Java tutorial
/* Copyright 2013 Josh Drummond This file is part of WebPasswordSafe. WebPasswordSafe is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. WebPasswordSafe is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with WebPasswordSafe; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ package net.webpasswordsafe.server.webservice.rest; import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; import net.webpasswordsafe.client.remote.LoginService; import net.webpasswordsafe.client.remote.PasswordService; import net.webpasswordsafe.common.model.AccessLevel; import net.webpasswordsafe.common.model.Password; import net.webpasswordsafe.common.model.PasswordData; import net.webpasswordsafe.common.model.Permission; import net.webpasswordsafe.common.model.Tag; import net.webpasswordsafe.common.model.User; import net.webpasswordsafe.common.util.Constants; import net.webpasswordsafe.common.util.Constants.AuthenticationStatus; import net.webpasswordsafe.common.util.Constants.Match; import net.webpasswordsafe.common.util.Utils; import net.webpasswordsafe.server.ServerSessionUtil; import org.apache.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestHeader; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.View; /** * Set of password related REST webservices * * @author Josh Drummond * */ @Controller public class PasswordController { @Autowired private PasswordService passwordService; @Autowired protected LoginService loginService; @Autowired private View jsonView; private static Logger LOG = Logger.getLogger(PasswordController.class); @RequestMapping(value = "/passwords", method = RequestMethod.GET) public ModelAndView getPasswordList(@RequestParam(value = "query", required = false) String query, HttpServletRequest request, @RequestHeader(Constants.REST_AUTHN_USERNAME) String authnUsername, @RequestHeader(Constants.REST_AUTHN_PASSWORD) String authnPassword, @RequestHeader(Constants.REST_AUTHN_TOTP) String authnTOTP) { boolean isSuccess = false; String message = ""; List<Map<String, String>> passwordList = new ArrayList<Map<String, String>>(); try { ServerSessionUtil.setIP(request.getRemoteAddr()); AuthenticationStatus authStatus = loginService.login(authnUsername, Utils.buildCredentials(authnPassword, authnTOTP)); if (AuthenticationStatus.SUCCESS == authStatus) { List<Password> results = passwordService.searchPassword(query, true, new HashSet<Tag>(), Match.AND); for (Password password : results) { Map<String, String> passwordMap = new HashMap<String, String>(); passwordMap.put("id", String.valueOf(password.getId())); passwordMap.put("title", password.getName()); passwordMap.put("username", password.getUsername()); passwordMap.put("notes", password.getNotes()); passwordMap.put("tags", password.getTagsAsString()); passwordList.add(passwordMap); } isSuccess = true; } else { message = "Invalid authentication"; } loginService.logout(); } catch (Exception e) { LOG.error(e.getMessage(), e); isSuccess = false; message = e.getMessage(); } return createModelAndView(isSuccess, message, "passwordList", passwordList); } @RequestMapping(value = "/passwords/{passwordId}", method = RequestMethod.GET) public ModelAndView getPassword(@PathVariable("passwordId") String passwordId, HttpServletRequest request, @RequestHeader(Constants.REST_AUTHN_USERNAME) String authnUsername, @RequestHeader(Constants.REST_AUTHN_PASSWORD) String authnPassword, @RequestHeader(Constants.REST_AUTHN_TOTP) String authnTOTP) { boolean isSuccess = false; String message = ""; Map<String, String> passwordMap = new HashMap<String, String>(); try { ServerSessionUtil.setIP(request.getRemoteAddr()); AuthenticationStatus authStatus = loginService.login(authnUsername, Utils.buildCredentials(authnPassword, authnTOTP)); if (AuthenticationStatus.SUCCESS == authStatus) { Password password = passwordService.getPassword(Long.valueOf(passwordId)); if (password != null) { passwordMap.put("id", String.valueOf(password.getId())); passwordMap.put("title", password.getName()); passwordMap.put("username", password.getUsername()); passwordMap.put("notes", password.getNotes()); passwordMap.put("tags", password.getTagsAsString()); passwordMap.put("active", password.isActive() ? "Y" : "N"); isSuccess = true; } else { message = "Password not found"; } } else { message = "Invalid authentication"; } loginService.logout(); } catch (Exception e) { LOG.error(e.getMessage(), e); isSuccess = false; message = e.getMessage(); } return createModelAndView(isSuccess, message, "password", passwordMap); } @RequestMapping(value = "/passwords/{passwordId}/currentValue", method = RequestMethod.GET) public ModelAndView getCurrentPassword(@PathVariable("passwordId") String passwordId, HttpServletRequest request, @RequestHeader(Constants.REST_AUTHN_USERNAME) String authnUsername, @RequestHeader(Constants.REST_AUTHN_PASSWORD) String authnPassword, @RequestHeader(Constants.REST_AUTHN_TOTP) String authnTOTP) { boolean isSuccess = false; String message = ""; String currentPassword = ""; try { ServerSessionUtil.setIP(request.getRemoteAddr()); AuthenticationStatus authStatus = loginService.login(authnUsername, Utils.buildCredentials(authnPassword, authnTOTP)); if (AuthenticationStatus.SUCCESS == authStatus) { Password password = passwordService.getPassword(Long.valueOf(passwordId)); if (password != null) { currentPassword = passwordService.getCurrentPassword(password.getId()); isSuccess = true; } else { message = "Password not found"; } } else { message = "Invalid authentication"; } loginService.logout(); } catch (Exception e) { LOG.error(e.getMessage(), e); isSuccess = false; message = e.getMessage(); } return createModelAndView(isSuccess, message, "currentPassword", currentPassword); } @RequestMapping(value = "/passwords", method = RequestMethod.POST) public ModelAndView addPassword(@RequestBody Map<String, Object> passwordMap, HttpServletRequest request, @RequestHeader(Constants.REST_AUTHN_USERNAME) String authnUsername, @RequestHeader(Constants.REST_AUTHN_PASSWORD) String authnPassword, @RequestHeader(Constants.REST_AUTHN_TOTP) String authnTOTP) { boolean isSuccess = false; String message = ""; String passwordId = ""; try { ServerSessionUtil.setIP(request.getRemoteAddr()); AuthenticationStatus authStatus = loginService.login(authnUsername, Utils.buildCredentials(authnPassword, authnTOTP)); if (AuthenticationStatus.SUCCESS == authStatus) { User loggedInUser = loginService.getLogin(); Password password = new Password(); password.setName(Utils.safeString(passwordMap.get("title"))); password.setUsername(Utils.safeString(passwordMap.get("username"))); PasswordData passwordDataItem = new PasswordData(); passwordDataItem.setPassword(Utils.safeString(passwordMap.get("password"))); password.addPasswordData(passwordDataItem); password.setNotes(Utils.safeString(passwordMap.get("notes"))); password.setMaxHistory(-1); String active = Utils.safeString(passwordMap.get("active")).toLowerCase(); password.setActive( active.equals("") || active.equals("true") || active.equals("yes") || active.equals("y")); password.addPermission(new Permission(loggedInUser, AccessLevel.GRANT)); password.addTagsAsString(Utils.safeString(passwordMap.get("tags"))); if (passwordService.isPasswordTaken(password.getName(), password.getUsername(), password.getId())) { message = "Password title and username already exists"; } else { passwordService.addPassword(password); passwordId = String.valueOf(password.getId()); isSuccess = true; } } else { message = "Invalid authentication"; } loginService.logout(); } catch (Exception e) { LOG.error(e.getMessage(), e); isSuccess = false; message = e.getMessage(); } return createModelAndView(isSuccess, message, "passwordId", passwordId); } @RequestMapping(value = "/passwords", method = RequestMethod.PUT) public ModelAndView updatePassword(@RequestBody Map<String, Object> passwordMap, HttpServletRequest request, @RequestHeader(Constants.REST_AUTHN_USERNAME) String authnUsername, @RequestHeader(Constants.REST_AUTHN_PASSWORD) String authnPassword, @RequestHeader(Constants.REST_AUTHN_TOTP) String authnTOTP) { boolean isSuccess = false; String message = ""; String passwordId = ""; try { ServerSessionUtil.setIP(request.getRemoteAddr()); AuthenticationStatus authStatus = loginService.login(authnUsername, Utils.buildCredentials(authnPassword, authnTOTP)); if (AuthenticationStatus.SUCCESS == authStatus) { passwordId = Utils.safeString(passwordMap.get("id")); int iPasswordId = Utils.safeInt(passwordId); if (iPasswordId > 0) { Password password = passwordService.getPassword(iPasswordId); if (null != password) { Password updatePassword = password.cloneCopy(); updatePassword.setName(Utils.safeString(passwordMap.get("title"))); updatePassword.setUsername(Utils.safeString(passwordMap.get("username"))); PasswordData passwordDataItem = new PasswordData(); passwordDataItem.setPassword(Utils.safeString(passwordMap.get("password"))); updatePassword.addPasswordData(passwordDataItem); updatePassword.setNotes(Utils.safeString(passwordMap.get("notes"))); String active = Utils.safeString(passwordMap.get("active")).toLowerCase(); updatePassword.setActive(active.equals("") || active.equals("true") || active.equals("yes") || active.equals("y")); updatePassword.addTagsAsString(Utils.safeString(passwordMap.get("tags"))); if (passwordService.isPasswordTaken(updatePassword.getName(), updatePassword.getUsername(), updatePassword.getId())) { message = "Password title and username already exists"; } else { passwordService.updatePassword(updatePassword); isSuccess = true; } } else { message = "invalid id or no access"; } } else { message = "invalid id or no access"; } } else { message = "Invalid authentication"; } loginService.logout(); } catch (Exception e) { LOG.error(e.getMessage(), e); isSuccess = false; message = e.getMessage(); } return createModelAndView(isSuccess, message, "passwordId", passwordId); } private ModelAndView createModelAndView(boolean isSuccess, String message, String dataKey, Object dataValue) { ModelAndView mv = new ModelAndView(jsonView); mv.addObject("success", isSuccess); mv.addObject("message", message); mv.addObject(dataKey, dataValue); return mv; } }