private void handleSignOut(HttpServletRequest request, HttpServletResponse response) { if (SecurityContext.userSignedIn() && request.getServletPath().startsWith("/signout")) { connectionRepository .createConnectionRepository(SecurityContext.getCurrentUser().getId()) .removeConnections("twitter"); userCookieGenerator.removeCookie(response); SecurityContext.remove(); } }
@POST @Consumes(MediaType.APPLICATION_FORM_URLENCODED) @Produces(GrouptalkMediaType.GROUPTALK_AUTH_TOKEN) public Response createJoinGroup( @FormParam("userid") String userid, @FormParam("groupid") String groupid, @Context UriInfo uriInfo) throws URISyntaxException { if (userid == null || groupid == null) throw new BadRequestException("all parameters are mandatory"); JoinGroupDAO joinGroupDAO = new JoinGroupDAOImpl(); JoinGroup joinGroup = null; AuthToken authenticationToken = null; try { joinGroup = joinGroupDAO.createJoinGroup(securityContext.getUserPrincipal().getName(), groupid); } catch (SQLException e) { throw new InternalServerErrorException(); } URI uri = new URI(uriInfo.getAbsolutePath().toString() + "/" + joinGroup.getUserid()); return Response.created(uri) .type(GrouptalkMediaType.GROUPTALK_InterestGroups) .entity(joinGroup) .build(); }
@PUT @Path("/{id}/password") @PermitAll public Response updatePassword(@PathParam("id") final Long id, final String body) { logger.debug("Updating the password for user {}", id); if (!securityContext.isUserInRole(Roles.ADMINISTRATOR.name())) { if (!isLoggedUser(id)) { return Response.status(HttpCode.FORBIDDEN.getCode()).build(); } } HttpCode httpCode = HttpCode.OK; OperationResult result; try { userService.updatePassword(id, getPasswordFromJson(body)); result = OperationResult.success(); } catch (UserNotFoundException e) { httpCode = HttpCode.NOT_FOUND; logger.error("No user found for the given id", e); result = getOperationResultNotFound(RESOURCE_MESSAGE); } logger.debug("Returning the operation result after updating user password: {}", result); return Response.status(httpCode.getCode()) .entity(OperationResultJsonWriter.toJson(result)) .build(); }
public String signIn(String userId, Connection<?> connection, NativeWebRequest request) { SecurityContext.setCurrentUser(new User(userId, connection.getKey().getProviderUserId())); userCookieGenerator.addCookie( userId, connection.getKey().getProviderUserId(), request.getNativeResponse(HttpServletResponse.class)); return null; }
private String getUserId(SecurityContext sc, UriInfo uriInfo) { try { return sc.getUserPrincipal().getName(); } catch (NullPointerException e) { return getViewerId(uriInfo); } catch (Exception e) { return null; } }
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { rememberUser(request, response); handleSignOut(request, response); if (SecurityContext.userSignedIn() || requestForSignIn(request)) { return true; } else { return requireSignIn(request, response); } }
private boolean isLoggedUser(final Long id) { try { final User loggerUser = userService.find(securityContext.getUserPrincipal().getName()); if (loggerUser.getId().equals(id)) { return true; } } catch (final UserNotFoundException e) { } return false; }
private void rememberUser(HttpServletRequest request, HttpServletResponse response) { String userId = userCookieGenerator.readCookieValue(request); if (userId == null) { return; } if (!userNotFound(userId)) { userCookieGenerator.removeCookie(response); return; } SecurityContext.setCurrentUser(new User(userId)); }
@Path("/{id}") @DELETE public void deleteUser(@PathParam("id") String id) { String userid = securityContext.getUserPrincipal().getName(); if (!userid.equals(id)) throw new ForbiddenException("operation not allowed"); UserDAO userDAO = new UserDAOImpl(); try { if (!userDAO.deleteUser(id)) throw new NotFoundException("User with id = " + id + " doesn't exist"); } catch (SQLException e) { throw new InternalServerErrorException(); } }
protected Subject getSubject() { if (securityContext == null) { LOG.error("Cannot retrieve current subject, SecurityContext isn't set."); return null; } final Principal p = securityContext.getUserPrincipal(); if (!(p instanceof ShiroSecurityContext.ShiroPrincipal)) { LOG.error("Unknown SecurityContext class {}, cannot continue.", securityContext); throw new IllegalStateException(); } ShiroSecurityContext.ShiroPrincipal principal = (ShiroSecurityContext.ShiroPrincipal) p; return principal.getSubject(); }
@GET @Path("/operator") @ApiOperation( value = "Current operator of person related processes", notes = "To be consumed by BPM flows using Basic auth", response = Profile.class, authorizations = @Authorization(value = "pp_basic")) @ApiResponses( value = { @ApiResponse(code = 200, message = "Сurent operator (Patrick if none)"), @ApiResponse(code = 400, message = "Unexpected error") }) public Response getOperator( @Context SecurityContext sc, @ApiParam(value = "Authentication") @HeaderParam("Authorization") String auth) throws NotFoundException { Principal pp = sc.getUserPrincipal(); return Response.ok().entity(PersonData.getOperator()).build(); }
@Path("/{id}") @PUT @Consumes(BeeterMediaType.BEETER_USER) @Produces(BeeterMediaType.BEETER_USER) public User updateUser(@PathParam("id") String id, User user) { if (user == null) throw new BadRequestException("entity is null"); if (!id.equals(user.getId())) throw new BadRequestException("path parameter id and entity parameter id doesn't match"); String userid = securityContext.getUserPrincipal().getName(); if (!userid.equals(id)) throw new ForbiddenException("operation not allowed"); UserDAO userDAO = new UserDAOImpl(); try { user = userDAO.updateProfile(userid, user.getEmail(), user.getFullname()); if (user == null) throw new NotFoundException("User with id = " + id + " doesn't exist"); } catch (SQLException e) { throw new InternalServerErrorException(); } return user; }
@PUT @Path("/{id}") @PermitAll public Response update(@PathParam("id") final Long id, final String body) { logger.debug("Updating the user {} with body {}", id, body); if (!securityContext.isUserInRole(Roles.ADMINISTRATOR.name())) { if (!isLoggedUser(id)) { return Response.status(HttpCode.FORBIDDEN.getCode()).build(); } } final User user = userJsonConverter.convertFrom(body); user.setId(id); HttpCode httpCode = HttpCode.OK; OperationResult result; try { userService.update(user); result = OperationResult.success(); } catch (FieldNotValidException e) { httpCode = HttpCode.VALIDATION_ERROR; logger.error("One of the fields of the user is not valid", e); result = getOperationResultInvalidField(RESOURCE_MESSAGE, e); } catch (UserExistException e) { httpCode = HttpCode.VALIDATION_ERROR; logger.error("There is already an user for the given email", e); result = getOperationResultExists(RESOURCE_MESSAGE, "email"); } catch (UserNotFoundException e) { httpCode = HttpCode.NOT_FOUND; logger.error("No user found for the given id", e); result = getOperationResultNotFound(RESOURCE_MESSAGE); } logger.debug("Returning the operation result after updating user: {}", result); return Response.status(httpCode.getCode()) .entity(OperationResultJsonWriter.toJson(result)) .build(); }
public void afterCompletion( HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { SecurityContext.remove(); }
public boolean checkUser(SecurityContext context) { System.out.println("checkUser:"******"admin") && context.getPassword().equals("123456")) return true; return false; }