Commit 7a6e7447 authored by Alina Habibulina's avatar Alina Habibulina

+ SecurityInterceptor

parent 22d4b184
package kz.arta.ext.sap.service;
import kz.arta.ext.sap.db.UserManager;
import sun.misc.BASE64Decoder;
import java.io.IOException;
import javax.enterprise.context.RequestScoped;
import javax.ws.rs.GET;
......@@ -39,28 +36,9 @@ public class PasswordSetService {
@POST
@Path("/set_password")
@Produces(MediaType.APPLICATION_JSON + "; charset=utf-8")
public String setPassword(@HeaderParam("authorization") String authParam, @QueryParam("login") String login, @QueryParam("new_password") String new_pass){
try {
String decodedAuth = "";
String[] authParts = authParam.split(" ");
String authInfo = authParts[1];
byte[] bytes = null;
public String setPassword(@HeaderParam("authorization") String authParam, @QueryParam("currentUserLogin") String currentUserLogin, @QueryParam("login") String login, @QueryParam("new_password") String new_pass){
try {
bytes = new BASE64Decoder().decodeBuffer(authInfo);
decodedAuth = new String(bytes, "UTF-8");
} catch (IOException e) {
e.printStackTrace();
}
String[] authArray = decodedAuth.split(":");
String currentUserLogin = authArray[0];
String currentUserPass = authArray[1];
int authResult = UserManager.checkAuth(currentUserLogin, currentUserPass);
if (authResult == 200){
int isAdminResult = UserManager.isAdmin(currentUserLogin);
if (isAdminResult == 1) {
......@@ -75,11 +53,6 @@ public class PasswordSetService {
return PasswordSetService.errorMessagesHandler(500);
}
} else if(authResult == 401) {
return PasswordSetService.errorMessagesHandler(401);
} else {
return PasswordSetService.errorMessagesHandler(500);
}
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
......
package kz.arta.ext.sap.service;
import org.jboss.resteasy.annotations.interception.Precedence;
import org.jboss.resteasy.annotations.interception.ServerInterceptor;
import org.jboss.resteasy.core.Headers;
......@@ -9,10 +10,16 @@ import org.jboss.resteasy.spi.Failure;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.interception.PreProcessInterceptor;
import kz.arta.ext.sap.db.UserManager;
import sun.misc.BASE64Decoder;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.ext.Provider;
/**
......@@ -27,7 +34,9 @@ import javax.ws.rs.ext.Provider;
@Precedence("SECURITY")
public class SecurityInterceptor implements PreProcessInterceptor {
private static final ServerResponse ACCESS_DENIED = new ServerResponse("Access allowed only for registered users", 401, new Headers<Object>());
private static final ServerResponse ACCESS_DENIED = new ServerResponse("{\"status\":\"401 Unauthorized!\", \"errorCode\": \"401\"}", 401, new Headers<Object>());
private static final ServerResponse DB_ERROR = new ServerResponse("{\"status\":\"Something has gone wrong on serve/db\", \"errorCode\": \"500\"}", 500, new Headers<Object>());
@Context
HttpServletRequest request;
......@@ -37,6 +46,38 @@ public class SecurityInterceptor implements PreProcessInterceptor {
@Override
public ServerResponse preProcess(HttpRequest httpRequest, ResourceMethod resourceMethod) throws Failure, WebApplicationException {
String currentUserLogin = null;
if (httpRequest.getUri().getPath().startsWith("/uservice/")){
String authParam = request.getHeader("Authorization");
String decodedAuth = "";
String[] authParts = authParam.split(" ");
String authInfo = authParts[1];
byte[] bytes = null;
try {
bytes = new BASE64Decoder().decodeBuffer(authInfo);
decodedAuth = new String(bytes, "UTF-8");
} catch (IOException e) {
e.printStackTrace();
}
String[] authArray = decodedAuth.split(":");
currentUserLogin = authArray[0];
String currentUserPass = authArray[1];
int authResult = UserManager.checkAuth(currentUserLogin, currentUserPass);
if (authResult == 401){
return ACCESS_DENIED;
} else if (authResult == 500){
return DB_ERROR;
}
httpRequest.getUri().getQueryParameters().add("currentUserLogin", currentUserLogin);
}
return null;
}
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment