fix 5

src/main/java/kz/arta/ext/sap/db/UserManager.java

@@ -23,7 +23,7 @@ public class UserManager {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(UserManager.class);
     
-    public static String ifUserExist(String login) {
+    public static int ifUserExist(String login) {
 		Connection con = null;
         try {
             con = ConnectionPool.getConnection();
@@ -40,19 +40,19 @@ public class UserManager {
 				}
 			}	
 			
-			if(message.toString().length() > 0) return "true";
-			else return "{\"status\":\"User is not exist!\", \"errorCode\": \"404\"}";
+			if(message.toString().length() > 0) return 200;
+			else return 404;
 
         } catch (SQLException | NamingException e) {
             LOGGER.error("", e);
-			return "{\"status\":\"something gone wrong\", \"error\":\"" + e + "\", \"errorCode\": \"500\"}"; 
+			return 500; 
         } finally {
             ConnectionPool.close(con);
         }
     }
 
-    public static String setPass(String login, String new_pass) {
-    	if(UserManager.ifUserExist(login) == "true") {
+    public static int setPass(String login, String new_pass) {
+    	if(UserManager.ifUserExist(login) == 200) {
 	    		    	
 			Connection con = null;
 	        try {
@@ -61,18 +61,18 @@ public class UserManager {
 				updatePassword.setString(1, new_pass);
 				updatePassword.setString(2, login);
 				updatePassword.executeUpdate();
-				return "{\"result\":\"success\", \"errorCode\":\"0\"}"; 
+				return 200; 
 	
 	        } catch (SQLException | NamingException e) {
 	            LOGGER.error("", e);
-				return "{\"status\":\"something has gone wrong\", \"error\":\"" + e + "\", \"errorCode\": \"500\"}"; 
+				return 500; 
 	        } finally {
 	            ConnectionPool.close(con);
 	        }
-    	} else return "{\"status\":\"There is no user with such login!\", \"errorCode\": \"404\"}";
+    	} else return 404;
     }
 	
-	public static String checkAuth(String login, String password) {
+	public static int checkAuth(String login, String password) {
 		Connection con = null;
         try {
             con = ConnectionPool.getConnection();
@@ -87,22 +87,21 @@ public class UserManager {
 				for (int i = 1; i <= columns; i++){
 					message.append(rs.getString(i) + " ");
 				}
-
 			}	
 			
-			if(message.toString().length() > 0) return "true";
+			if(message.toString().length() > 0) return 200;
 			
-			return "{\"status\":\"Not authorized\", \"errorCode\": \"404\"}";
+			return 401;
 
         } catch (SQLException | NamingException e) {
             LOGGER.error("", e);
-			return "{\"status\":\"Something has gone wrong\", \"error\":\"" + e + "\", \"errorCode\": \"500\"}"; 
+			return 500; 
         } finally {
             ConnectionPool.close(con);
         }	
     }
 	
-	public static String isAdmin(String login) {
+	public static int isAdmin(String login) {
 		Connection con = null;
         try {
             con = ConnectionPool.getConnection();
@@ -118,13 +117,13 @@ public class UserManager {
 				}
 			}	
 			
-			if(message.toString().length() > 0) return "true";
+			if(message.toString().length() > 0) return 1;
 			
-			return "false";
+			return 0;
 
         } catch (SQLException | NamingException e) {
             LOGGER.error("", e);
-			return "{\"status\":\"Something has gone wrong\", \"error\":\"" + e + "\", \"errorCode\": \"500\"}"; 
+			return 500; 
         } finally {
             ConnectionPool.close(con);
         }	

src/main/java/kz/arta/ext/sap/service/Activator.java

@@ -12,11 +12,4 @@ import javax.ws.rs.core.Application;
  */
 @ApplicationPath("proxy")
 public class Activator extends Application {
-
-	@Override
-	public Set<Class<?>> getClasses() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
 }

src/main/java/kz/arta/ext/sap/service/UnsecuredProxyService.java → src/main/java/kz/arta/ext/sap/service/PasswordSetService.java

 package kz.arta.ext.sap.service;
 
-import kz.arta.ext.sap.util.SubsidiaryLib;
+import kz.arta.ext.sap.db.UserManager;
+import sun.misc.BASE64Decoder;
+
+import java.io.IOException;
 
 import javax.enterprise.context.RequestScoped;
 import javax.ws.rs.GET;
@@ -25,7 +28,7 @@ import javax.ws.rs.core.MediaType;
 
 @Path("/uservice")
 @RequestScoped
-public class UnsecuredProxyService {
+public class PasswordSetService {
 
     @GET
     @Path("/test")
@@ -38,7 +41,58 @@ public class UnsecuredProxyService {
 	@Path("/set_password")
 	@Produces(MediaType.APPLICATION_JSON + "; charset=utf-8")
     public String setPassword(@HeaderParam("authorization") String authParam, @QueryParam("login") String login, @QueryParam("new_password") String new_pass){
-		return SubsidiaryLib.checkTheAccess(authParam, login, new_pass);
+		try {
+			String decodedAuth = "";
+			String[] authParts = authParam.toString().split(" ");
+			String authInfo = authParts[1];
+			
+			byte[] bytes = null;
+			 try {
+	            bytes = new BASE64Decoder().decodeBuffer(authInfo);
+	        } catch (IOException e) {
+	            e.printStackTrace();
+	        }
+			decodedAuth = new String(bytes);
+
+			String[] authArray = decodedAuth.split(":");
+
+			String currentUserLogin = authArray[0];
+			String currentUserPass = authArray[1];
+			
+			int authResult = UserManager.checkAuth(currentUserLogin, currentUserPass);
+			
+			if (authResult == 200){
+				int isAdminResult = UserManager.isAdmin(currentUserPass);
+				if (isAdminResult == 1) {
+					
+					return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass));
+					
+				} else if (isAdminResult == 0){
+					
+					if(login.equals(login)) return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass));
+					else return PasswordSetService.errorMessagesHandler(403);
+					
+				} else { 
+					return PasswordSetService.errorMessagesHandler(500);
+				}
+				
+			} else if(authResult == 401) {
+				return PasswordSetService.errorMessagesHandler(401);
+			} else {
+				return PasswordSetService.errorMessagesHandler(500);
+			}
+		} catch (Exception e) {
+			return "Error: " + e;
+		}
     }
 	
+	public static String errorMessagesHandler(int code) {
+		switch(code) {
+			case 200: return "{\"result\":\"success\", \"errorCode\":\"0\"}";
+			case 401: return "{\"status\":\"401 Unauthorized!\", \"errorCode\": \"401\"}"; 
+			case 403: return "{\"status\":\"403 Forbidden.\", \"error\":\"You don't have any access to the requested account\", \"errorCode\": \"403\"}";
+			case 404: return "{\"status\":\"There is no user with such login!\", \"errorCode\": \"404\"}";
+			default: return "{\"status\":\"Something has gone wrong on serve/db\", \"errorCode\": \"500\"}";
+		}
+	}
 }