Пример #1
0
  /**
   * Get Web Service for getting adverts that a member has searched for using words or phrases.
   *
   * @param tags - String representing the words or phrases entered into search.
   * @return - Server response indicating success or failure with a message.
   */
  @GET
  @Path("{tags}")
  public Response getSearchedAdverts(@PathParam("tags") String tags) {
    if (tags == null) {
      return Response.serverError().entity("Tags cannot be blank").build();
    }
    List<Advert> adsList = new ArrayList<>();
    DBConnector db = new DBConnector();
    try {
      db.createConnection();
      adsList = db.getSearchedForAdverts(URLDecoder.decode(tags, "UTF-8"));
      db.closeConnection();
    } catch (SQLException | ClassNotFoundException | UnsupportedEncodingException ex) {
      Logger.getLogger(GetSearchAdvertsREST.class.getName()).log(Level.SEVERE, null, ex);
    }
    if (adsList.isEmpty()) {
      return Response.status(Response.Status.NOT_FOUND)
          .entity("No adverts found with search terms: " + tags)
          .build();
    }
    String json = new Gson().toJson(adsList);

    return Response.ok(json, MediaType.APPLICATION_JSON).build();
  }
Пример #2
0
  /**
   * On each web service call this method is run to authenticate that the caller is allowed to
   * retrieve the data related to the call.
   *
   * @param request The servlet request we are processing
   * @param response The servlet response we are creating
   * @param chain The filter chain we are processing
   * @exception IOException if an input/output error occurs
   * @exception ServletException if a servlet error occurs
   */
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws IOException, ServletException {

    if (debug) {
      log("AuthenticationFilter:doFilter()");
    }

    // Test whether TLS is in operation.
    // System.out.println(request.isSecure());
    doBeforeProcessing(request, response);
    Throwable problem = null;

    HttpServletRequest req = (HttpServletRequest) request;
    HttpServletResponse res = (HttpServletResponse) response;

    // Don't authenticate when any of these web services are called.
    String requestUrl = req.getRequestURL().toString();
    if (requestUrl.contains("memberpassword")
        || requestUrl.contains("registermember")
        || requestUrl.contains("advertimagesbyid")
        || requestUrl.contains("advertbyid")
        || requestUrl.contains("currentadverts")
        || requestUrl.contains("searchadverts")
        || requestUrl.contains("allrules")) {
      try {
        chain.doFilter(request, response);
      } catch (Throwable t) {
        // If an exception is thrown somewhere down the filter chain,
        // we still want to execute our after processing, and then
        // rethrow the problem after that.
        problem = t;
        t.printStackTrace();
      }
    } else {
      // Decode the data back to original string
      try {

        String decoded;

        // Get the Authorisation Header from Request
        String header = req.getHeader("Authorization");

        // Header is in the format "Basic 3nc0dedDat4"
        // We need to extract data before decoding it back to original string
        String data = header.substring(header.indexOf(" ") + 1);

        byte[] bytes = Base64.getDecoder().decode(data);
        decoded = new String(bytes);
        String[] array = decoded.split(":");

        if (!array[0].isEmpty() && !array[1].isEmpty()) {
          String hashPass = "";
          DBConnector db = new DBConnector();
          try {
            db.createConnection();
            hashPass = db.getMemberPassword(array[0]);
            db.closeConnection();
          } catch (SQLException | ClassNotFoundException ex) {
            Logger.getLogger(AuthenticationFilter.class.getName()).log(Level.SEVERE, null, ex);
          }
          if (!"".equals(hashPass)) {
            if (hashPass.equals(array[1])) {
              try {
                chain.doFilter(request, response);
              } catch (Throwable t) {
                // If an exception is thrown somewhere down the filter chain,
                // we still want to execute our after processing, and then
                // rethrow the problem after that.
                problem = t;
                t.printStackTrace();
              }
            } else {
              res.sendError(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED);
            }
          } else {
            res.sendError(javax.servlet.http.HttpServletResponse.SC_SERVICE_UNAVAILABLE);
          }
        } else {
          res.sendError(javax.servlet.http.HttpServletResponse.SC_NOT_ACCEPTABLE);
        }
      } catch (Exception ex) {
        res.sendError(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED);
      }
    }

    doAfterProcessing(request, response);

    // If there was a problem, we want to rethrow it if it is
    // a known type, otherwise log it.
    if (problem != null) {
      if (problem instanceof ServletException) {
        throw (ServletException) problem;
      }
      if (problem instanceof IOException) {
        throw (IOException) problem;
      }
      sendProcessingError(problem, response);
    }
  }