuthorizedUser(headers)) { + return repository.findById(SProbenart.class, id); + } + return new Response(false, 699, new ArrayList<SProbenart>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<SProbenart>()); + } } }
--- a/src/main/java/de/intevation/lada/rest/SProbenzusatzService.java Tue Jul 02 13:11:29 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/SProbenzusatzService.java Tue Jul 02 15:12:52 2013 +0200 @@ -1,5 +1,6 @@ package de.intevation.lada.rest; +import java.util.ArrayList; import java.util.logging.Logger; import javax.faces.bean.RequestScoped; @@ -8,7 +9,11 @@ import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; +import de.intevation.lada.authentication.Authentication; +import de.intevation.lada.authentication.AuthenticationException; import de.intevation.lada.data.Repository; import de.intevation.lada.model.SProbenZusatz; @@ -28,6 +33,10 @@ @Named("readonlyrepository") private Repository repository; + @Inject + @Named("ldapauth") + private Authentication authentication; + /** * The logger for this class */ @@ -41,7 +50,15 @@ */ @GET @Produces("text/json") - public Response findAll() { - return repository.findAll(SProbenZusatz.class); + public Response findAll(@Context HttpHeaders headers) { + try { + if (authentication.isAuthorizedUser(headers)) { + return repository.findAll(SProbenZusatz.class); + } + return new Response(false, 699, new ArrayList<SProbenZusatz>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<SProbenZusatz>()); + } } }
--- a/src/main/java/de/intevation/lada/rest/SStaatService.java Tue Jul 02 13:11:29 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/SStaatService.java Tue Jul 02 15:12:52 2013 +0200 @@ -1,5 +1,7 @@ package de.intevation.lada.rest; +import java.util.ArrayList; + import javax.enterprise.context.RequestScoped; import javax.inject.Inject; import javax.inject.Named; @@ -7,7 +9,11 @@ import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; +import de.intevation.lada.authentication.Authentication; +import de.intevation.lada.authentication.AuthenticationException; import de.intevation.lada.data.Repository; import de.intevation.lada.model.SStaat; @@ -27,6 +33,10 @@ @Named("readonlyrepository") private Repository repository; + @Inject + @Named("ldapauth") + private Authentication authentication; + /** * Request all SUmwelt objects. * @@ -34,8 +44,16 @@ */ @GET @Produces("text/json") - public Response findAll() { - return repository.findAll(SStaat.class); + public Response findAll(@Context HttpHeaders headers) { + try { + if (authentication.isAuthorizedUser(headers)) { + return repository.findAll(SStaat.class); + } + return new Response(false, 699, new ArrayList<SStaat>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<SStaat>()); + } } /** @@ -47,7 +65,17 @@ @GET @Path("/{id:[0-9][0-9]*}") @Produces("text/json") - public Response findById(@PathParam("id") String id) { - return repository.findById(SStaat.class, id); + public Response findById( + @PathParam("id") String id, + @Context HttpHeaders headers) { + try { + if (authentication.isAuthorizedUser(headers)) { + return repository.findById(SStaat.class, id); + } + return new Response(false, 699, new ArrayList<SStaat>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<SStaat>()); + } } }
--- a/src/main/java/de/intevation/lada/rest/SUmweltService.java Tue Jul 02 13:11:29 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/SUmweltService.java Tue Jul 02 15:12:52 2013 +0200 @@ -1,5 +1,6 @@ package de.intevation.lada.rest; +import java.util.ArrayList; import java.util.logging.Logger; import javax.enterprise.context.RequestScoped; @@ -9,7 +10,11 @@ import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; +import de.intevation.lada.authentication.Authentication; +import de.intevation.lada.authentication.AuthenticationException; import de.intevation.lada.data.Repository; import de.intevation.lada.model.SUmwelt; @@ -29,6 +34,10 @@ @Named("readonlyrepository") private Repository repository; + @Inject + @Named("ldapauth") + private Authentication authentication; + /** * The logger for this class. */ @@ -42,8 +51,16 @@ */ @GET @Produces("text/json") - public Response findAll() { - return repository.findAll(SUmwelt.class); + public Response findAll(@Context HttpHeaders headers) { + try { + if (authentication.isAuthorizedUser(headers)) { + return repository.findAll(SUmwelt.class); + } + return new Response(false, 699, new ArrayList<SUmwelt>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<SUmwelt>()); + } } /** @@ -55,7 +72,18 @@ @GET @Path("/{id:[0-9][0-9]*}") @Produces("text/json") - public Response findById(@PathParam("id") String id) { - return repository.findById(SUmwelt.class, id); + public Response findById( + @PathParam("id") String id, + @Context HttpHeaders headers + ) { + try { + if (authentication.isAuthorizedUser(headers)) { + return repository.findById(SUmwelt.class, id); + } + return new Response(false, 699, new ArrayList<SUmwelt>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<SUmwelt>()); + } } }
--- a/src/main/java/de/intevation/lada/rest/SVerwaltungseinheitService.java Tue Jul 02 13:11:29 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/SVerwaltungseinheitService.java Tue Jul 02 15:12:52 2013 +0200 @@ -1,5 +1,7 @@ package de.intevation.lada.rest; +import java.util.ArrayList; + import javax.enterprise.context.RequestScoped; import javax.inject.Inject; import javax.inject.Named; @@ -7,7 +9,11 @@ import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; +import de.intevation.lada.authentication.Authentication; +import de.intevation.lada.authentication.AuthenticationException; import de.intevation.lada.data.Repository; import de.intevation.lada.model.SVerwaltungseinheit; @@ -28,6 +34,10 @@ @Named("readonlyrepository") private Repository repository; + @Inject + @Named("ldapauth") + private Authentication authentication; + /** * Request all SUmwelt objects. * @@ -35,8 +45,16 @@ */ @GET @Produces("text/json") - public Response findAll() { - return repository.findAll(SVerwaltungseinheit.class); + public Response findAll(@Context HttpHeaders headers) { + try { + if (authentication.isAuthorizedUser(headers)) { + return repository.findAll(SVerwaltungseinheit.class); + } + return new Response(false, 699, new ArrayList<SVerwaltungseinheit>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<SVerwaltungseinheit>()); + } } /** @@ -48,7 +66,18 @@ @GET @Path("/{id:[0-9][0-9]*}") @Produces("text/json") - public Response findById(@PathParam("id") String id) { - return repository.findById(SVerwaltungseinheit.class, id); + public Response findById( + @PathParam("id") String id, + @Context HttpHeaders headers + ) { + try { + if (authentication.isAuthorizedUser(headers)) { + return repository.findById(SVerwaltungseinheit.class, id); + } + return new Response(false, 699, new ArrayList<SVerwaltungseinheit>()); + } + catch(AuthenticationException ae) { + return new Response(false, 699, new ArrayList<SVerwaltungseinheit>()); + } } }