From 292050a8f913680dd796d2af70ee0616684c1825 Mon Sep 17 00:00:00 2001 From: Robert von Burg Date: Fri, 23 Oct 2015 18:22:05 +0200 Subject: [PATCH] [New] Use InvalidCredentialsException --- ch.eitchnet.privilege | 2 +- .../DefaultStrolchPrivilegeHandler.java | 24 ++++------ .../rest/endpoint/AuthenticationService.java | 47 +++++++++++++++++-- .../li/strolch/rest/model/LogoutResult.java | 16 +++---- 4 files changed, 61 insertions(+), 28 deletions(-) diff --git a/ch.eitchnet.privilege b/ch.eitchnet.privilege index 5dc94514e..d5491e4f0 160000 --- a/ch.eitchnet.privilege +++ b/ch.eitchnet.privilege @@ -1 +1 @@ -Subproject commit 5dc94514e13d142de8e2532b3bec18b28c7855dd +Subproject commit d5491e4f0d0106866eea4f59c32826aa20a9d139 diff --git a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java index e09fd6747..d2ba5f057 100644 --- a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java +++ b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java @@ -20,7 +20,6 @@ import java.io.FileInputStream; import java.text.MessageFormat; import java.util.Map; -import ch.eitchnet.privilege.base.AccessDeniedException; import ch.eitchnet.privilege.base.PrivilegeException; import ch.eitchnet.privilege.handler.DefaultPrivilegeHandler; import ch.eitchnet.privilege.handler.EncryptionHandler; @@ -37,7 +36,6 @@ import ch.eitchnet.utils.helper.XmlHelper; import li.strolch.agent.api.ComponentContainer; import li.strolch.agent.api.StrolchComponent; import li.strolch.agent.api.StrolchRealm; -import li.strolch.exception.StrolchException; import li.strolch.model.audit.AccessType; import li.strolch.model.audit.Audit; import li.strolch.persistence.api.StrolchTransaction; @@ -125,20 +123,16 @@ public class DefaultStrolchPrivilegeHandler extends StrolchComponent implements @Override public Certificate authenticate(String username, byte[] password) { assertContainerStarted(); - try { - Certificate certificate = this.privilegeHandler.authenticate(username, password); - StrolchRealm realm = getContainer().getRealm(certificate); - try (StrolchTransaction tx = realm.openTx(certificate, StrolchPrivilegeConstants.LOGIN)) { - tx.setSuppressDoNothingLogging(true); - tx.setSuppressAudits(true); - Audit audit = tx.auditFrom(AccessType.CREATE, StrolchPrivilegeConstants.PRIVILEGE, - StrolchPrivilegeConstants.CERTIFICATE, username); - tx.getAuditTrail().add(tx, audit); - } - return certificate; - } catch (AccessDeniedException e) { - throw new StrolchException("Authentication credentials are invalid", e); //$NON-NLS-1$ + Certificate certificate = this.privilegeHandler.authenticate(username, password); + StrolchRealm realm = getContainer().getRealm(certificate); + try (StrolchTransaction tx = realm.openTx(certificate, StrolchPrivilegeConstants.LOGIN)) { + tx.setSuppressDoNothingLogging(true); + tx.setSuppressAudits(true); + Audit audit = tx.auditFrom(AccessType.CREATE, StrolchPrivilegeConstants.PRIVILEGE, + StrolchPrivilegeConstants.CERTIFICATE, username); + tx.getAuditTrail().add(tx, audit); } + return certificate; } @Override diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java index 7f0576f18..6a8db8303 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java @@ -22,6 +22,7 @@ import java.util.Set; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; +import javax.ws.rs.HEAD; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.PathParam; @@ -35,7 +36,11 @@ import javax.ws.rs.core.Response.Status; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.google.gson.Gson; +import com.google.gson.JsonObject; + import ch.eitchnet.privilege.base.AccessDeniedException; +import ch.eitchnet.privilege.base.InvalidCredentialsException; import ch.eitchnet.privilege.base.PrivilegeException; import ch.eitchnet.privilege.model.Certificate; import ch.eitchnet.privilege.model.IPrivilege; @@ -111,6 +116,10 @@ public class AuthenticationService { .header(HttpHeaders.AUTHORIZATION, certificate.getAuthToken())// .build(); + } catch (InvalidCredentialsException e) { + logger.error(e.getMessage(), e); + loginResult.setMsg("Could not log in as the given credentials are invalid"); //$NON-NLS-1$ + return Response.status(Status.UNAUTHORIZED).entity(loginResult).build(); } catch (AccessDeniedException e) { logger.error(e.getMessage(), e); loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$ @@ -130,8 +139,8 @@ public class AuthenticationService { @DELETE @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) - @Path("{sessionId}") - public Response logout(@PathParam("sessionId") String sessionId) { + @Path("{authToken}") + public Response logout(@PathParam("authToken") String authToken) { LogoutResult logoutResult = new LogoutResult(); @@ -139,11 +148,11 @@ public class AuthenticationService { StrolchSessionHandler sessionHandlerHandler = RestfulStrolchComponent.getInstance() .getComponent(StrolchSessionHandler.class); - Certificate certificate = sessionHandlerHandler.validate(sessionId); + Certificate certificate = sessionHandlerHandler.validate(authToken); sessionHandlerHandler.invalidate(certificate); logoutResult.setUsername(certificate.getUsername()); - logoutResult.setSessionId(sessionId); + logoutResult.setAuthToken(authToken); logoutResult.setMsg(MessageFormat.format("{0} has been logged out.", certificate.getUsername())); //$NON-NLS-1$ return Response.ok().entity(logoutResult).build(); @@ -158,4 +167,34 @@ public class AuthenticationService { return Response.serverError().entity(logoutResult).build(); } } + + @HEAD + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + @Path("{authToken}") + public Response validateSessions(@PathParam("authToken") String authToken) { + + try { + + StrolchSessionHandler sessionHandlerHandler = RestfulStrolchComponent.getInstance() + .getComponent(StrolchSessionHandler.class); + sessionHandlerHandler.validate(authToken); + + return Response.ok().build(); + + } catch (StrolchException | PrivilegeException e) { + logger.error(e.getMessage(), e); + JsonObject root = new JsonObject(); + root.addProperty("msg", MessageFormat.format("Session invalid: {0}", e.getMessage())); + String json = new Gson().toJson(root); + return Response.status(Status.UNAUTHORIZED).entity(json).build(); + } catch (Exception e) { + logger.error(e.getMessage(), e); + String msg = e.getMessage(); + JsonObject root = new JsonObject(); + root.addProperty("msg", MessageFormat.format("Session invalid: {0}: {1}", e.getClass().getName(), msg)); + String json = new Gson().toJson(root); + return Response.serverError().entity(json).build(); + } + } } diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/model/LogoutResult.java b/li.strolch.rest/src/main/java/li/strolch/rest/model/LogoutResult.java index db37aa98d..7cefb0f52 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/model/LogoutResult.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/model/LogoutResult.java @@ -30,8 +30,8 @@ public class LogoutResult { @XmlAttribute(name = "username") private String username; - @XmlAttribute(name = "sessionId") - private String sessionId; + @XmlAttribute(name = "authToken") + private String authToken; @XmlAttribute(name = "msg") private String msg; @@ -71,17 +71,17 @@ public class LogoutResult { } /** - * @return the sessionId + * @return the authToken */ public String getSessionId() { - return this.sessionId; + return this.authToken; } /** - * @param sessionId - * the sessionId to set + * @param authToken + * the authToken to set */ - public void setSessionId(String sessionId) { - this.sessionId = sessionId; + public void setAuthToken(String authToken) { + this.authToken = authToken; } }