Java tutorial
/* * Copyright 2011, MyCellar * * This file is part of MyCellar. * * MyCellar is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * MyCellar is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with MyCellar. If not, see <http://www.gnu.org/licenses/>. */ package fr.mycellar.interfaces.web.services.security; import javax.inject.Inject; import javax.inject.Named; import javax.inject.Singleton; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import javax.ws.rs.Consumes; import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; import fr.mycellar.configuration.SpringSecurityConfiguration; import fr.mycellar.domain.shared.exception.BusinessException; import fr.mycellar.domain.user.ProfileEnum; import fr.mycellar.domain.user.User; import fr.mycellar.interfaces.facades.user.UserServiceFacade; import fr.mycellar.interfaces.web.security.CurrentUserService; import fr.mycellar.interfaces.web.security.SecurityContextTokenRepository; /** * @author speralta */ @Named @Singleton @Path("/") public class SecurityWebService { private static final Logger logger = LoggerFactory.getLogger(SecurityWebService.class); private AuthenticationManager authenticationManager; private SecurityContextTokenRepository securityContextTokenRepository; private CurrentUserService currentUserService; private UserServiceFacade userServiceFacade; @GET @Produces(MediaType.APPLICATION_JSON) @Path("requestedMail") public String getMailFromRequestKey(@QueryParam("key") String key) throws BusinessException { return userServiceFacade.getEmailFromResetPasswordRequestByKey(key); } @POST @Consumes(MediaType.APPLICATION_JSON) @Path("sendPasswordResetMail") public void sendPasswordResetMail(String email, @Context HttpServletRequest httpServletRequest) { userServiceFacade.resetPasswordRequest(email, httpServletRequest.getServletContext().getRealPath("reset-password")); } @POST @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @Path("resetPassword") public UserDto resetPassword(ResetPasswordDto resetPasswordDto, @Context HttpServletResponse response) throws BusinessException { User user = userServiceFacade.resetPassword(resetPasswordDto.getKey(), resetPasswordDto.getPassword()); UserDto userDto = new UserDto(); userDto.setEmail(user.getEmail()); userDto.setPassword(resetPasswordDto.getPassword()); return login(userDto, response); } @POST @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @Path("changePassword") public UserDto changePassword(ChangePasswordDto changePasswordDto, @Context HttpServletResponse response) throws BusinessException { User currentUser = currentUserService.getCurrentUser(); User user = userServiceFacade.authenticateUser(currentUser.getEmail(), changePasswordDto.getOldPassword()); userServiceFacade.saveUserPassword(user, changePasswordDto.getPassword()); SecurityContextHolder.clearContext(); UserDto userDto = new UserDto(); userDto.setEmail(user.getEmail()); userDto.setPassword(changePasswordDto.getPassword()); return login(userDto, response); } @POST @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @Path("changeEmail") public UserDto changeEmail(ChangeEmailDto changeEmailDto, @Context HttpServletResponse response) throws BusinessException { User currentUser = currentUserService.getCurrentUser(); User user = userServiceFacade.authenticateUser(currentUser.getEmail(), changeEmailDto.getPassword()); user.setEmail(changeEmailDto.getEmail()); userServiceFacade.saveUserPassword(user, changeEmailDto.getPassword()); SecurityContextHolder.clearContext(); UserDto userDto = new UserDto(); userDto.setEmail(user.getEmail()); userDto.setPassword(changeEmailDto.getPassword()); return login(userDto, response); } @GET @Produces(MediaType.APPLICATION_JSON) @Path("current-user") public UserDto getCurrentUser() { User user = currentUserService.getCurrentUser(); if (user != null) { UserDto userDto = new UserDto(); userDto.setEmail(user.getEmail()); userDto.setName(user.getLastname() + " " + user.getFirstname()); if (user.getProfile() != null) { userDto.setProfile(user.getProfile().toString()); } return userDto; } return null; } @POST @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @Path("login") public UserDto login(UserDto userDto, @Context HttpServletResponse response) throws BusinessException { UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken( userDto.getEmail(), userDto.getPassword()); Authentication auth = authenticationManager.authenticate(authRequest); logger.debug("Authentication success: {}", auth); SecurityContext context = SecurityContextHolder.getContext(); context.setAuthentication(auth); response.setHeader(SpringSecurityConfiguration.TOKEN_HEADER_NAME, securityContextTokenRepository.newToken(context).getKey()); return getCurrentUser(); } @POST @Path("logout") public void logout(@Context HttpServletRequest httpServletRequest) { HttpSession session = httpServletRequest.getSession(false); if (session != null) { session.invalidate(); } SecurityContext context = SecurityContextHolder.getContext(); context.setAuthentication(null); SecurityContextHolder.clearContext(); } @POST @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @Path("register") public UserDto register(User userToRegister, @Context HttpServletResponse response) throws BusinessException { User user = new User(); user.setEmail(userToRegister.getEmail()); user.setFirstname(userToRegister.getFirstname()); user.setLastname(userToRegister.getLastname()); user.setProfile(ProfileEnum.BOOKING); userServiceFacade.saveUserPassword(user, userToRegister.getPassword()); UserDto userDto = new UserDto(); userDto.setEmail(userToRegister.getEmail()); userDto.setPassword(userToRegister.getPassword()); return login(userDto, response); } @Inject public void setAuthenticationManager(AuthenticationManager authenticationManager) { this.authenticationManager = authenticationManager; } @Inject public void setSecurityContextTokenRepository(SecurityContextTokenRepository securityContextTokenRepository) { this.securityContextTokenRepository = securityContextTokenRepository; } @Inject public void setCurrentUserService(CurrentUserService currentUserService) { this.currentUserService = currentUserService; } @Inject public void setUserServiceFacade(UserServiceFacade userServiceFacade) { this.userServiceFacade = userServiceFacade; } }