Java tutorial
/** * Product : Hiperium Project * Architect: Andres Solorzano. * Created : 08-05-2009 - 23:30:00 * * The contents of this file are copyrighted by Andres Solorzano * and it is protected by the license: "GPL V3." You can find a copy of this * license at: http://www.hiperium.com/about/licence.html * * Copyright 2014 Andres Solorzano. All rights reserved. * */ package com.hiperium.web.restful.authentication; import java.util.HashSet; import java.util.Locale; import java.util.Set; import javax.inject.Inject; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import javax.validation.ConstraintViolation; import javax.validation.Validator; import javax.validation.constraints.NotNull; import javax.ws.rs.Consumes; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; import org.apache.commons.lang.StringUtils; import com.hiperium.bo.delegate.SecurityBusinessDelegate; import com.hiperium.commons.EnumHiperiumTier; import com.hiperium.commons.EnumI18N; import com.hiperium.commons.HiperiumTier; import com.hiperium.commons.dto.SessionRegisterDTO; import com.hiperium.commons.dto.UserCredentialDTO; import com.hiperium.commons.exception.EnumInformationException; import com.hiperium.commons.exception.InformationException; import com.hiperium.commons.log.HiperiumLogger; import com.hiperium.commons.rest.RestServicePath; import com.hiperium.web.common.access.NavigationControl; import com.hiperium.web.common.dto.BreadCrumbDTO; import com.hiperium.web.common.exception.PropertyValidationException; import com.hiperium.web.common.utils.Resources; import com.hiperium.web.jsf.common.bean.LanguageBean; import com.hiperium.web.jsf.common.bean.UserSessionBean; import com.hiperium.web.jsf.common.navigation.EnumNavigation; /** * This class represents the user authenticator service administration * validation. * * @author Andres Solorzano */ @Path(RestServicePath.AUTHENTICATION) @Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML }) public class AuthenticationREST { /** The LOGGER property for logger messages. */ private static final HiperiumLogger LOGGER = HiperiumLogger.getLogger(AuthenticationREST.class); /** The securityBusinessDelegate property. */ @Inject @HiperiumTier(EnumHiperiumTier.WEB) private SecurityBusinessDelegate securityBusinessDelegate; /** The validator property. */ @Inject private Validator validator; /** The property servletRequest. */ @Context private HttpServletRequest servletRequest; /** * Used by JavaScript in the presentation layer to authenticate the user. * * @param credentialsDTO * @return * @throws InformationException * @throws PropertyValidationException */ @POST @Produces(MediaType.TEXT_PLAIN) public Response login(@NotNull UserCredentialDTO credentialsDTO) throws InformationException, PropertyValidationException { LOGGER.debug("login - BEGIN"); // Validates that the username property was not set for security reasons if (StringUtils.isNotBlank(credentialsDTO.getUsername())) { throw InformationException.generate(EnumI18N.SECURITY, EnumInformationException.USER_NOT_FOUND, Locale.getDefault()); } // Validate object parameter Set<ConstraintViolation<UserCredentialDTO>> violations = this.validator.validate(credentialsDTO); if (!violations.isEmpty()) { throw new PropertyValidationException(new HashSet<ConstraintViolation<?>>(violations)); } // Validates the credentials String urlNavigation = EnumNavigation.ERROR.getURL(); if (this.securityBusinessDelegate.getAuthenticationBO().validateUserCredentials(credentialsDTO.getEmail(), credentialsDTO.getPassword())) { // Invalidate the actual session and creates a new one HttpSession sessionOld = this.servletRequest.getSession(false); sessionOld.invalidate(); HttpSession sessionNew = this.servletRequest.getSession(true); // Creates a session register with a new HTTP session String userAgent = this.servletRequest.getHeader("User-Agent"); String remoteIpAddress = this.servletRequest.getRemoteAddr(); SessionRegisterDTO sessionRegisterDTO = this.securityBusinessDelegate.getAuthenticationBO() .userAuthentication(credentialsDTO.getEmail(), userAgent, remoteIpAddress, false, sessionNew.getId()); // Sets the application language based in the user language LanguageBean languageBean = (LanguageBean) sessionNew.getAttribute(LanguageBean.BEAN_NAME); UserSessionBean userSessionBean = (UserSessionBean) sessionNew.getAttribute(UserSessionBean.BEAN_NAME); languageBean.setLocale(new Locale(sessionRegisterDTO.getLocale().getLanguage())); // Verify if user needs to change the password if (this.securityBusinessDelegate.getAuthenticationBO().userNeedToChangePasswd(sessionNew.getId())) { urlNavigation = EnumNavigation.UPDATE_PASSWORD.getURL(); userSessionBean.getSessionInformationDTO() .setBreadCrumb(new BreadCrumbDTO(0, Resources.getResourceBundle(EnumI18N.SECURITY, languageBean.getLocale()) .getString("passwordChange"), urlNavigation)); } else { urlNavigation = EnumNavigation.HOME_SELECTION.getURL(); userSessionBean.getSessionInformationDTO() .setBreadCrumb(new BreadCrumbDTO(0, Resources.getResourceBundle(EnumI18N.SECURITY, languageBean.getLocale()) .getString("homeSelection"), urlNavigation)); } // Sets the absolute session timeout. sessionNew.setAttribute(NavigationControl.SESSION_TIME_LABEL, System.currentTimeMillis()); } else { throw InformationException.generate(EnumI18N.SECURITY, EnumInformationException.USER_NOT_FOUND, Locale.getDefault()); } LOGGER.debug("login - END"); return Response.status(Status.OK).entity(urlNavigation).type(MediaType.TEXT_PLAIN).build(); } }