/** @see AccessControlManager#storeUser(User). */
 @POST
 @Path("/user/store")
 @Produces(MediaType.APPLICATION_XML)
 public void storeUser(
     @FormParam("login") String authEmail,
     @FormParam("login-pwd") String authPassword,
     @FormParam("email") String email,
     @FormParam("name") String name,
     @FormParam("surname") String surname,
     @FormParam("password") String userPassword,
     @FormParam("notes") String notes,
     @FormParam("role") String role,
     @FormParam("secret") String apiPassword) {
   AccessControlManager mgr = getAccessControlManager(authEmail, authPassword, null);
   mgr.storeUser(
       new User(
           email,
           name,
           surname,
           userPassword,
           notes,
           Role.valueOf(StringUtils.upperCase(role)),
           apiPassword));
   mgr.close();
 }
 /** @see AccessControlManager#storeUserFromXml(java.io.Reader). */
 @POST
 @Path("/user/store/from-xml")
 @Produces(MediaType.APPLICATION_XML)
 public void storeUserFromXml(
     @FormParam("login") String authEmail,
     @FormParam("login-pwd") String authPassword,
     @FormParam("user-xml") String userXml) {
   AccessControlManager mgr = getAccessControlManager(authEmail, authPassword, null);
   mgr.storeUserFromXml(new StringReader(userXml));
   mgr.close();
 }
 /** @see AccessControlManager#getUser(String). */
 @POST
 @Path("/user/get")
 @Produces(MediaType.APPLICATION_XML)
 public User getUser(
     @FormParam("login") String authEmail,
     @FormParam("login-pwd") String authPassword,
     @FormParam("login-secret") String authApiPassword,
     @FormParam("email") String email) {
   AccessControlManager mgr = getAccessControlManager(authEmail, authPassword, authApiPassword);
   User result = mgr.getUser(email);
   mgr.close();
   return result;
 }
 /** @see AccessControlManager#setEntitiesVisibility(String, String, String...). */
 @POST
 @Path("/visibility/entity/set")
 @Produces(MediaType.APPLICATION_XML)
 public void setEntitiesVisibility(
     @FormParam("login") String authEmail,
     @FormParam("login-secret") String authApiPassword,
     @FormParam("public-flag") String publicFlagStr,
     @FormParam("release-date") String releaseDateStr,
     @FormParam("entity") List<String> entityIds) {
   AccessControlManager mgr = getAccessControlManager(authEmail, null, authApiPassword);
   mgr.setEntitiesVisibility(publicFlagStr, releaseDateStr, entityIds.toArray(new String[0]));
   mgr.close();
 }
 /**
  * @see AccessControlManager#deleteUser(String).
  * @return a boolean in the form of a string, cause Jersey doesn't like other types very much.
  */
 @POST
 @Path("/user/delete")
 @Produces(MediaType.APPLICATION_XML)
 public String deleteUser(
     @FormParam("login") String authEmail,
     @FormParam("login-pwd") String authPassword,
     @FormParam("login-secret") String authApiPassword,
     @FormParam("email") String email) {
   AccessControlManager mgr = getAccessControlManager(authEmail, authPassword, authApiPassword);
   boolean result = mgr.deleteUser(email);
   mgr.close();
   return String.valueOf(result);
 }
 /** @see AccessControlManager#setUserRole(String, Role). */
 @POST
 @Path("/user/role/set")
 @Produces(MediaType.APPLICATION_XML)
 public void setUserRole(
     @FormParam("login") String authEmail,
     @FormParam("login-pwd") String authPassword,
     @FormParam("login-secret") String authApiPassword,
     @FormParam("email") String email,
     @FormParam("role") String role) {
   AccessControlManager mgr = getAccessControlManager(authEmail, authPassword, authApiPassword);
   mgr.setUserRole(email, Role.valueOf(StringUtils.upperCase(role)));
   mgr.close();
 }
 /**
  * @see AccessControlManager#setServiceCollectionsVisibility(String, String, boolean, String...).
  */
 @POST
 @Path("/visibility/service-collection/set")
 @Produces(MediaType.APPLICATION_XML)
 public void setServiceCollectionVisibility(
     @FormParam("login") String authEmail,
     @FormParam("login-secret") String authApiPassword,
     @FormParam("public-flag") String publicFlagStr,
     @FormParam("release-date") String releaseDateStr,
     @FormParam("cascade") boolean cascade,
     @FormParam("service-coll") List<String> serviceCollNames) {
   AccessControlManager mgr = getAccessControlManager(authEmail, null, authApiPassword);
   mgr.setServiceCollectionsVisibility(
       publicFlagStr, releaseDateStr, cascade, serviceCollNames.toArray(new String[0]));
   mgr.close();
 }
 /**
  * Performs {@link AccessControlManager#setAuthenticationCredentials(String, String)} or {@link
  * AccessControlManager#setFullAuthenticationCredentials(String, String)}, depending on whether
  * the authPassword or authApiPassword parameter is specified.
  *
  * <p>TODO: auth requests should be factorised to an Access service (they're not used by other WS
  * requests). TODO: it's being done in an inefficient way (authentication done twice).
  */
 @POST
 @Path("/login")
 @Produces(MediaType.APPLICATION_XML)
 public User setAuthenticationCredentials(
     @FormParam("login") String authEmail,
     @FormParam("login-pwd") String authPassword,
     @FormParam("login-secret") String authApiPassword)
     throws SecurityException {
   AccessControlManager mgr = getAccessControlManager(authEmail, authPassword, authApiPassword);
   User result =
       authPassword == null
           ? mgr.setAuthenticationCredentials(authEmail, authApiPassword)
           : mgr.setFullAuthenticationCredentials(authEmail, authPassword);
   mgr.close();
   return result;
 }