Commit 7a6e7447 authored by Alina Habibulina's avatar Alina Habibulina

+ SecurityInterceptor

parent 22d4b184
package kz.arta.ext.sap.service; package kz.arta.ext.sap.service;
import kz.arta.ext.sap.db.UserManager; import kz.arta.ext.sap.db.UserManager;
import sun.misc.BASE64Decoder;
import java.io.IOException;
import javax.enterprise.context.RequestScoped; import javax.enterprise.context.RequestScoped;
import javax.ws.rs.GET; import javax.ws.rs.GET;
...@@ -39,47 +36,23 @@ public class PasswordSetService { ...@@ -39,47 +36,23 @@ public class PasswordSetService {
@POST @POST
@Path("/set_password") @Path("/set_password")
@Produces(MediaType.APPLICATION_JSON + "; charset=utf-8") @Produces(MediaType.APPLICATION_JSON + "; charset=utf-8")
public String setPassword(@HeaderParam("authorization") String authParam, @QueryParam("login") String login, @QueryParam("new_password") String new_pass){ public String setPassword(@HeaderParam("authorization") String authParam, @QueryParam("currentUserLogin") String currentUserLogin, @QueryParam("login") String login, @QueryParam("new_password") String new_pass){
try { try {
String decodedAuth = "";
String[] authParts = authParam.split(" ");
String authInfo = authParts[1];
byte[] bytes = null;
try {
bytes = new BASE64Decoder().decodeBuffer(authInfo);
decodedAuth = new String(bytes, "UTF-8");
} catch (IOException e) {
e.printStackTrace();
}
String[] authArray = decodedAuth.split(":");
String currentUserLogin = authArray[0]; int isAdminResult = UserManager.isAdmin(currentUserLogin);
String currentUserPass = authArray[1]; if (isAdminResult == 1) {
int authResult = UserManager.checkAuth(currentUserLogin, currentUserPass);
if (authResult == 200){
int isAdminResult = UserManager.isAdmin(currentUserLogin);
if (isAdminResult == 1) {
return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass));
} else if (isAdminResult == 0){
if( login.equals(currentUserLogin)) return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass));
else return PasswordSetService.errorMessagesHandler(403);
} else {
return PasswordSetService.errorMessagesHandler(500);
}
} else if(authResult == 401) { return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass));
return PasswordSetService.errorMessagesHandler(401);
} else { } else if (isAdminResult == 0){
if( login.equals(currentUserLogin)) return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass));
else return PasswordSetService.errorMessagesHandler(403);
} else {
return PasswordSetService.errorMessagesHandler(500); return PasswordSetService.errorMessagesHandler(500);
} }
} catch (RuntimeException e) { } catch (RuntimeException e) {
throw e; throw e;
} catch (Exception e) { } catch (Exception e) {
......
package kz.arta.ext.sap.service; package kz.arta.ext.sap.service;
import org.jboss.resteasy.annotations.interception.Precedence; import org.jboss.resteasy.annotations.interception.Precedence;
import org.jboss.resteasy.annotations.interception.ServerInterceptor; import org.jboss.resteasy.annotations.interception.ServerInterceptor;
import org.jboss.resteasy.core.Headers; import org.jboss.resteasy.core.Headers;
...@@ -9,10 +10,16 @@ import org.jboss.resteasy.spi.Failure; ...@@ -9,10 +10,16 @@ import org.jboss.resteasy.spi.Failure;
import org.jboss.resteasy.spi.HttpRequest; import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.interception.PreProcessInterceptor; import org.jboss.resteasy.spi.interception.PreProcessInterceptor;
import kz.arta.ext.sap.db.UserManager;
import sun.misc.BASE64Decoder;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.WebApplicationException; import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context; import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.ext.Provider; import javax.ws.rs.ext.Provider;
/** /**
...@@ -27,8 +34,10 @@ import javax.ws.rs.ext.Provider; ...@@ -27,8 +34,10 @@ import javax.ws.rs.ext.Provider;
@Precedence("SECURITY") @Precedence("SECURITY")
public class SecurityInterceptor implements PreProcessInterceptor { public class SecurityInterceptor implements PreProcessInterceptor {
private static final ServerResponse ACCESS_DENIED = new ServerResponse("Access allowed only for registered users", 401, new Headers<Object>()); private static final ServerResponse ACCESS_DENIED = new ServerResponse("{\"status\":\"401 Unauthorized!\", \"errorCode\": \"401\"}", 401, new Headers<Object>());
private static final ServerResponse DB_ERROR = new ServerResponse("{\"status\":\"Something has gone wrong on serve/db\", \"errorCode\": \"500\"}", 500, new Headers<Object>());
@Context @Context
HttpServletRequest request; HttpServletRequest request;
...@@ -37,6 +46,38 @@ public class SecurityInterceptor implements PreProcessInterceptor { ...@@ -37,6 +46,38 @@ public class SecurityInterceptor implements PreProcessInterceptor {
@Override @Override
public ServerResponse preProcess(HttpRequest httpRequest, ResourceMethod resourceMethod) throws Failure, WebApplicationException { public ServerResponse preProcess(HttpRequest httpRequest, ResourceMethod resourceMethod) throws Failure, WebApplicationException {
return null; String currentUserLogin = null;
if (httpRequest.getUri().getPath().startsWith("/uservice/")){
String authParam = request.getHeader("Authorization");
String decodedAuth = "";
String[] authParts = authParam.split(" ");
String authInfo = authParts[1];
byte[] bytes = null;
try {
bytes = new BASE64Decoder().decodeBuffer(authInfo);
decodedAuth = new String(bytes, "UTF-8");
} catch (IOException e) {
e.printStackTrace();
}
String[] authArray = decodedAuth.split(":");
currentUserLogin = authArray[0];
String currentUserPass = authArray[1];
int authResult = UserManager.checkAuth(currentUserLogin, currentUserPass);
if (authResult == 401){
return ACCESS_DENIED;
} else if (authResult == 500){
return DB_ERROR;
}
httpRequest.getUri().getQueryParameters().add("currentUserLogin", currentUserLogin);
}
return null;
} }
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment