Archives/Athou_commafeed
1
0
Fork 1
mirror of https://github.com/Athou/commafeed.git synced 2026-03-21 21:37:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

hide session management inside UserService

Browse Source
This commit is contained in:
Athou
2014-08-15 12:46:52 +02:00
parent 9701af0736
commit 943bde7eed
6 changed files with 68 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/main/java/com/commafeed/frontend/auth/SecurityCheckProvider.java
View File

@@ -1,7 +1,6 @@
package com.commafeed.frontend.auth;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
@@ -13,7 +12,6 @@ import lombok.RequiredArgsConstructor;
import org.eclipse.jetty.util.B64Code;
import org.eclipse.jetty.util.StringUtil;
import com.commafeed.CommaFeedApplication;
import com.commafeed.backend.model.User;
import com.commafeed.backend.model.UserRole.Role;
import com.commafeed.backend.service.UserService;
@@ -56,7 +54,12 @@ public class SecurityCheckProvider implements InjectableProvider<SecurityCheck,
}
if (user.isPresent()) {
return user.get();
if (user.get().hasRole(role)) {
return user.get();
} else {
throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN)
.entity("You don't have the required role to access this resource.").type(MediaType.TEXT_PLAIN_TYPE).build());
}
} else {
throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED)
.entity("Credentials are required to access this resource.").type(MediaType.TEXT_PLAIN_TYPE).build());
@@ -64,15 +67,7 @@ public class SecurityCheckProvider implements InjectableProvider<SecurityCheck,
}
private Optional<User> cookieSessionLogin() {
HttpSession session = request.getSession(false);
if (session != null) {
User user = (User) session.getAttribute(CommaFeedApplication.SESSION_USER);
if (user != null) {
userService.afterLogin(user);
return Optional.of(user);
}
}
return Optional.absent();
return userService.login(request.getSession());
}
private Optional<User> basicAuthenticationLogin(HttpContext c) {
@@ -87,10 +82,7 @@ public class SecurityCheckProvider implements InjectableProvider<SecurityCheck,
if (i > 0) {
String username = decoded.substring(0, i);
String password = decoded.substring(i + 1);
Optional<User> user = userService.login(username, password);
if (user.isPresent() && user.get().hasRole(role)) {
return user;
}
return userService.login(username, password);
}
}
}
@@ -101,10 +93,7 @@ public class SecurityCheckProvider implements InjectableProvider<SecurityCheck,
private Optional<User> apiKeyLogin(HttpContext c) {
String apiKey = c.getUriInfo().getPathParameters().getFirst("apiKey");
if (apiKey != null && apiKeyAllowed) {
Optional<User> user = userService.login(apiKey);
if (user.isPresent() && user.get().hasRole(role)) {
return user;
}
return userService.login(apiKey);
}
return Optional.absent();
}