private void handleSignOut(HttpServletRequest request, HttpServletResponse response) {
if (SecurityContext.userSignedIn() && request.getServletPath().startsWith("/signout")) {
connectionRepository
.createConnectionRepository(SecurityContext.getCurrentUser().getId())
.removeConnections("twitter");
userCookieGenerator.removeCookie(response);
SecurityContext.remove();
}
}
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(GrouptalkMediaType.GROUPTALK_AUTH_TOKEN)
public Response createJoinGroup(
@FormParam("userid") String userid,
@FormParam("groupid") String groupid,
@Context UriInfo uriInfo)
throws URISyntaxException {
if (userid == null || groupid == null)
throw new BadRequestException("all parameters are mandatory");
JoinGroupDAO joinGroupDAO = new JoinGroupDAOImpl();
JoinGroup joinGroup = null;
AuthToken authenticationToken = null;
try {
joinGroup =
joinGroupDAO.createJoinGroup(securityContext.getUserPrincipal().getName(), groupid);
} catch (SQLException e) {
throw new InternalServerErrorException();
}
URI uri = new URI(uriInfo.getAbsolutePath().toString() + "/" + joinGroup.getUserid());
return Response.created(uri)
.type(GrouptalkMediaType.GROUPTALK_InterestGroups)
.entity(joinGroup)
.build();
}
@PUT
@Path("/{id}/password")
@PermitAll
public Response updatePassword(@PathParam("id") final Long id, final String body) {
logger.debug("Updating the password for user {}", id);
if (!securityContext.isUserInRole(Roles.ADMINISTRATOR.name())) {
if (!isLoggedUser(id)) {
return Response.status(HttpCode.FORBIDDEN.getCode()).build();
}
}
HttpCode httpCode = HttpCode.OK;
OperationResult result;
try {
userService.updatePassword(id, getPasswordFromJson(body));
result = OperationResult.success();
} catch (UserNotFoundException e) {
httpCode = HttpCode.NOT_FOUND;
logger.error("No user found for the given id", e);
result = getOperationResultNotFound(RESOURCE_MESSAGE);
}
logger.debug("Returning the operation result after updating user password: {}", result);
return Response.status(httpCode.getCode())
.entity(OperationResultJsonWriter.toJson(result))
.build();
}
public String signIn(String userId, Connection<?> connection, NativeWebRequest request) {
SecurityContext.setCurrentUser(new User(userId, connection.getKey().getProviderUserId()));
userCookieGenerator.addCookie(
userId,
connection.getKey().getProviderUserId(),
request.getNativeResponse(HttpServletResponse.class));
return null;
}
private String getUserId(SecurityContext sc, UriInfo uriInfo) {
try {
return sc.getUserPrincipal().getName();
} catch (NullPointerException e) {
return getViewerId(uriInfo);
} catch (Exception e) {
return null;
}
}
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
rememberUser(request, response);
handleSignOut(request, response);
if (SecurityContext.userSignedIn() || requestForSignIn(request)) {
return true;
} else {
return requireSignIn(request, response);
}
}
private boolean isLoggedUser(final Long id) {
try {
final User loggerUser = userService.find(securityContext.getUserPrincipal().getName());
if (loggerUser.getId().equals(id)) {
return true;
}
} catch (final UserNotFoundException e) {
}
return false;
}
private void rememberUser(HttpServletRequest request, HttpServletResponse response) {
String userId = userCookieGenerator.readCookieValue(request);
if (userId == null) {
return;
}
if (!userNotFound(userId)) {
userCookieGenerator.removeCookie(response);
return;
}
SecurityContext.setCurrentUser(new User(userId));
}
@Path("/{id}")
@DELETE
public void deleteUser(@PathParam("id") String id) {
String userid = securityContext.getUserPrincipal().getName();
if (!userid.equals(id)) throw new ForbiddenException("operation not allowed");
UserDAO userDAO = new UserDAOImpl();
try {
if (!userDAO.deleteUser(id))
throw new NotFoundException("User with id = " + id + " doesn't exist");
} catch (SQLException e) {
throw new InternalServerErrorException();
}
}
protected Subject getSubject() {
if (securityContext == null) {
LOG.error("Cannot retrieve current subject, SecurityContext isn't set.");
return null;
}
final Principal p = securityContext.getUserPrincipal();
if (!(p instanceof ShiroSecurityContext.ShiroPrincipal)) {
LOG.error("Unknown SecurityContext class {}, cannot continue.", securityContext);
throw new IllegalStateException();
}
ShiroSecurityContext.ShiroPrincipal principal = (ShiroSecurityContext.ShiroPrincipal) p;
return principal.getSubject();
}
@GET
@Path("/operator")
@ApiOperation(
value = "Current operator of person related processes",
notes = "To be consumed by BPM flows using Basic auth",
response = Profile.class,
authorizations = @Authorization(value = "pp_basic"))
@ApiResponses(
value = {
@ApiResponse(code = 200, message = "Сurent operator (Patrick if none)"),
@ApiResponse(code = 400, message = "Unexpected error")
})
public Response getOperator(
@Context SecurityContext sc,
@ApiParam(value = "Authentication") @HeaderParam("Authorization") String auth)
throws NotFoundException {
Principal pp = sc.getUserPrincipal();
return Response.ok().entity(PersonData.getOperator()).build();
}
@Path("/{id}")
@PUT
@Consumes(BeeterMediaType.BEETER_USER)
@Produces(BeeterMediaType.BEETER_USER)
public User updateUser(@PathParam("id") String id, User user) {
if (user == null) throw new BadRequestException("entity is null");
if (!id.equals(user.getId()))
throw new BadRequestException("path parameter id and entity parameter id doesn't match");
String userid = securityContext.getUserPrincipal().getName();
if (!userid.equals(id)) throw new ForbiddenException("operation not allowed");
UserDAO userDAO = new UserDAOImpl();
try {
user = userDAO.updateProfile(userid, user.getEmail(), user.getFullname());
if (user == null) throw new NotFoundException("User with id = " + id + " doesn't exist");
} catch (SQLException e) {
throw new InternalServerErrorException();
}
return user;
}
@PUT
@Path("/{id}")
@PermitAll
public Response update(@PathParam("id") final Long id, final String body) {
logger.debug("Updating the user {} with body {}", id, body);
if (!securityContext.isUserInRole(Roles.ADMINISTRATOR.name())) {
if (!isLoggedUser(id)) {
return Response.status(HttpCode.FORBIDDEN.getCode()).build();
}
}
final User user = userJsonConverter.convertFrom(body);
user.setId(id);
HttpCode httpCode = HttpCode.OK;
OperationResult result;
try {
userService.update(user);
result = OperationResult.success();
} catch (FieldNotValidException e) {
httpCode = HttpCode.VALIDATION_ERROR;
logger.error("One of the fields of the user is not valid", e);
result = getOperationResultInvalidField(RESOURCE_MESSAGE, e);
} catch (UserExistException e) {
httpCode = HttpCode.VALIDATION_ERROR;
logger.error("There is already an user for the given email", e);
result = getOperationResultExists(RESOURCE_MESSAGE, "email");
} catch (UserNotFoundException e) {
httpCode = HttpCode.NOT_FOUND;
logger.error("No user found for the given id", e);
result = getOperationResultNotFound(RESOURCE_MESSAGE);
}
logger.debug("Returning the operation result after updating user: {}", result);
return Response.status(httpCode.getCode())
.entity(OperationResultJsonWriter.toJson(result))
.build();
}
public void afterCompletion(
HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
SecurityContext.remove();
}
public boolean checkUser(SecurityContext context) {
System.out.println("checkUser:"******"admin") && context.getPassword().equals("123456")) return true;
return false;
}
