+ SecurityInterceptor

7a6e7447 · Alina Habibulina · 22d4b184 · 7a6e7447 · 7a6e7447
Commit 7a6e7447 authored Jun 21, 2018 by Alina Habibulina
2 changed files
--- a/src/main/java/kz/arta/ext/sap/service/PasswordSetService.java
+++ b/src/main/java/kz/arta/ext/sap/service/PasswordSetService.java
 package kz.arta.ext.sap.service;
 import kz.arta.ext.sap.db.UserManager;
-import sun.misc.BASE64Decoder;
-import java.io.IOException;
 import javax.enterprise.context.RequestScoped;
 import javax.ws.rs.GET;
@@ -39,28 +36,9 @@ public class PasswordSetService {
 	@POST
 	@Path("/set_password")
 	@Produces(MediaType.APPLICATION_JSON + "; charset=utf-8")
-    public String setPassword(@HeaderParam("authorization") String authParam, @QueryParam("login") String login, @QueryParam("new_password") String new_pass){
+    public String setPassword(@HeaderParam("authorization") String authParam, @QueryParam("currentUserLogin") String currentUserLogin, @QueryParam("login") String login, @QueryParam("new_password") String new_pass){
-		try {
-			String decodedAuth = "";
-			String[] authParts = authParam.split(" ");
-			String authInfo = authParts[1];
-			byte[] bytes = null;
 		try {
-	            bytes = new BASE64Decoder().decodeBuffer(authInfo);
-	            decodedAuth = new String(bytes, "UTF-8");
-	        } catch (IOException e) {
-	            e.printStackTrace();
-	        }
-			String[] authArray = decodedAuth.split(":");
-			String currentUserLogin = authArray[0];
-			String currentUserPass = authArray[1];
-			int authResult = UserManager.checkAuth(currentUserLogin, currentUserPass);
-			if (authResult == 200){
 			int isAdminResult = UserManager.isAdmin(currentUserLogin);
 			if (isAdminResult == 1) {
@@ -75,11 +53,6 @@ public class PasswordSetService {
 				return PasswordSetService.errorMessagesHandler(500);
 			}
-			} else if(authResult == 401) {
-				return PasswordSetService.errorMessagesHandler(401);
-			} else {
-				return PasswordSetService.errorMessagesHandler(500);
-			}
 		} catch (RuntimeException e) {
 		    throw e;
 		} catch (Exception e) {

--- a/src/main/java/kz/arta/ext/sap/service/SecurityInterceptor.java
+++ b/src/main/java/kz/arta/ext/sap/service/SecurityInterceptor.java
 package kz.arta.ext.sap.service;
 import org.jboss.resteasy.annotations.interception.Precedence;
 import org.jboss.resteasy.annotations.interception.ServerInterceptor;
 import org.jboss.resteasy.core.Headers;
@@ -9,10 +10,16 @@ import org.jboss.resteasy.spi.Failure;
 import org.jboss.resteasy.spi.HttpRequest;
 import org.jboss.resteasy.spi.interception.PreProcessInterceptor;
+import kz.arta.ext.sap.db.UserManager;
+import sun.misc.BASE64Decoder;
+import java.io.IOException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.ext.Provider;
 /**
@@ -27,7 +34,9 @@ import javax.ws.rs.ext.Provider;
 @Precedence("SECURITY")
 public class SecurityInterceptor implements PreProcessInterceptor {
-    private static final ServerResponse ACCESS_DENIED = new ServerResponse("Access allowed only for registered users", 401, new Headers<Object>());
+    private static final ServerResponse ACCESS_DENIED = new ServerResponse("{\"status\":\"401 Unauthorized!\", \"errorCode\": \"401\"}", 401, new Headers<Object>());
+    private static final ServerResponse DB_ERROR = new ServerResponse("{\"status\":\"Something has gone wrong on serve/db\", \"errorCode\": \"500\"}", 500, new Headers<Object>());
    @Context
    HttpServletRequest request;
@@ -37,6 +46,38 @@ public class SecurityInterceptor implements PreProcessInterceptor {
    @Override
    public ServerResponse preProcess(HttpRequest httpRequest, ResourceMethod resourceMethod) throws Failure, WebApplicationException {
+    	String currentUserLogin = null;
+    	if (httpRequest.getUri().getPath().startsWith("/uservice/")){
+    		String authParam = request.getHeader("Authorization");
+    		String decodedAuth = "";
+    		String[] authParts = authParam.split(" ");
+    		String authInfo = authParts[1];
+    		byte[] bytes = null;
+    		 try {
+                bytes = new BASE64Decoder().decodeBuffer(authInfo);
+                decodedAuth = new String(bytes, "UTF-8");
+            } catch (IOException e) {
+                e.printStackTrace();
+            }
+    		String[] authArray = decodedAuth.split(":");
+    		currentUserLogin = authArray[0];
+    		String currentUserPass = authArray[1];
+    		int authResult = UserManager.checkAuth(currentUserLogin, currentUserPass);
+    		if (authResult == 401){
+    			return ACCESS_DENIED;
+    		} else if (authResult == 500){
+    			return DB_ERROR;
+    		}
+    		httpRequest.getUri().getQueryParameters().add("currentUserLogin", currentUserLogin);    			
+    	}
    	return null;
    }
 }