changeset 208:832e67663fd9

Added authorization to all services.
author Raimund Renkert <rrenkert@intevation.de>
date Tue, 02 Jul 2013 15:12:52 +0200
parents fe05c016cdb6
children 8f6242579a85
files src/main/java/de/intevation/lada/rest/LKommentarMService.java src/main/java/de/intevation/lada/rest/LKommentarService.java src/main/java/de/intevation/lada/rest/LMessungService.java src/main/java/de/intevation/lada/rest/LMesswertService.java src/main/java/de/intevation/lada/rest/LOrtService.java src/main/java/de/intevation/lada/rest/LStatusService.java src/main/java/de/intevation/lada/rest/LZusatzwertService.java src/main/java/de/intevation/lada/rest/OrtService.java src/main/java/de/intevation/lada/rest/SDatenbasisService.java src/main/java/de/intevation/lada/rest/SMesseinheitService.java src/main/java/de/intevation/lada/rest/SProbenartService.java src/main/java/de/intevation/lada/rest/SProbenzusatzService.java src/main/java/de/intevation/lada/rest/SStaatService.java src/main/java/de/intevation/lada/rest/SUmweltService.java src/main/java/de/intevation/lada/rest/SVerwaltungseinheitService.java
diffstat 15 files changed, 746 insertions(+), 266 deletions(-) [+]
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/rest/LKommentarMService.java	Tue Jul 02 13:11:29 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/LKommentarMService.java	Tue Jul 02 15:12:52 2013 +0200
@@ -10,12 +10,14 @@
 import javax.ws.rs.POST;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.UriInfo;
 
+import de.intevation.lada.authentication.Authentication;
+import de.intevation.lada.authentication.AuthenticationException;
 import de.intevation.lada.data.QueryBuilder;
 import de.intevation.lada.data.Repository;
 import de.intevation.lada.model.LKommentarM;
@@ -37,18 +39,9 @@
     @Named("lkommentarmrepository")
     private Repository repository;
 
-    /**
-     * Request a single SMessStelle via its id.
-     *
-     * @param id The mst_id
-     * @return JSON Object via REST service.
-     */
-    @GET
-    @Path("/{id}")
-    @Produces("text/json")
-    public Response findById(@PathParam("id") String id) {
-        return repository.findById(LKommentarM.class, id);
-    }
+    @Inject
+    @Named("ldapauth")
+    private Authentication authentication;
 
     /**
      * Request LKommentarM via a filter.
@@ -60,34 +53,72 @@
      */
     @GET
     @Produces("text/json")
-    public Response filter(@Context UriInfo info) {
-        MultivaluedMap<String, String> params = info.getQueryParameters();
-        if (params.isEmpty() ||
-            !params.containsKey("probeId") ||
-            !params.containsKey("messungsId")
-        ) {
-            return new Response(false, 609, new ArrayList<LKommentarM>());
+    public Response filter(
+        @Context UriInfo info,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            if (!authentication.isAuthorizedUser(headers)) {
+                return new Response(false, 699, new ArrayList<LKommentarM>());
+            }
+            MultivaluedMap<String, String> params = info.getQueryParameters();
+            if (params.isEmpty() ||
+                !params.containsKey("probeId") ||
+                !params.containsKey("messungsId")
+            ) {
+                return new Response(false, 609, new ArrayList<LKommentarM>());
+            }
+            String probeId = params.getFirst("probeId");
+            if (authentication.hasAccess(headers, probeId)) {
+                QueryBuilder<LKommentarM> builder =
+                    new QueryBuilder<LKommentarM>(
+                        repository.getEntityManager(), LKommentarM.class);
+                builder.and("probeId", probeId)
+                    .and("messungsId", params.getFirst("messungsId"));
+                return repository.filter(builder.getQuery());
+            }
+            return new Response(false, 698, new ArrayList<LKommentarM>());
         }
-        QueryBuilder<LKommentarM> builder =
-            new QueryBuilder<LKommentarM>(
-                repository.getEntityManager(), LKommentarM.class);
-        builder.and("probeId", params.getFirst("probeId"))
-            .and("messungsId", params.getFirst("messungsId"));
-
-        return repository.filter(builder.getQuery());
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LKommentarM>());
+        }
     }
 
     @PUT
     @Produces("text/json")
     @Consumes("application/json")
-    public Response update(LKommentarM kommentar) {
-        return repository.update(kommentar);
+    public Response update(
+        LKommentarM kommentar,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            String probeId = kommentar.getProbeId();
+            if (authentication.hasAccess(headers, probeId)) {
+                return repository.update(kommentar);
+            }
+            return new Response(false, 698, new ArrayList<LKommentarM>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LKommentarM>());
+        }
     }
 
     @POST
     @Produces("text/json")
     @Consumes("application/json")
-    public Response create(LKommentarM kommentar) {
-        return repository.create(kommentar);
+    public Response create(
+        LKommentarM kommentar,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            String probeId = kommentar.getProbeId();
+            if (authentication.hasAccess(headers, probeId)) {
+                return repository.create(kommentar);
+            }
+            return new Response(false, 698, new ArrayList<LKommentarM>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LKommentarM>());
+        }
     }
 }
--- a/src/main/java/de/intevation/lada/rest/LKommentarService.java	Tue Jul 02 13:11:29 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/LKommentarService.java	Tue Jul 02 15:12:52 2013 +0200
@@ -16,9 +16,12 @@
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.UriInfo;
 
+import de.intevation.lada.authentication.Authentication;
+import de.intevation.lada.authentication.AuthenticationException;
 import de.intevation.lada.data.QueryBuilder;
 import de.intevation.lada.data.Repository;
 import de.intevation.lada.model.LKommentarP;
@@ -39,51 +42,46 @@
     @Named("lkommentarRepository")
     private Repository repository;
 
+    @Inject
+    @Named("ldapauth")
+    private Authentication authentication;
+
     /**
      * The logger for this class
      */
     @Inject
     private Logger logger;
 
-    /**
-     * Request a single SKommentarP via its id.
-     *
-     * @param id The mst_id
-     * @return JSON Object via REST service.
-     */
-    @GET
-    @Path("/{id}")
-    @Produces("text/json")
-    public Response findById(@PathParam("id") String id) {
-        return repository.findById(LKommentarP.class, id);
-    }
-
     @DELETE
     @Path("/{kId}/{probeId}")
     @Produces("text/json")
     public Response delete(
         @PathParam("kId") String kId,
-        @PathParam("probeId") String probeId) {
-        QueryBuilder<LKommentarP> builder =
-            new QueryBuilder<LKommentarP>(
-                repository.getEntityManager(),
-                LKommentarP.class);
-        builder.and("probeId", probeId).and("kId", kId);
-        Response response = repository.filter(builder.getQuery());
-        List<LKommentarP> list = (List<LKommentarP>)response.getData();
-        if (!list.isEmpty()) {
-            repository.delete(list.get(0));
-            return new Response(true, 200, null);
+        @PathParam("probeId") String probeId,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            if (!authentication.isAuthorizedUser(headers)) {
+                return new Response(false, 699, new ArrayList<LKommentarP>());
+            }
+            if (authentication.hasAccess(headers, probeId)) {
+                QueryBuilder<LKommentarP> builder =
+                    new QueryBuilder<LKommentarP>(
+                        repository.getEntityManager(), LKommentarP.class);
+                builder.and("probeId", probeId).and("kId", kId);
+                Response response = repository.filter(builder.getQuery());
+                List<LKommentarP> list = (List<LKommentarP>)response.getData();
+                if (!list.isEmpty()) {
+                    repository.delete(list.get(0));
+                    return new Response(true, 200, null);
+                }
+                return new Response(false, 600, null);
+            }
+            return new Response(false, 698, new ArrayList<LKommentarP>());
         }
-        return new Response(false, 600, null);
-    }
-
-    @PUT
-    @Path("/{kId}/{probeId}")
-    @Produces("text/json")
-    @Consumes("application/json")
-    public Response update(LKommentarP kommentar) {
-        return repository.update(kommentar);
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LKommentarP>());
+        }
     }
 
     /**
@@ -94,24 +92,69 @@
      */
     @GET
     @Produces("text/json")
-    public Response filter(@Context UriInfo info) {
-        MultivaluedMap<String, String> params = info.getQueryParameters();
-        if (params.isEmpty() ||
-            !params.containsKey("probeId")
-        ) {
-            return new Response(false, 609, new ArrayList<LKommentarP>());
+    public Response filter(
+        @Context UriInfo info,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            if (!authentication.isAuthorizedUser(headers)) {
+                return new Response(false, 699, new ArrayList<LKommentarP>());
+            }
+            MultivaluedMap<String, String> params = info.getQueryParameters();
+            if (params.isEmpty() || !params.containsKey("probeId")) {
+                return new Response(false, 609, new ArrayList<LKommentarP>());
+            }
+            String probeId = params.getFirst("probeId");
+            if (authentication.hasAccess(headers, probeId)) {
+                QueryBuilder<LKommentarP> builder =
+                    new QueryBuilder<LKommentarP>(
+                        repository.getEntityManager(), LKommentarP.class);
+                builder.and("probeId", probeId);
+                return repository.filter(builder.getQuery());
+            }
+            return new Response(false, 698, new ArrayList<LKommentarP>());
         }
-        QueryBuilder<LKommentarP> builder =
-            new QueryBuilder<LKommentarP>(
-                repository.getEntityManager(), LKommentarP.class);
-        builder.and("probeId", params.getFirst("probeId"));
-        return repository.filter(builder.getQuery());
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LKommentarP>());
+        }
+    }
+
+    @PUT
+    @Path("/{kId}/{probeId}")
+    @Produces("text/json")
+    @Consumes("application/json")
+    public Response update(
+        LKommentarP kommentar,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            String probeId = kommentar.getProbeId();
+            if (authentication.hasAccess(headers, probeId)) {
+                return repository.update(kommentar);
+            }
+            return new Response(false, 698, new ArrayList<LKommentarP>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LKommentarP>());
+        }
     }
 
     @POST
     @Consumes("application/json")
     @Produces("text/json")
-    public Response create(LKommentarP kommentar) {
-        return repository.create(kommentar);
+    public Response create(
+        LKommentarP kommentar,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            String probeId = kommentar.getProbeId();
+            if (authentication.hasAccess(headers, probeId)) {
+                return repository.create(kommentar);
+            }
+            return new Response(false, 698, new ArrayList<LKommentarP>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LKommentarP>());
+        }
     }
-}
+}
\ No newline at end of file
--- a/src/main/java/de/intevation/lada/rest/LMessungService.java	Tue Jul 02 13:11:29 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/LMessungService.java	Tue Jul 02 15:12:52 2013 +0200
@@ -1,20 +1,26 @@
 package de.intevation.lada.rest;
 
+import java.util.ArrayList;
+
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
+import javax.inject.Named;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.UriInfo;
 
-import de.intevation.lada.data.LMessungRepository;
+import de.intevation.lada.authentication.Authentication;
+import de.intevation.lada.authentication.AuthenticationException;
+import de.intevation.lada.authentication.AuthenticationResponse;
 import de.intevation.lada.data.QueryBuilder;
+import de.intevation.lada.data.Repository;
 import de.intevation.lada.model.LMessung;
 
 /**
@@ -30,20 +36,12 @@
      * The Repository for LMessung.
      */
     @Inject
-    private LMessungRepository repository;
+    @Named("lmessungrepository")
+    private Repository repository;
 
-    /**
-     * Request a LMessung via its id.
-     *
-     * @param id The LMessung id
-     * @return JSON Object via REST service.
-     */
-    @GET
-    @Path("/{id}")
-    @Produces("text/json")
-    public Response findById(@PathParam("id") String id) {
-        return repository.findById(LMessung.class, id);
-    }
+    @Inject
+    @Named("ldapauth")
+    private Authentication authentication;
 
     /**
      * Request LMessung via a filter.
@@ -57,32 +55,70 @@
      */
     @GET
     @Produces("text/json")
-    public Response filter(@Context UriInfo info) {
-        MultivaluedMap<String, String> params = info.getQueryParameters();
-        if (params.isEmpty()) {
-            repository.findAll(LMessung.class);
+    public Response filter(
+        @Context UriInfo info,
+        @Context HttpHeaders header
+    ) {
+        try {
+            AuthenticationResponse auth =
+                authentication.authorizedGroups(header);
+            QueryBuilder<LMessung> builder =
+                new QueryBuilder<LMessung>(
+                    repository.getEntityManager(),
+                    LMessung.class);
+            builder.or("netzbetreiberId", auth.getNetzbetreiber());
+            MultivaluedMap<String, String> params = info.getQueryParameters();
+            if (params.isEmpty()) {
+                repository.filter(builder.getQuery());
+            }
+            QueryBuilder<LMessung> pBuilder = builder.getEmptyBuilder();
+            if (params.containsKey("probeId")) {
+                pBuilder.and("probeId", params.getFirst("probeId"));
+                builder.and(pBuilder);
+            }
+            return repository.filter(builder.getQuery());
         }
-        QueryBuilder<LMessung> builder =
-            new QueryBuilder<LMessung>(
-                repository.getEntityManager(), LMessung.class);
-        if (params.containsKey("probeId")) {
-            builder.and("probeId", params.getFirst("probeId"));
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LMessung>());
         }
-        return repository.filter(builder.getQuery());
     }
 
     @PUT
     @Path("/{id}")
     @Produces("text/json")
     @Consumes("application/json")
-    public Response update(LMessung messung) {
-        return repository.update(messung);
+    public Response update(
+        LMessung messung,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            String probeId = messung.getLProbeId();
+            if (authentication.hasAccess(headers, probeId)) {
+                return repository.update(messung);
+            }
+            return new Response(false, 698, new ArrayList<LMessung>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LMessung>());
+        }
     }
 
     @POST
     @Produces("text/json")
     @Consumes("application/json")
-    public Response create(LMessung messung) {
-        return repository.create(messung);
+    public Response create(
+        LMessung messung,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            String probeId = messung.getLProbeId();
+            if (authentication.hasAccess(headers, probeId)) {
+                return repository.create(messung);
+            }
+            return new Response(false, 698, new ArrayList<LMessung>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LMessung>());
+        }
     }
 }
--- a/src/main/java/de/intevation/lada/rest/LMesswertService.java	Tue Jul 02 13:11:29 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/LMesswertService.java	Tue Jul 02 15:12:52 2013 +0200
@@ -13,9 +13,12 @@
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.UriInfo;
 
+import de.intevation.lada.authentication.Authentication;
+import de.intevation.lada.authentication.AuthenticationException;
 import de.intevation.lada.data.QueryBuilder;
 import de.intevation.lada.data.Repository;
 import de.intevation.lada.model.LMesswert;
@@ -37,18 +40,9 @@
     @Named("lmesswertrepository")
     private Repository repository;
 
-    /**
-     * Request a LProbe via its id.
-     *
-     * @param id The LProbe id
-     * @return JSON Object via REST service.
-     */
-    @GET
-    @Path("/{id}")
-    @Produces("text/json")
-    public Response findById(@PathParam("id") String id) {
-        return repository.findById(LMesswert.class, id);
-    }
+    @Inject
+    @Named("ldapauth")
+    private Authentication authentication;
 
     /**
      * Request LMessert via a filter.
@@ -60,33 +54,71 @@
      */
     @GET
     @Produces("text/json")
-    public Response filter(@Context UriInfo info) {
-        MultivaluedMap<String, String> params = info.getQueryParameters();
-        if (params.isEmpty() ||
-            !params.containsKey("probeId") ||
-            !params.containsKey("messungsId")) {
-            return new Response(false, 609, new ArrayList<LMesswert>());
+    public Response filter(
+        @Context UriInfo info,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            if (!authentication.isAuthorizedUser(headers)) {
+                return new Response(false, 699, new ArrayList<LMesswert>());
+            }
+            MultivaluedMap<String, String> params = info.getQueryParameters();
+            if (params.isEmpty() ||
+                !params.containsKey("probeId") ||
+                !params.containsKey("messungId")) {
+                return new Response(false, 609, new ArrayList<LMesswert>());
+            }
+            String probeId = params.getFirst("probeId");
+            if (authentication.hasAccess(headers, probeId)) {
+                QueryBuilder<LMesswert> builder =
+                    new QueryBuilder<LMesswert>(
+                        repository.getEntityManager(), LMesswert.class);
+                builder.and("probeId", probeId)
+                    .and("messungsId", params.getFirst("messungsId"));
+                return repository.filter(builder.getQuery());
+            }
+            return new Response(false, 698, new ArrayList<LMesswert>());
         }
-        QueryBuilder<LMesswert> builder =
-            new QueryBuilder<LMesswert>(
-                repository.getEntityManager(), LMesswert.class);
-        builder.and("probeId", params.getFirst("probeId"))
-            .and("messungsId", params.getFirst("messungsId"));
-
-        return repository.filter(builder.getQuery());
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LMesswert>());
+        }
     }
 
     @PUT
     @Produces("text/json")
     @Consumes("application/json")
-    public Response update(LMesswert messwert) {
-        return repository.update(messwert);
+    public Response update(
+        LMesswert messwert,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            String probeId = messwert.getProbeId();
+            if (authentication.hasAccess(headers, probeId)) {
+                return repository.update(messwert);
+            }
+            return new Response(false, 698, new ArrayList<LMesswert>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LMesswert>());
+        }
     }
 
     @POST
     @Produces("text/json")
     @Consumes("application/json")
-    public Response create(LMesswert messwert) {
-        return repository.create(messwert);
+    public Response create(
+        LMesswert messwert,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            String probeId = messwert.getProbeId();
+            if (authentication.hasAccess(headers, probeId)) {
+                return repository.create(messwert);
+            }
+            return new Response(false, 698, new ArrayList<LMesswert>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LMesswert>());
+        }
     }
 }
--- a/src/main/java/de/intevation/lada/rest/LOrtService.java	Tue Jul 02 13:11:29 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/LOrtService.java	Tue Jul 02 15:12:52 2013 +0200
@@ -1,5 +1,7 @@
 package de.intevation.lada.rest;
 
+import java.util.ArrayList;
+
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.inject.Named;
@@ -8,12 +10,14 @@
 import javax.ws.rs.POST;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.UriInfo;
 
+import de.intevation.lada.authentication.Authentication;
+import de.intevation.lada.authentication.AuthenticationException;
 import de.intevation.lada.data.QueryBuilder;
 import de.intevation.lada.data.Repository;
 import de.intevation.lada.model.LOrt;
@@ -30,41 +34,76 @@
     @Named("lortrepository")
     private Repository repository;
 
-    @GET
-    @Path("/{id}")
-    @Produces("text/json")
-    public Response findById(@PathParam("id") String id) {
-        return repository.findById(LOrt.class, id);
-    }
+    @Inject
+    @Named("ldapauth")
+    private Authentication authentication;
 
     @GET
     @Produces("text/json")
-    public Response filter(@Context UriInfo info) {
-        MultivaluedMap<String, String> params = info.getQueryParameters();
-        if (params.isEmpty()) {
-            repository.findAll(LOrt.class);
+    public Response filter(
+        @Context UriInfo info,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            if (!authentication.isAuthorizedUser(headers)) {
+                return new Response(false, 699, new ArrayList<LOrt>());
+            }
+            MultivaluedMap<String, String> params = info.getQueryParameters();
+            if (params.isEmpty() ||
+                !params.containsKey("probeId")) {
+                return new Response(false, 609, new ArrayList<LOrt>());
+            }
+            String probeId = params.getFirst("probeId");
+            if (authentication.hasAccess(headers, probeId)) {
+                QueryBuilder<LOrt> builder =
+                    new QueryBuilder<LOrt>(
+                        repository.getEntityManager(), LOrt.class);
+                builder.and("probeId", probeId);
+                return repository.filter(builder.getQuery());
+            }
+            return new Response(false, 698, new ArrayList<LOrt>());
         }
-        QueryBuilder<LOrt> builder =
-            new QueryBuilder<LOrt>(
-                repository.getEntityManager(), LOrt.class);
-        if (params.containsKey("probeId")) {
-            builder.and("probeId", params.getFirst("probeId"));
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LOrt>());
         }
-        return repository.filter(builder.getQuery());
     }
 
     @PUT
     @Path("/{id}")
     @Produces("text/json")
     @Consumes("application/json")
-    public Response update(LOrt probe) {
-        return repository.update(probe);
+    public Response update(
+        LOrt ort,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            String probeId = ort.getProbeId();
+            if (authentication.hasAccess(headers, probeId)) {
+                return repository.update(ort);
+            }
+            return new Response(false, 698, new ArrayList<LOrt>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LOrt>());
+        }
     }
 
     @POST
     @Produces("text/json")
     @Consumes("application/json")
-    public Response create(LOrt probe) {
-        return repository.create(probe);
+    public Response create(
+        LOrt ort,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            String probeId = ort.getProbeId();
+            if (authentication.hasAccess(headers, probeId)) {
+                return repository.create(ort);
+            }
+            return new Response(false, 698, new ArrayList<LOrt>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LOrt>());
+        }
     }
 }
--- a/src/main/java/de/intevation/lada/rest/LStatusService.java	Tue Jul 02 13:11:29 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/LStatusService.java	Tue Jul 02 15:12:52 2013 +0200
@@ -1,9 +1,6 @@
 package de.intevation.lada.rest;
 
 import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
 
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
@@ -13,12 +10,14 @@
 import javax.ws.rs.POST;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.UriInfo;
 
+import de.intevation.lada.authentication.Authentication;
+import de.intevation.lada.authentication.AuthenticationException;
 import de.intevation.lada.data.QueryBuilder;
 import de.intevation.lada.data.Repository;
 import de.intevation.lada.model.LStatus;
@@ -40,18 +39,9 @@
     @Named("lstatusrepository")
     private Repository repository;
 
-    /**
-     * Request a LStatus via its id.
-     *
-     * @param id The LStatus id
-     * @return JSON Object via REST service.
-     */
-    @GET
-    @Path("/{id}")
-    @Produces("text/json")
-    public Response findById(@PathParam("id") String id) {
-        return repository.findById(LStatus.class, id);
-    }
+    @Inject
+    @Named("ldapauth")
+    private Authentication authentication;
 
     /**
      * Request LStatus via a filter.
@@ -63,32 +53,71 @@
      */
     @GET
     @Produces("text/json")
-    public Response filter(@Context UriInfo info) {
-        MultivaluedMap<String, String> params = info.getQueryParameters();
-        if (params.isEmpty() ||
-            !params.containsKey("probeId") ||
-            !params.containsKey("messungId")) {
-            return new Response(false, 609, new ArrayList<LStatus>());
+    public Response filter(
+        @Context UriInfo info,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            if (!authentication.isAuthorizedUser(headers)) {
+                return new Response(false, 699, new ArrayList<LStatus>());
+            }
+            MultivaluedMap<String, String> params = info.getQueryParameters();
+            if (params.isEmpty() ||
+                !params.containsKey("probeId") ||
+                !params.containsKey("messungId")) {
+                return new Response(false, 609, new ArrayList<LStatus>());
+            }
+            String probeId = params.getFirst("probeId");
+            if (authentication.hasAccess(headers, probeId)) {
+                QueryBuilder<LStatus> builder =
+                    new QueryBuilder<LStatus>(
+                        repository.getEntityManager(), LStatus.class);
+                builder.and("probeId", probeId)
+                    .and("messungsId", params.getFirst("messungsId"));
+                return repository.filter(builder.getQuery());
+            }
+            return new Response(false, 698, new ArrayList<LStatus>());
         }
-        QueryBuilder<LStatus> builder =
-            new QueryBuilder<LStatus>(
-                repository.getEntityManager(), LStatus.class);
-        builder.and("probeId", params.getFirst("probeId"))
-            .and("messungsId", params.getFirst("messungsId"));
-        return repository.filter(builder.getQuery());
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LStatus>());
+        }
     }
 
     @PUT
     @Produces("text/json")
     @Consumes("application/json")
-    public Response update(LStatus status) {
-        return repository.update(status);
+    public Response update(
+        LStatus status,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            String probeId = status.getProbeId();
+            if (authentication.hasAccess(headers, probeId)) {
+                return repository.update(status);
+            }
+            return new Response(false, 698, new ArrayList<LStatus>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LStatus>());
+        }
     }
 
     @POST
     @Produces("text/json")
     @Consumes("application/json")
-    public Response create(LStatus status) {
-        return repository.create(status);
+    public Response create(
+        LStatus status,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            String probeId = status.getProbeId();
+            if (authentication.hasAccess(headers, probeId)) {
+                return repository.create(status);
+            }
+            return new Response(false, 698, new ArrayList<LStatus>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LStatus>());
+        }
     }
 }
--- a/src/main/java/de/intevation/lada/rest/LZusatzwertService.java	Tue Jul 02 13:11:29 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/LZusatzwertService.java	Tue Jul 02 15:12:52 2013 +0200
@@ -15,9 +15,12 @@
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.UriInfo;
 
+import de.intevation.lada.authentication.Authentication;
+import de.intevation.lada.authentication.AuthenticationException;
 import de.intevation.lada.data.QueryBuilder;
 import de.intevation.lada.data.Repository;
 import de.intevation.lada.model.LZusatzWert;
@@ -39,18 +42,9 @@
     @Named("lzusatzwertrepository")
     private Repository repository;
 
-    /**
-     * Request a LZusatzWert via its id.
-     *
-     * @param id The LProbe id
-     * @return JSON Object via REST service.
-     */
-    @GET
-    @Path("/{id}")
-    @Produces("text/json")
-    public Response findById(@PathParam("id") String id) {
-        return repository.findById(LZusatzWert.class, id);
-    }
+    @Inject
+    @Named("ldapauth")
+    private Authentication authentication;
 
     /**
      * Request LMessert via a filter.
@@ -62,50 +56,98 @@
      */
     @GET
     @Produces("text/json")
-    public Response filter(@Context UriInfo info) {
-        MultivaluedMap<String, String> params = info.getQueryParameters();
-        if (params.isEmpty() || !params.containsKey("probeId")) {
-            return new Response(false, 609, new ArrayList<LZusatzWert>());
+    public Response filter(
+        @Context UriInfo info,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            if (!authentication.isAuthorizedUser(headers)) {
+                return new Response(false, 699, new ArrayList<LZusatzWert>());
+            }
+            MultivaluedMap<String, String> params = info.getQueryParameters();
+            if (params.isEmpty() || !params.containsKey("probeId")) {
+                return new Response(false, 609, new ArrayList<LZusatzWert>());
+            }
+            String probeId = params.getFirst("probeId");
+            if (authentication.hasAccess(headers, probeId)) {
+                QueryBuilder<LZusatzWert> builder =
+                    new QueryBuilder<LZusatzWert>(
+                        repository.getEntityManager(), LZusatzWert.class);
+                builder.and("probeId", probeId);
+                return repository.filter(builder.getQuery());
+            }
+            return new Response(false, 698, new ArrayList<LZusatzWert>());
         }
-        String paramValue = params.getFirst("probeId");
-        QueryBuilder<LZusatzWert> builder =
-            new QueryBuilder<LZusatzWert>(
-                repository.getEntityManager(), LZusatzWert.class);
-        builder.and("probeId", paramValue);
-        return repository.filter(builder.getQuery());
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LZusatzWert>());
+        }
     }
 
     @PUT
     @Produces("text/json")
     @Path("/{pzsId}/{probeId}")
     @Consumes("application/json")
-    public Response update(LZusatzWert zusatzwert) {
-        return repository.update(zusatzwert);
+    public Response update(
+        LZusatzWert zusatzwert,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            String probeId = zusatzwert.getProbeId();
+            if (authentication.hasAccess(headers, probeId)) {
+                return repository.update(zusatzwert);
+            }
+            return new Response(false, 698, new ArrayList<LZusatzWert>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LZusatzWert>());
+        }
     }
 
     @POST
     @Produces("text/json")
     @Consumes("application/json")
-    public Response create(LZusatzWert zusatzwert) {
-        return repository.create(zusatzwert);
+    public Response create(
+        LZusatzWert zusatzwert,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            String probeId = zusatzwert.getProbeId();
+            if (authentication.hasAccess(headers, probeId)) {
+                return repository.create(zusatzwert);
+            }
+            return new Response(false, 698, new ArrayList<LZusatzWert>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LZusatzWert>());
+        }
     }
 
     @DELETE
     @Path("/{pzsId}/{probeId}")
     public Response delete(
         @PathParam("pzsId") String pzsId,
-        @PathParam("probeId") String probeId ) {
-        QueryBuilder<LZusatzWert> builder =
-            new QueryBuilder<LZusatzWert>(
-                repository.getEntityManager(),
-                LZusatzWert.class);
-        builder.and("pzsId", pzsId).and("probeId", probeId);
-        Response response = repository.filter(builder.getQuery());
-        List<LZusatzWert> list = (List<LZusatzWert>)response.getData();
-        if (!list.isEmpty()) {
-            repository.delete(list.get(0));
-            return new Response(true, 200, null);
+        @PathParam("probeId") String probeId,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            if (authentication.hasAccess(headers, probeId)) {
+                QueryBuilder<LZusatzWert> builder =
+                    new QueryBuilder<LZusatzWert>(
+                        repository.getEntityManager(),
+                        LZusatzWert.class);
+                builder.and("pzsId", pzsId).and("probeId", probeId);
+                Response response = repository.filter(builder.getQuery());
+                List<LZusatzWert> list = (List<LZusatzWert>)response.getData();
+                if (!list.isEmpty()) {
+                    repository.delete(list.get(0));
+                    return new Response(true, 200, null);
+                }
+                return new Response(false, 600, null);
+            }
+            return new Response(false, 698, new ArrayList<LZusatzWert>());
         }
-        return new Response(false, 600, null);
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LZusatzWert>());
+        }
     }
 }
--- a/src/main/java/de/intevation/lada/rest/OrtService.java	Tue Jul 02 13:11:29 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/OrtService.java	Tue Jul 02 15:12:52 2013 +0200
@@ -14,9 +14,12 @@
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.UriInfo;
 
+import de.intevation.lada.authentication.Authentication;
+import de.intevation.lada.authentication.AuthenticationException;
 import de.intevation.lada.data.QueryBuilder;
 import de.intevation.lada.data.Repository;
 import de.intevation.lada.model.Ort;
@@ -32,6 +35,10 @@
     @Named("ortrepository")
     private Repository repository;
 
+    @Inject
+    @Named("ldapauth")
+    private Authentication authentication;
+
     /**
      * Request a LZusatzWert via its id.
      *
@@ -41,8 +48,19 @@
     @GET
     @Path("/{id}")
     @Produces("text/json")
-    public Response findById(@PathParam("id") String id) {
-        return repository.findById(Ort.class, id);
+    public Response findById(
+        @PathParam("id") String id,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            if (authentication.isAuthorizedUser(headers)) {
+                return repository.findById(Ort.class, id);
+            }
+            return new Response(false, 699, new ArrayList<Ort>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<Ort>());
+        }
     }
 
     /**
@@ -55,34 +73,69 @@
      */
     @GET
     @Produces("text/json")
-    public Response filter() {
-        return repository.findAll(Ort.class);
+    public Response filter(@Context HttpHeaders headers) {
+        try {
+            if (authentication.isAuthorizedUser(headers)) {
+                return repository.findAll(Ort.class);
+            }
+            return new Response(false, 699, new ArrayList<Ort>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<Ort>());
+        }
     }
 
     @PUT
     @Produces("text/json")
     @Path("/{ortId}")
     @Consumes("application/json")
-    public Response update(Ort ort) {
-        return repository.update(ort);
+    public Response update(Ort ort, @Context HttpHeaders headers) {
+        try {
+            if (authentication.isAuthorizedUser(headers)) {
+                return repository.update(ort);
+            }
+            return new Response(false, 699, new ArrayList<Ort>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<Ort>());
+        }
     }
 
     @POST
     @Produces("text/json")
     @Consumes("application/json")
-    public Response create(Ort ort) {
-        return repository.create(ort);
+    public Response create(Ort ort, @Context HttpHeaders headers) {
+        try {
+            if (authentication.isAuthorizedUser(headers)) {
+                return repository.create(ort);
+            }
+            return new Response(false, 699, new ArrayList<Ort>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<Ort>());
+        }
     }
 
     @DELETE
     @Path("/{ortId}")
-    public Response delete(@PathParam("ortId") String ortId ) {
-        Response response = repository.findById(Ort.class, ortId);
-        Ort ort = (Ort)response.getData();
-        if (ort != null) {
-            repository.delete(ort);
-            return new Response(true, 200, null);
+    public Response delete(
+        @PathParam("ortId") String ortId,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            if (authentication.isAuthorizedUser(headers)) {
+                Response response = repository.findById(Ort.class, ortId);
+                Ort ort = (Ort)response.getData();
+                if (ort != null) {
+                    repository.delete(ort);
+                    return new Response(true, 200, null);
+                }
+                return new Response(false, 600, null);
+            }
+            return new Response(false, 699, new ArrayList<Ort>());
         }
-        return new Response(false, 600, null);
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<Ort>());
+        }
     }
 }
--- a/src/main/java/de/intevation/lada/rest/SDatenbasisService.java	Tue Jul 02 13:11:29 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/SDatenbasisService.java	Tue Jul 02 15:12:52 2013 +0200
@@ -1,5 +1,6 @@
 package de.intevation.lada.rest;
 
+import java.util.ArrayList;
 import java.util.logging.Logger;
 
 import javax.faces.bean.RequestScoped;
@@ -9,7 +10,11 @@
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
 
+import de.intevation.lada.authentication.Authentication;
+import de.intevation.lada.authentication.AuthenticationException;
 import de.intevation.lada.data.Repository;
 import de.intevation.lada.model.SDatenbasis;
 
@@ -29,6 +34,10 @@
     @Named("readonlyrepository")
     private Repository repository;
 
+    @Inject
+    @Named("ldapauth")
+    private Authentication authentication;
+
     /**
      * The logger for this class
      */
@@ -42,8 +51,16 @@
      */
     @GET
     @Produces("text/json")
-    public Response findAll() {
-        return repository.findAll(SDatenbasis.class);
+    public Response findAll(@Context HttpHeaders headers) {
+        try {
+            if (authentication.isAuthorizedUser(headers)) {
+                return repository.findAll(SDatenbasis.class);
+            }
+            return new Response(false, 699, new ArrayList<SDatenbasis>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<SDatenbasis>());
+        }
     }
 
     /**
@@ -55,7 +72,18 @@
     @GET
     @Path("/{id}")
     @Produces("text/json")
-    public Response findById(@PathParam("id") String id) {
-        return repository.findById(SDatenbasis.class, id);
+    public Response findById(
+        @PathParam("id") String id,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            if (authentication.isAuthorizedUser(headers)) {
+                return repository.findById(SDatenbasis.class, id);
+            }
+            return new Response(false, 699, new ArrayList<SDatenbasis>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<SDatenbasis>());
+        }
     }
 }
--- a/src/main/java/de/intevation/lada/rest/SMesseinheitService.java	Tue Jul 02 13:11:29 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/SMesseinheitService.java	Tue Jul 02 15:12:52 2013 +0200
@@ -1,5 +1,6 @@
 package de.intevation.lada.rest;
 
+import java.util.ArrayList;
 import java.util.logging.Logger;
 
 import javax.faces.bean.RequestScoped;
@@ -8,7 +9,11 @@
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
 
+import de.intevation.lada.authentication.Authentication;
+import de.intevation.lada.authentication.AuthenticationException;
 import de.intevation.lada.data.Repository;
 import de.intevation.lada.model.SMessEinheit;
 
@@ -28,6 +33,10 @@
     @Named("readonlyrepository")
     private Repository repository;
 
+    @Inject
+    @Named("ldapauth")
+    private Authentication authentication;
+
     /**
      * The logger for this class
      */
@@ -41,7 +50,15 @@
      */
     @GET
     @Produces("text/json")
-    public Response findAll() {
-        return repository.findAll(SMessEinheit.class);
+    public Response findAll(@Context HttpHeaders headers) {
+        try {
+            if (authentication.isAuthorizedUser(headers)) {
+                return repository.findAll(SMessEinheit.class);
+            }
+            return new Response(false, 699, new ArrayList<SMessEinheit>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<SMessEinheit>());
+        }
     }
 }
--- a/src/main/java/de/intevation/lada/rest/SProbenartService.java	Tue Jul 02 13:11:29 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/SProbenartService.java	Tue Jul 02 15:12:52 2013 +0200
@@ -1,5 +1,6 @@
 package de.intevation.lada.rest;
 
+import java.util.ArrayList;
 import java.util.logging.Logger;
 
 import javax.enterprise.context.RequestScoped;
@@ -9,7 +10,11 @@
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
 
+import de.intevation.lada.authentication.Authentication;
+import de.intevation.lada.authentication.AuthenticationException;
 import de.intevation.lada.data.Repository;
 import de.intevation.lada.model.SProbenart;
 
@@ -29,6 +34,10 @@
     @Named("readonlyrepository")
     private Repository repository;
 
+    @Inject
+    @Named("ldapauth")
+    private Authentication authentication;
+
     /**
      * The logger for this class
      */
@@ -42,8 +51,16 @@
      */
     @GET
     @Produces("text/json")
-    public Response findAll() {
-        return repository.findAll(SProbenart.class);
+    public Response findAll(@Context HttpHeaders headers) {
+        try {
+            if (authentication.isAuthorizedUser(headers)) {
+                return repository.findAll(SProbenart.class);
+            }
+            return new Response(false, 699, new ArrayList<SProbenart>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<SProbenart>());
+        }
     }
 
     /**
@@ -55,7 +72,18 @@
     @GET
     @Path("/{id}")
     @Produces("text/json")
-    public Response findById(@PathParam("id") String id) {
-        return repository.findById(SProbenart.class, id);
+    public Response findById(
+        @PathParam("id") String id,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            if (authentication.isAuthorizedUser(headers)) {
+                return repository.findById(SProbenart.class, id);
+            }
+            return new Response(false, 699, new ArrayList<SProbenart>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<SProbenart>());
+        }
     }
 }
--- a/src/main/java/de/intevation/lada/rest/SProbenzusatzService.java	Tue Jul 02 13:11:29 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/SProbenzusatzService.java	Tue Jul 02 15:12:52 2013 +0200
@@ -1,5 +1,6 @@
 package de.intevation.lada.rest;
 
+import java.util.ArrayList;
 import java.util.logging.Logger;
 
 import javax.faces.bean.RequestScoped;
@@ -8,7 +9,11 @@
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
 
+import de.intevation.lada.authentication.Authentication;
+import de.intevation.lada.authentication.AuthenticationException;
 import de.intevation.lada.data.Repository;
 import de.intevation.lada.model.SProbenZusatz;
 
@@ -28,6 +33,10 @@
     @Named("readonlyrepository")
     private Repository repository;
 
+    @Inject
+    @Named("ldapauth")
+    private Authentication authentication;
+
     /**
      * The logger for this class
      */
@@ -41,7 +50,15 @@
      */
     @GET
     @Produces("text/json")
-    public Response findAll() {
-        return repository.findAll(SProbenZusatz.class);
+    public Response findAll(@Context HttpHeaders headers) {
+        try {
+            if (authentication.isAuthorizedUser(headers)) {
+                return repository.findAll(SProbenZusatz.class);
+            }
+            return new Response(false, 699, new ArrayList<SProbenZusatz>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<SProbenZusatz>());
+        }
     }
 }
--- a/src/main/java/de/intevation/lada/rest/SStaatService.java	Tue Jul 02 13:11:29 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/SStaatService.java	Tue Jul 02 15:12:52 2013 +0200
@@ -1,5 +1,7 @@
 package de.intevation.lada.rest;
 
+import java.util.ArrayList;
+
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.inject.Named;
@@ -7,7 +9,11 @@
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
 
+import de.intevation.lada.authentication.Authentication;
+import de.intevation.lada.authentication.AuthenticationException;
 import de.intevation.lada.data.Repository;
 import de.intevation.lada.model.SStaat;
 
@@ -27,6 +33,10 @@
     @Named("readonlyrepository")
     private Repository repository;
 
+    @Inject
+    @Named("ldapauth")
+    private Authentication authentication;
+
     /**
      * Request all SUmwelt objects.
      *
@@ -34,8 +44,16 @@
      */
     @GET
     @Produces("text/json")
-    public Response findAll() {
-        return repository.findAll(SStaat.class);
+    public Response findAll(@Context HttpHeaders headers) {
+        try {
+            if (authentication.isAuthorizedUser(headers)) {
+                return repository.findAll(SStaat.class);
+            }
+            return new Response(false, 699, new ArrayList<SStaat>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<SStaat>());
+        }
     }
 
     /**
@@ -47,7 +65,17 @@
     @GET
     @Path("/{id:[0-9][0-9]*}")
     @Produces("text/json")
-    public Response findById(@PathParam("id") String id) {
-        return repository.findById(SStaat.class, id);
+    public Response findById(
+        @PathParam("id") String id,
+        @Context HttpHeaders headers) {
+        try {
+            if (authentication.isAuthorizedUser(headers)) {
+                return repository.findById(SStaat.class, id);
+            }
+            return new Response(false, 699, new ArrayList<SStaat>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<SStaat>());
+        }
     }
 }
--- a/src/main/java/de/intevation/lada/rest/SUmweltService.java	Tue Jul 02 13:11:29 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/SUmweltService.java	Tue Jul 02 15:12:52 2013 +0200
@@ -1,5 +1,6 @@
 package de.intevation.lada.rest;
 
+import java.util.ArrayList;
 import java.util.logging.Logger;
 
 import javax.enterprise.context.RequestScoped;
@@ -9,7 +10,11 @@
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
 
+import de.intevation.lada.authentication.Authentication;
+import de.intevation.lada.authentication.AuthenticationException;
 import de.intevation.lada.data.Repository;
 import de.intevation.lada.model.SUmwelt;
 
@@ -29,6 +34,10 @@
     @Named("readonlyrepository")
     private Repository repository;
 
+    @Inject
+    @Named("ldapauth")
+    private Authentication authentication;
+
     /**
      * The logger for this class.
      */
@@ -42,8 +51,16 @@
      */
     @GET
     @Produces("text/json")
-    public Response findAll() {
-        return repository.findAll(SUmwelt.class);
+    public Response findAll(@Context HttpHeaders headers) {
+        try {
+            if (authentication.isAuthorizedUser(headers)) {
+                return repository.findAll(SUmwelt.class);
+            }
+            return new Response(false, 699, new ArrayList<SUmwelt>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<SUmwelt>());
+        }
     }
 
     /**
@@ -55,7 +72,18 @@
     @GET
     @Path("/{id:[0-9][0-9]*}")
     @Produces("text/json")
-    public Response findById(@PathParam("id") String id) {
-        return repository.findById(SUmwelt.class, id);
+    public Response findById(
+        @PathParam("id") String id,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            if (authentication.isAuthorizedUser(headers)) {
+                return repository.findById(SUmwelt.class, id);
+            }
+            return new Response(false, 699, new ArrayList<SUmwelt>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<SUmwelt>());
+        }
     }
 }
--- a/src/main/java/de/intevation/lada/rest/SVerwaltungseinheitService.java	Tue Jul 02 13:11:29 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/SVerwaltungseinheitService.java	Tue Jul 02 15:12:52 2013 +0200
@@ -1,5 +1,7 @@
 package de.intevation.lada.rest;
 
+import java.util.ArrayList;
+
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.inject.Named;
@@ -7,7 +9,11 @@
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
 
+import de.intevation.lada.authentication.Authentication;
+import de.intevation.lada.authentication.AuthenticationException;
 import de.intevation.lada.data.Repository;
 import de.intevation.lada.model.SVerwaltungseinheit;
 
@@ -28,6 +34,10 @@
     @Named("readonlyrepository")
     private Repository repository;
 
+    @Inject
+    @Named("ldapauth")
+    private Authentication authentication;
+
     /**
      * Request all SUmwelt objects.
      *
@@ -35,8 +45,16 @@
      */
     @GET
     @Produces("text/json")
-    public Response findAll() {
-        return repository.findAll(SVerwaltungseinheit.class);
+    public Response findAll(@Context HttpHeaders headers) {
+        try {
+            if (authentication.isAuthorizedUser(headers)) {
+                return repository.findAll(SVerwaltungseinheit.class);
+            }
+            return new Response(false, 699, new ArrayList<SVerwaltungseinheit>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<SVerwaltungseinheit>());
+        }
     }
 
     /**
@@ -48,7 +66,18 @@
     @GET
     @Path("/{id:[0-9][0-9]*}")
     @Produces("text/json")
-    public Response findById(@PathParam("id") String id) {
-        return repository.findById(SVerwaltungseinheit.class, id);
+    public Response findById(
+        @PathParam("id") String id,
+        @Context HttpHeaders headers
+    ) {
+        try {
+            if (authentication.isAuthorizedUser(headers)) {
+                return repository.findById(SVerwaltungseinheit.class, id);
+            }
+            return new Response(false, 699, new ArrayList<SVerwaltungseinheit>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<SVerwaltungseinheit>());
+        }
     }
 }
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)