Strolch
/
strolch
mirror of https://github.com/strolch-li/strolch.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Major] Refactored to not use JAXB in PrivilegeUsersService

This commit is contained in:
Robert von Burg 2016-09-08 20:06:38 +02:00
parent 68327da042
commit b8834b9b82
12 changed files with 310 additions and 720 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
li.strolch.privilege/src/main/java/li/strolch/privilege/model/UserRep.java
View File

@ -24,12 +24,6 @@ import java.util.Locale;
import java.util.Map;
import java.util.Set;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import li.strolch.privilege.base.PrivilegeException;
import li.strolch.privilege.model.internal.Role;
import li.strolch.privilege.model.internal.User;
@ -43,34 +37,24 @@ import li.strolch.utils.xml.XmlKeyValue;
*
* @author Robert von Burg <eitch@eitchnet.ch>
*/
@XmlRootElement(name = "User")
@XmlAccessorType(XmlAccessType.NONE)
public class UserRep implements Serializable {
private static final long serialVersionUID = 1L;
@XmlAttribute(name = "userId")
private String userId;
@XmlAttribute(name = "username")
private String username;
@XmlAttribute(name = "firstname")
private String firstname;
@XmlAttribute(name = "lastname")
private String lastname;
@XmlAttribute(name = "userState")
private UserState userState;
@XmlAttribute(name = "locale")
private Locale locale;
@XmlElement(name = "roles")
private Set<String> roles;
@XmlElement(name = "properties")
private List<XmlKeyValue> properties;
/**
@ -319,7 +303,6 @@ public class UserRep implements Serializable {
*
* @return the string map properties of this user as a list of {@link XmlKeyValue} elements
*/
@XmlElement(name = "properties")
public List<XmlKeyValue> getProperties() {
return this.properties == null ? new ArrayList<>() : this.properties;
}

14
li.strolch.rest/pom.xml
View File

@ -1,6 +1,5 @@
<?xml version="1.0"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
@ -87,17 +86,6 @@
<artifactId>jersey-container-grizzly2-servlet</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.containers</groupId>
<artifactId>jersey-container-grizzly2-http</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.test-framework.providers</groupId>
<artifactId>jersey-test-framework-provider-bundle</artifactId>
<type>pom</type>
<scope>test</scope>
</dependency>
</dependencies>

30
li.strolch.rest/src/main/java/li/strolch/model/query/parser/QueryParser.java
View File

@ -37,15 +37,9 @@ public abstract class QueryParser extends CompositeParser {
private OrSelection or;
private IdSelection idSelection;
private boolean allowType;
public QueryParser(StrolchElementQuery<?> query) {
this(query, false);
}
public QueryParser(StrolchElementQuery<?> query, boolean allowType) {
this.query = query;
this.allowType = allowType;
}
protected OrSelection or() {
@ -66,6 +60,8 @@ public abstract class QueryParser extends CompositeParser {
public abstract boolean withPrefix();
public abstract boolean allowType();
protected void defs() {
// [id:<value>] [name:<value>] [type:<value>] [param:<bagId>:<paramId>] [value]
@ -75,8 +71,7 @@ public abstract class QueryParser extends CompositeParser {
if (withPrefix()) {
def("id", key("id"));
def("name", key("name"));
if (this.allowType)
def("type", key("type"));
def("type", key("type"));
for (String bagId : getBagParamSet().keySet()) {
Set<String> set = getBagParamSet().getSet(bagId);
@ -97,7 +92,7 @@ public abstract class QueryParser extends CompositeParser {
else
parsers = parsers.or(ref("id")).or(ref("name"));
if (this.allowType)
if (allowType())
parsers = parsers.or(ref("type"));
} else {
@ -139,7 +134,7 @@ public abstract class QueryParser extends CompositeParser {
return null;
});
if (this.allowType) {
if (allowType()) {
action("type", (String s) -> {
String trimmed = s.trim();
if (!trimmed.isEmpty())
@ -214,6 +209,11 @@ public abstract class QueryParser extends CompositeParser {
public boolean withPrefix() {
return withPrefix;
}
@Override
public boolean allowType() {
return true;
}
};
Result result = parser.parse(queryString);
ResourceQuery<Resource> query = result.get();
@ -242,6 +242,11 @@ public abstract class QueryParser extends CompositeParser {
public boolean withPrefix() {
return withPrefix;
}
@Override
public boolean allowType() {
return true;
}
};
Result result = parser.parse(queryString);
OrderQuery<Order> query = result.get();
@ -271,6 +276,11 @@ public abstract class QueryParser extends CompositeParser {
public boolean withPrefix() {
return withPrefix;
}
@Override
public boolean allowType() {
return true;
}
};
Result result = parser.parse(queryString);
ActivityQuery<Activity> query = result.get();

121
li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
View File

@ -16,8 +16,7 @@
package li.strolch.rest.endpoint;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.List;
import java.util.Base64;
import java.util.Set;
import java.util.concurrent.TimeUnit;
@ -41,8 +40,11 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.google.gson.Gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonPrimitive;
import li.strolch.exception.StrolchException;
import li.strolch.privilege.base.AccessDeniedException;
@ -55,12 +57,8 @@ import li.strolch.privilege.model.Usage;
import li.strolch.rest.RestfulStrolchComponent;
import li.strolch.rest.StrolchRestfulConstants;
import li.strolch.rest.StrolchSessionHandler;
import li.strolch.rest.model.Login;
import li.strolch.rest.model.LoginResult;
import li.strolch.rest.model.LogoutResult;
import li.strolch.rest.model.Result;
import li.strolch.runtime.privilege.PrivilegeHandler;
import li.strolch.utils.helper.StringHelper;
/**
* @author Robert von Burg <eitch@eitchnet.ch>
@ -73,52 +71,90 @@ public class AuthenticationService {
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response authenticate(Login login, @Context HttpServletRequest request, @Context HttpHeaders headers) {
public Response authenticate(@Context HttpServletRequest request, @Context HttpHeaders headers, String data) {
LoginResult loginResult = new LoginResult();
JsonObject login = new JsonParser().parse(data).getAsJsonObject();
JsonObject loginResult = new JsonObject();
try {
StringBuilder sb = new StringBuilder();
if (StringHelper.isEmpty(login.getUsername()) || login.getUsername().length() < 2) {
JsonElement usernameE = login.get("username");
if (usernameE == null || usernameE.getAsString().length() < 2) {
sb.append("Username was not given or is too short!"); //$NON-NLS-1$
}
if (login.getPassword() == null || login.getPassword().length < 3) {
JsonElement passwordE = login.get("password");
if (passwordE == null) {
if (sb.length() > 0)
sb.append("\n");
sb.append("Password was not given or was too short!"); //$NON-NLS-1$
sb.append("Password was not given!"); //$NON-NLS-1$
}
byte[] password = passwordE == null ? new byte[] {} : Base64.getDecoder().decode(passwordE.getAsString());
if (password.length < 3) {
if (sb.length() > 0)
sb.append("\n");
sb.append("Password not given or too short!"); //$NON-NLS-1$
}
if (sb.length() != 0) {
loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", sb.toString())); //$NON-NLS-1$
loginResult.addProperty("msg", MessageFormat.format("Could not log in due to: {0}", sb.toString())); //$NON-NLS-1$
return Response.status(Status.BAD_REQUEST).entity(loginResult).build();
}
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
Certificate certificate = sessionHandler.authenticate(login.getUsername(), login.getPassword());
Certificate certificate = sessionHandler.authenticate(usernameE.getAsString(), password);
PrivilegeHandler privilegeHandler = RestfulStrolchComponent.getInstance().getContainer()
.getPrivilegeHandler();
PrivilegeContext privilegeContext = privilegeHandler.getPrivilegeContext(certificate);
loginResult.setSessionId(certificate.getSessionId());
loginResult.setAuthToken(certificate.getAuthToken());
loginResult.setUsername(certificate.getUsername());
loginResult.setFirstname(certificate.getFirstname());
loginResult.setLastname(certificate.getLastname());
loginResult.setLocale(certificate.getLocale());
loginResult.setParameters(certificate.getPropertyMap());
loginResult.setRoles(new ArrayList<>(certificate.getUserRoles()));
loginResult.addProperty("sessionId", certificate.getSessionId());
loginResult.addProperty("authToken", certificate.getAuthToken());
loginResult.addProperty("username", certificate.getUsername());
loginResult.addProperty("firstname", certificate.getFirstname());
loginResult.addProperty("lastname", certificate.getLastname());
loginResult.addProperty("locale", certificate.getLocale().toString());
List<LoginResult.Privilege> privileges = new ArrayList<>();
for (String name : privilegeContext.getPrivilegeNames()) {
IPrivilege privilege = privilegeContext.getPrivilege(name);
Set<String> allowSet = privilege.getAllowList();
ArrayList<String> allowList = null;
if (!allowSet.isEmpty())
allowList = new ArrayList<>(allowSet);
privileges.add(new LoginResult.Privilege(name, privilege.isAllAllowed(), allowList));
if (!certificate.getPropertyMap().isEmpty()) {
JsonObject propObj = new JsonObject();
loginResult.add("properties", propObj);
for (String propKey : certificate.getPropertyMap().keySet()) {
propObj.addProperty(propKey, certificate.getPropertyMap().get(propKey));
}
}
if (!certificate.getUserRoles().isEmpty()) {
JsonArray rolesArr = new JsonArray();
loginResult.add("roles", rolesArr);
for (String role : certificate.getUserRoles()) {
rolesArr.add(new JsonPrimitive(role));
}
}
if (!privilegeContext.getPrivilegeNames().isEmpty()) {
JsonArray privArr = new JsonArray();
loginResult.add("privileges", privArr);
for (String name : privilegeContext.getPrivilegeNames()) {
IPrivilege privilege = privilegeContext.getPrivilege(name);
JsonObject privObj = new JsonObject();
privArr.add(privObj);
privObj.addProperty("name", name);
privObj.addProperty("allAllowed", privilege.isAllAllowed());
Set<String> allowSet = privilege.getAllowList();
if (!allowSet.isEmpty()) {
JsonArray allowArr = new JsonArray();
privObj.add("allowList", allowArr);
for (String allow : allowSet) {
allowArr.add(new JsonPrimitive(allow));
}
}
}
}
loginResult.setPrivileges(privileges);
boolean secureCookie = RestfulStrolchComponent.getInstance().isSecureCookie();
if (secureCookie && !request.getScheme().equals("https")) {
@ -128,25 +164,25 @@ public class AuthenticationService {
NewCookie cookie = new NewCookie(StrolchRestfulConstants.STROLCH_AUTHORIZATION, certificate.getAuthToken(),
"/", null, "Authorization header", (int) TimeUnit.DAYS.toSeconds(1), secureCookie);
return Response.ok().entity(loginResult)//
return Response.ok().entity(loginResult.toString())//
.header(HttpHeaders.AUTHORIZATION, certificate.getAuthToken()).cookie(cookie).build();
} catch (InvalidCredentialsException e) {
logger.error(e.getMessage(), e);
loginResult.setMsg("Could not log in as the given credentials are invalid"); //$NON-NLS-1$
loginResult.addProperty("msg", "Could not log in as the given credentials are invalid"); //$NON-NLS-1$
return Response.status(Status.UNAUTHORIZED).entity(loginResult).build();
} catch (AccessDeniedException e) {
logger.error(e.getMessage(), e);
loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$
loginResult.addProperty("msg", MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$
return Response.status(Status.UNAUTHORIZED).entity(loginResult).build();
} catch (StrolchException | PrivilegeException e) {
logger.error(e.getMessage(), e);
loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$
loginResult.addProperty("msg", MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$
return Response.status(Status.FORBIDDEN).entity(loginResult).build();
} catch (Exception e) {
logger.error(e.getMessage(), e);
String msg = e.getMessage();
loginResult.setMsg(MessageFormat.format("{0}: {1}", e.getClass().getName(), msg)); //$NON-NLS-1$
loginResult.addProperty("msg", MessageFormat.format("{0}: {1}", e.getClass().getName(), msg)); //$NON-NLS-1$
return Response.serverError().entity(loginResult).build();
}
}
@ -157,7 +193,7 @@ public class AuthenticationService {
@Path("{authToken}")
public Response invalidateSession(@PathParam("authToken") String authToken) {
LogoutResult logoutResult = new LogoutResult();
JsonObject logoutResult = new JsonObject();
try {
@ -165,19 +201,20 @@ public class AuthenticationService {
Certificate certificate = sessionHandler.validate(authToken);
sessionHandler.invalidate(certificate);
logoutResult.setUsername(certificate.getUsername());
logoutResult.setAuthToken(authToken);
logoutResult.setMsg(MessageFormat.format("{0} has been logged out.", certificate.getUsername())); //$NON-NLS-1$
return Response.ok().entity(logoutResult).build();
logoutResult.addProperty("username", certificate.getUsername());
logoutResult.addProperty("authToken", authToken);
logoutResult.addProperty("msg", //$NON-NLS-1$
MessageFormat.format("{0} has been logged out.", certificate.getUsername()));
return Response.ok().entity(logoutResult.toString()).build();
} catch (StrolchException | PrivilegeException e) {
logger.error(e.getMessage(), e);
logoutResult.setMsg(MessageFormat.format("Could not logout due to: {0}", e.getMessage())); //$NON-NLS-1$
logoutResult.addProperty("msg", MessageFormat.format("Could not logout due to: {0}", e.getMessage())); //$NON-NLS-1$
return Response.status(Status.UNAUTHORIZED).entity(logoutResult).build();
} catch (Exception e) {
logger.error(e.getMessage(), e);
String msg = e.getMessage();
logoutResult.setMsg(MessageFormat.format("{0}: {1}", e.getClass().getName(), msg)); //$NON-NLS-1$
logoutResult.addProperty("msg", MessageFormat.format("{0}: {1}", e.getClass().getName(), msg)); //$NON-NLS-1$
return Response.serverError().entity(logoutResult).build();
}
}

123
li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java
View File

@ -16,8 +16,13 @@
package li.strolch.rest.endpoint;
import java.text.MessageFormat;
import java.util.Base64;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
@ -29,11 +34,16 @@ import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.GenericEntity;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonPrimitive;
import li.strolch.agent.api.ComponentContainer;
import li.strolch.privilege.base.AccessDeniedException;
import li.strolch.privilege.base.PrivilegeException;
@ -44,7 +54,6 @@ import li.strolch.privilege.model.UserState;
import li.strolch.rest.RestfulStrolchComponent;
import li.strolch.rest.StrolchRestfulConstants;
import li.strolch.rest.StrolchSessionHandler;
import li.strolch.rest.model.PasswordField;
import li.strolch.rest.model.Result;
import li.strolch.service.api.ServiceHandler;
import li.strolch.service.api.ServiceResult;
@ -75,6 +84,83 @@ public class PrivilegeUsersService {
return container.getPrivilegeHandler().getPrivilegeHandler();
}
private JsonArray toJson(List<UserRep> users) {
JsonArray usersArr = new JsonArray();
for (UserRep userRep : users) {
usersArr.add(toJson(userRep));
}
return usersArr;
}
private JsonObject toJson(UserRep userRep) {
JsonObject jsonObject = new JsonObject();
jsonObject.addProperty("userId", userRep.getUserId());
jsonObject.addProperty("username", userRep.getUsername());
jsonObject.addProperty("firstname", userRep.getFirstname());
jsonObject.addProperty("lastname", userRep.getLastname());
jsonObject.addProperty("userState", userRep.getUserState().name());
jsonObject.addProperty("locale", userRep.getLocale().toString());
JsonArray rolesArr = new JsonArray();
jsonObject.add("roles", rolesArr);
for (String role : userRep.getRoles()) {
rolesArr.add(new JsonPrimitive(role));
}
JsonArray propsArr = new JsonArray();
jsonObject.add("properties", propsArr);
for (String propKey : userRep.getPropertyKeySet()) {
JsonObject propObj = new JsonObject();
propObj.addProperty("key", propKey);
propObj.addProperty("value", userRep.getProperty(propKey));
rolesArr.add(propObj);
}
return jsonObject;
}
private UserRep fromJson(JsonObject jsonObject) {
JsonElement userIdE = jsonObject.get("userId");
JsonElement usernameE = jsonObject.get("username");
JsonElement firstnameE = jsonObject.get("firstname");
JsonElement lastnameE = jsonObject.get("lastname");
JsonElement userStateE = jsonObject.get("userState");
JsonElement localeE = jsonObject.get("locale");
JsonElement rolesE = jsonObject.get("roles");
JsonElement propertiesE = jsonObject.get("properties");
String userId = userIdE == null ? null : userIdE.getAsString();
String username = usernameE == null ? null : usernameE.getAsString();
String firstname = firstnameE == null ? null : firstnameE.getAsString();
String lastname = lastnameE == null ? null : lastnameE.getAsString();
UserState userState = userStateE == null ? null : UserState.valueOf(userStateE.getAsString());
Locale locale = localeE == null ? null : new Locale(localeE.getAsString());
Set<String> roles = null;
if (rolesE != null) {
roles = new HashSet<>();
JsonArray rolesArr = rolesE.getAsJsonArray();
for (JsonElement role : rolesArr) {
roles.add(role.getAsString());
}
}
Map<String, String> properties = null;
if (propertiesE != null) {
properties = new HashMap<>();
JsonArray propertiesArr = propertiesE.getAsJsonArray();
for (JsonElement propertyE : propertiesArr) {
JsonObject property = propertyE.getAsJsonObject();
properties.put(property.get("key").getAsString(), property.get("value").getAsString());
}
}
UserRep userRep = new UserRep(userId, username, firstname, lastname, userState, roles, locale, properties);
return userRep;
}
@GET
@Produces(MediaType.APPLICATION_JSON)
public Response getUsers(@Context HttpServletRequest request) {
@ -82,9 +168,8 @@ public class PrivilegeUsersService {
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
List<UserRep> users = privilegeHandler.getUsers(cert);
GenericEntity<List<UserRep>> entity = new GenericEntity<List<UserRep>>(users) {
};
return Response.ok(entity, MediaType.APPLICATION_JSON).build();
JsonArray usersArr = toJson(users);
return Response.ok(usersArr.toString(), MediaType.APPLICATION_JSON).build();
}
@GET
@ -95,33 +180,33 @@ public class PrivilegeUsersService {
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
UserRep user = privilegeHandler.getUser(cert, username);
return Response.ok(user, MediaType.APPLICATION_JSON).build();
return Response.ok(toJson(user).toString(), MediaType.APPLICATION_JSON).build();
}
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("query")
public Response queryUsers(UserRep query, @Context HttpServletRequest request) {
public Response queryUsers(String query, @Context HttpServletRequest request) {
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
List<UserRep> users = privilegeHandler.queryUsers(cert, query);
GenericEntity<List<UserRep>> entity = new GenericEntity<List<UserRep>>(users) {
};
return Response.ok(entity, MediaType.APPLICATION_JSON).build();
UserRep queryRep = fromJson(new JsonParser().parse(query).getAsJsonObject());
List<UserRep> users = privilegeHandler.queryUsers(cert, queryRep);
JsonArray usersArr = toJson(users);
return Response.ok(usersArr.toString(), MediaType.APPLICATION_JSON).build();
}
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response addUser(UserRep newUser, @Context HttpServletRequest request) {
public Response addUser(String newUser, @Context HttpServletRequest request) {
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
PrivilegeAddUserService svc = new PrivilegeAddUserService();
PrivilegeUserArgument arg = new PrivilegeUserArgument();
arg.user = newUser;
arg.user = fromJson(new JsonParser().parse(newUser).getAsJsonObject());
PrivilegeUserResult svcResult = svcHandler.doService(cert, svc, arg);
return handleServiceResult(svcResult);
@ -147,14 +232,14 @@ public class PrivilegeUsersService {
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("{username}")
public Response updateUser(@PathParam("username") String username, UserRep updatedFields,
public Response updateUser(@PathParam("username") String username, String updatedFields,
@Context HttpServletRequest request) {
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
PrivilegeUpdateUserService svc = new PrivilegeUpdateUserService();
PrivilegeUserArgument arg = new PrivilegeUserArgument();
arg.user = updatedFields;
arg.user = fromJson(new JsonParser().parse(updatedFields).getAsJsonObject());
PrivilegeUserResult svcResult = svcHandler.doService(cert, svc, arg);
return handleServiceResult(svcResult);
@ -223,7 +308,7 @@ public class PrivilegeUsersService {
private Response handleServiceResult(PrivilegeUserResult svcResult) {
if (svcResult.isOk()) {
return Response.ok(svcResult.getUser(), MediaType.APPLICATION_JSON).build();
return Response.ok(toJson(svcResult.getUser()), MediaType.APPLICATION_JSON).build();
} else if (svcResult.getThrowable() != null) {
Throwable t = svcResult.getThrowable();
if (t instanceof AccessDeniedException) {
@ -265,15 +350,17 @@ public class PrivilegeUsersService {
@PUT
@Produces(MediaType.APPLICATION_JSON)
@Path("{username}/password")
public Response setUserPassword(@PathParam("username") String username, PasswordField passwordField,
public Response setUserPassword(@PathParam("username") String username, String data,
@Context HttpServletRequest request) {
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
String password = new JsonParser().parse(data).getAsJsonObject().get("password").getAsString();
ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
PrivilegeSetUserPasswordService svc = new PrivilegeSetUserPasswordService();
PrivilegeSetUserPasswordArgument arg = new PrivilegeSetUserPasswordArgument();
arg.username = username;
arg.password = passwordField.getPassword();
arg.password = Base64.getDecoder().decode(password);
ServiceResult svcResult = svcHandler.doService(cert, svc, arg);
if (svcResult.isOk()) {

68
li.strolch.rest/src/main/java/li/strolch/rest/model/Login.java
View File

@ -1,68 +0,0 @@
/*
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package li.strolch.rest.model;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlRootElement;
/**
* @author Robert von Burg <eitch@eitchnet.ch>
*/
@XmlAccessorType(XmlAccessType.NONE)
@XmlRootElement(name = "Login")
public class Login {
@XmlAttribute
private String username;
@XmlAttribute
private byte[] password;
public Login() {
// no-arg constructor for JAXB
}
/**
* @return the username
*/
public String getUsername() {
return this.username;
}
/**
* @param username
* the username to set
*/
public void setUsername(String username) {
this.username = username;
}
/**
* @return the password
*/
public byte[] getPassword() {
return this.password;
}
/**
* @param password
* the password to set
*/
public void setPassword(byte[] password) {
this.password = password;
}
}

287
li.strolch.rest/src/main/java/li/strolch/rest/model/LoginResult.java
View File

@ -1,287 +0,0 @@
/*
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package li.strolch.rest.model;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import li.strolch.utils.xml.XmlKeyValue;
/**
* @author Robert von Burg <eitch@eitchnet.ch>
*/
@XmlAccessorType(XmlAccessType.NONE)
@XmlRootElement(name = "LoginResult")
public class LoginResult {
@XmlAttribute(name = "username")
private String username;
@XmlAttribute(name = "firstname")
private String firstname;
@XmlAttribute(name = "lastname")
private String lastname;
@XmlAttribute(name = "authToken")
private String authToken;
@XmlAttribute(name = "sessionId")
private String sessionId;
@XmlAttribute(name = "locale")
private String locale;
@XmlAttribute(name = "msg")
private String msg;
@XmlElement(name = "roles")
private List<String> roles;
@XmlElement(name = "privileges")
private List<Privilege> privileges;
private Map<String, String> parameters;
public LoginResult() {
// no-arg constructor for JAXB
}
/**
* @return the username
*/
public String getUsername() {
return this.username;
}
/**
* @param username
* the username to set
*/
public void setUsername(String username) {
this.username = username;
}
/**
* @return the firstname
*/
public String getFirstname() {
return this.firstname;
}
/**
* @param firstname
* the firstname to set
*/
public void setFirstname(String firstname) {
this.firstname = firstname;
}
/**
* @return the lastname
*/
public String getLastname() {
return this.lastname;
}
/**
* @param lastname
* the lastname to set
*/
public void setLastname(String lastname) {
this.lastname = lastname;
}
/**
* @return the sessionId
*/
public String getAuthToken() {
return this.authToken;
}
/**
* @param authToken
* the authToken to set
*/
public void setAuthToken(String authToken) {
this.authToken = authToken;
}
/**
* @return the sessionId
*/
public String getSessionId() {
return this.sessionId;
}
/**
* @param sessionId
* the sessionId to set
*/
public void setSessionId(String sessionId) {
this.sessionId = sessionId;
}
/**
* @return the locale
*/
public String getLocale() {
return this.locale;
}
/**
* @param locale
* the locale to set
*/
public void setLocale(String locale) {
this.locale = locale;
}
/**
* @param locale
* the locale to set
*/
public void setLocale(Locale locale) {
this.locale = locale.toString();
}
/**
* @return the parameters
*/
public Map<String, String> getParameters() {
return this.parameters;
}
/**
* @param parameters
* the parameters to set
*/
public void setParameters(Map<String, String> parameters) {
this.parameters = parameters;
}
/**
* Returns the string map properties of this user as a list of {@link XmlKeyValue} elements
*
* @return the string map properties of this user as a list of {@link XmlKeyValue} elements
*/
@XmlElement(name = "properties")
public List<XmlKeyValue> getPropertiesAsKeyValue() {
if (this.parameters == null)
return new ArrayList<>(0);
return XmlKeyValue.valueOf(this.parameters);
}
/**
* @return the msg
*/
public String getMsg() {
return this.msg;
}
/**
* @param msg
* the msg to set
*/
public void setMsg(String msg) {
this.msg = msg;
}
/**
* @return the roles
*/
public List<String> getRoles() {
return roles;
}
/**
* @param roles
* the roles to set
*/
public void setRoles(List<String> roles) {
this.roles = roles;
}
/**
* @return the privileges
*/
public List<Privilege> getPrivileges() {
return this.privileges;
}
/**
* @param privileges
* the privileges to set
*/
public void setPrivileges(List<Privilege> privileges) {
this.privileges = privileges;
}
@XmlRootElement(name = "Privilege")
@XmlAccessorType(XmlAccessType.NONE)
public static class Privilege {
@XmlAttribute(name = "name")
private String name;
@XmlAttribute(name = "allAllowed")
private boolean allAllowed;
@XmlElement(name = "allowList")
private List<String> allowList;
public Privilege() {
// no-arg constructor for JAXB
}
public Privilege(String name, boolean allAllowed, List<String> allowList) {
this.name = name;
this.allAllowed = allAllowed;
this.allowList = allowList;
}
public void setName(String name) {
this.name = name;
}
public String getName() {
return this.name;
}
public List<String> getAllowList() {
return this.allowList;
}
public void setAllowList(List<String> allowList) {
this.allowList = allowList;
}
public boolean isAllAllowed() {
return this.allAllowed;
}
public void setAllAllowed(boolean allAllowed) {
this.allAllowed = allAllowed;
}
}
}

69
li.strolch.rest/src/main/java/li/strolch/rest/model/Logout.java
View File

@ -1,69 +0,0 @@
/*
* Copyright 2015 Robert von Burg <eitch@eitchnet.ch>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package li.strolch.rest.model;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlRootElement;
/**
* @author Robert von Burg <eitch@eitchnet.ch>
*/
@XmlRootElement(name = "Logout")
@XmlAccessorType(XmlAccessType.NONE)
public class Logout {
@XmlAttribute(name = "username")
private String username;
@XmlAttribute(name = "sessionId")
private String sessionId;
public Logout() {
// no-arg constructor for JAXB
}
/**
* @return the username
*/
public String getUsername() {
return this.username;
}
/**
* @param username
* the username to set
*/
public void setUsername(String username) {
this.username = username;
}
/**
* @return the sessionId
*/
public String getSessionId() {
return this.sessionId;
}
/**
* @param sessionId
* the sessionId to set
*/
public void setSessionId(String sessionId) {
this.sessionId = sessionId;
}
}

87
li.strolch.rest/src/main/java/li/strolch/rest/model/LogoutResult.java
View File

@ -1,87 +0,0 @@
/*
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package li.strolch.rest.model;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlRootElement;
/**
* @author Robert von Burg <eitch@eitchnet.ch>
*/
@XmlAccessorType(XmlAccessType.NONE)
@XmlRootElement(name = "LogoutResult")
public class LogoutResult {
@XmlAttribute(name = "username")
private String username;
@XmlAttribute(name = "authToken")
private String authToken;
@XmlAttribute(name = "msg")
private String msg;
public LogoutResult() {
// no-arg constructor for JAXB
}
/**
* @return the msg
*/
public String getMsg() {
return this.msg;
}
/**
* @param msg
* the msg to set
*/
public void setMsg(String msg) {
this.msg = msg;
}
/**
* @return the username
*/
public String getUsername() {
return this.username;
}
/**
* @param username
* the username to set
*/
public void setUsername(String username) {
this.username = username;
}
/**
* @return the authToken
*/
public String getSessionId() {
return this.authToken;
}
/**
* @param authToken
* the authToken to set
*/
public void setAuthToken(String authToken) {
this.authToken = authToken;
}
}

34
li.strolch.rest/src/test/java/li/strolch/model/query/parser/QueryParserTest.java
View File

@ -4,6 +4,7 @@ import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import java.util.Arrays;
import java.util.List;
import org.junit.Test;
@ -196,39 +197,42 @@ public class QueryParserTest {
assertFalse(query.hasNavigation());
OrSelection or = (OrSelection) query.getSelection();
List<Selection> selections = or.getSelections();
assertEquals(6, selections.size());
for (Selection selection : selections) {
assertEquals(AnyTypeParameterSelection.class, selection.getClass());
}
assertEquals(10, selections.size());
AnyTypeParameterSelection sel;
sel = (AnyTypeParameterSelection) selections.get(0);
assertEquals("parameters", sel.getBagKey());
assertEquals("date", sel.getParamKey());
assertEquals("asd", sel.getValue());
IdSelection idSel = (IdSelection) selections.get(0);
assertEquals(Arrays.asList("asd", "bla@dsfdfg.ch", "1970-01-01T01:00:00.000+01:00"), idSel.getIds());
sel = (AnyTypeParameterSelection) selections.get(1);
assertEquals("parameters", sel.getBagKey());
assertEquals("email", sel.getParamKey());
assertEquals("asd", sel.getValue());
NameSelection nameSel = (NameSelection) selections.get(1);
assertEquals("asd", nameSel.getName());
sel = (AnyTypeParameterSelection) selections.get(2);
assertEquals("parameters", sel.getBagKey());
assertEquals("date", sel.getParamKey());
assertEquals("bla@dsfdfg.ch", sel.getValue());
assertEquals("asd", sel.getValue());
sel = (AnyTypeParameterSelection) selections.get(3);
assertEquals("parameters", sel.getBagKey());
assertEquals("email", sel.getParamKey());
assertEquals("asd", sel.getValue());
sel = (AnyTypeParameterSelection) selections.get(5);
assertEquals("parameters", sel.getBagKey());
assertEquals("date", sel.getParamKey());
assertEquals("bla@dsfdfg.ch", sel.getValue());
sel = (AnyTypeParameterSelection) selections.get(4);
sel = (AnyTypeParameterSelection) selections.get(6);
assertEquals("parameters", sel.getBagKey());
assertEquals("email", sel.getParamKey());
assertEquals("bla@dsfdfg.ch", sel.getValue());
sel = (AnyTypeParameterSelection) selections.get(8);
assertEquals("parameters", sel.getBagKey());
assertEquals("date", sel.getParamKey());
assertEquals("1970-01-01T01:00:00.000+01:00", sel.getValue());
sel = (AnyTypeParameterSelection) selections.get(5);
sel = (AnyTypeParameterSelection) selections.get(9);
assertEquals("parameters", sel.getBagKey());
assertEquals("email", sel.getParamKey());
assertEquals("1970-01-01T01:00:00.000+01:00", sel.getValue());

72
li.strolch.rest/src/test/java/li/strolch/rest/inspector/test/AbstractRestfulTest.java
View File

@ -18,22 +18,23 @@ package li.strolch.rest.inspector.test;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.util.Collections;
import javax.ws.rs.ProcessingException;
import javax.ws.rs.core.Application;
import li.strolch.rest.StrolchRestfulClasses;
import li.strolch.testbase.runtime.RuntimeMock;
import org.glassfish.grizzly.http.server.HttpServer;
import org.glassfish.jersey.client.ClientConfig;
import org.glassfish.jersey.filter.LoggingFilter;
import org.glassfish.jersey.grizzly2.servlet.GrizzlyWebContainerFactory;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.server.ServerProperties;
import org.glassfish.jersey.server.TracingConfig;
import org.glassfish.jersey.servlet.ServletProperties;
import org.glassfish.jersey.test.DeploymentContext;
import org.glassfish.jersey.test.JerseyTest;
import org.glassfish.jersey.test.ServletDeploymentContext;
import org.glassfish.jersey.test.TestProperties;
import org.glassfish.jersey.test.grizzly.GrizzlyWebTestContainerFactory;
import org.glassfish.jersey.test.spi.TestContainer;
import org.glassfish.jersey.test.spi.TestContainerException;
import org.glassfish.jersey.test.spi.TestContainerFactory;
import org.junit.AfterClass;
@ -41,13 +42,16 @@ import org.junit.BeforeClass;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import li.strolch.rest.StrolchRestfulClasses;
import li.strolch.rest.endpoint.Inspector;
import li.strolch.testbase.runtime.RuntimeMock;
/**
* @author Robert von Burg <eitch@eitchnet.ch>
*/
@SuppressWarnings("nls")
public abstract class AbstractRestfulTest extends JerseyTest {
private static final URI BASE_URI = URI.create("http://localhost:8888/base");
protected static final Logger logger = LoggerFactory.getLogger(AbstractRestfulTest.class);
private static final String RUNTIME_PATH = "target/withPrivilegeRuntime/"; //$NON-NLS-1$
private static final String CONFIG_SRC = "src/test/resources/withPrivilegeRuntime"; //$NON-NLS-1$
@ -63,26 +67,11 @@ public abstract class AbstractRestfulTest extends JerseyTest {
runtimeMock.startContainer();
}
@Override
protected URI getBaseUri() {
return BASE_URI;
}
@AfterClass
public static void afterClass() {
runtimeMock.destroyRuntime();
}
@Override
protected TestContainerFactory getTestContainerFactory() throws TestContainerException {
return new GrizzlyWebTestContainerFactory();
}
@Override
protected DeploymentContext configureDeployment() {
return ServletDeploymentContext.builder(configure()).contextPath("rest").build();
}
@Override
protected Application configure() {
forceEnable(TestProperties.LOG_TRAFFIC);
@ -109,4 +98,45 @@ public abstract class AbstractRestfulTest extends JerseyTest {
resourceConfig.property(ServletProperties.FILTER_FORWARD_ON_404, true);
return resourceConfig;
}
@Override
protected TestContainerFactory getTestContainerFactory() throws TestContainerException {
return new TestContainerFactory() {
@Override
public TestContainer create(URI baseUri, DeploymentContext deploymentContext) {
return new TestContainer() {
private HttpServer server;
@Override
public ClientConfig getClientConfig() {
return null;
}
@Override
public URI getBaseUri() {
return baseUri;
}
@Override
public void start() {
try {
this.server = GrizzlyWebContainerFactory.create(baseUri, Collections.singletonMap(
"jersey.config.server.provider.packages", Inspector.class.getPackage().getName()));
} catch (ProcessingException e) {
throw new TestContainerException(e);
} catch (IOException e) {
throw new TestContainerException(e);
}
}
@Override
public void stop() {
this.server.shutdownNow();
}
};
}
};
}
}

108
li.strolch.rest/src/test/java/li/strolch/rest/inspector/test/AuthenticationTest.java
View File

@ -15,31 +15,25 @@
*/
package li.strolch.rest.inspector.test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import java.util.Locale;
import java.util.Base64;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.Invocation.Builder;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import org.junit.Ignore;
import org.junit.Test;
import li.strolch.rest.model.Login;
import li.strolch.rest.model.LoginResult;
import li.strolch.rest.model.LogoutResult;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
/**
* @author Robert von Burg <eitch@eitchnet.ch>
*/
@Ignore
@SuppressWarnings("nls")
public class AuthenticationTest extends AbstractRestfulTest {
@ -49,93 +43,61 @@ public class AuthenticationTest extends AbstractRestfulTest {
public void shouldAuthenticate() {
// login
Login login = new Login();
login.setUsername("jill");
login.setPassword("jill".getBytes());
Entity<Login> loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON);
Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(loginEntity);
JsonObject login = new JsonObject();
login.addProperty("username", "jill");
login.addProperty("password", Base64.getEncoder().encodeToString("jill".getBytes()));
Entity<String> entity = Entity.entity(login.toString(), MediaType.APPLICATION_JSON);
Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(entity);
assertEquals(Status.OK.getStatusCode(), result.getStatus());
LoginResult loginResult = result.readEntity(LoginResult.class);
JsonObject loginResult = new JsonParser().parse(result.readEntity(String.class)).getAsJsonObject();
assertNotNull(loginResult);
assertEquals("jill", loginResult.getUsername());
assertEquals(64, loginResult.getAuthToken().length());
assertNull(loginResult.getMsg());
assertEquals("jill", loginResult.get("username").getAsString());
assertEquals(64, loginResult.get("authToken").getAsString().length());
assertNull(loginResult.get("msg"));
// logout
result = target().path(ROOT_PATH + "/" + loginResult.getAuthToken()).request(MediaType.APPLICATION_JSON)
.delete();
result = target().path(ROOT_PATH + "/" + loginResult.get("authToken").getAsString())
.request(MediaType.APPLICATION_JSON).delete();
assertEquals(Status.OK.getStatusCode(), result.getStatus());
assertNotNull(loginResult);
LogoutResult logoutResult = result.readEntity(LogoutResult.class);
JsonObject logoutResult = new JsonParser().parse(result.readEntity(String.class)).getAsJsonObject();
assertNotNull(logoutResult);
assertNull(logoutResult.getMsg());
}
@Test
public void shouldUseRequestedLanguage() {
// login
Login login = new Login();
login.setUsername("jill");
login.setPassword("jill".getBytes());
Entity<Login> loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON);
Builder builder = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON);
builder = builder.acceptLanguage(Locale.ITALY);
Response result = builder.post(loginEntity);
assertEquals(Status.OK.getStatusCode(), result.getStatus());
LoginResult loginResult = result.readEntity(LoginResult.class);
assertNotNull(loginResult);
assertEquals("jill", loginResult.getUsername());
assertEquals(64, loginResult.getAuthToken().length());
assertEquals(Locale.ITALY.toString(), loginResult.getLocale());
assertNull(loginResult.getMsg());
// logout
result = target().path(ROOT_PATH + "/" + loginResult.getAuthToken()).request(MediaType.APPLICATION_JSON)
.delete();
assertEquals(Status.OK.getStatusCode(), result.getStatus());
assertNotNull(loginResult);
LogoutResult logoutResult = result.readEntity(LogoutResult.class);
assertNotNull(logoutResult);
assertNull(logoutResult.getMsg());
assertEquals("jill has been logged out.", logoutResult.get("msg").getAsString());
}
@Test
public void shouldNotAuthenticate() {
// login
Login login = new Login();
login.setUsername("admin");
login.setPassword("blalba".getBytes());
Entity<Login> loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON);
Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(loginEntity);
assertEquals(Status.FORBIDDEN.getStatusCode(), result.getStatus());
LogoutResult logoutResult = result.readEntity(LogoutResult.class);
assertNotNull(logoutResult);
assertEquals("Could not log in due to: Authentication credentials are invalid", logoutResult.getMsg());
JsonObject login = new JsonObject();
login.addProperty("username", "jill");
login.addProperty("password", Base64.getEncoder().encodeToString("blabla".getBytes()));
Entity<String> entity = Entity.entity(login.toString(), MediaType.APPLICATION_JSON);
Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(entity);
assertEquals(Status.UNAUTHORIZED.getStatusCode(), result.getStatus());
}
@Test
public void shouldFailLogoutIllegalSession() {
// login
Login login = new Login();
login.setUsername("jill");
login.setPassword("jill".getBytes());
Entity<Login> loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON);
Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(loginEntity);
JsonObject login = new JsonObject();
login.addProperty("username", "jill");
login.addProperty("password", Base64.getEncoder().encodeToString("jill".getBytes()));
Entity<String> entity = Entity.entity(login.toString(), MediaType.APPLICATION_JSON);
Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(entity);
assertEquals(Status.OK.getStatusCode(), result.getStatus());
LoginResult loginResult = result.readEntity(LoginResult.class);
JsonObject loginResult = new JsonParser().parse(result.readEntity(String.class)).getAsJsonObject();
assertNotNull(loginResult);
assertEquals("jill", loginResult.getUsername());
assertEquals(64, loginResult.getAuthToken().length());
assertNull(loginResult.getMsg());
assertEquals("jill", loginResult.get("username").getAsString());
assertEquals(64, loginResult.get("authToken").getAsString().length());
assertNull(loginResult.get("msg"));
// logout
result = target().path(ROOT_PATH + "/blabla").request(MediaType.APPLICATION_JSON).delete();
assertEquals(Status.FORBIDDEN.getStatusCode(), result.getStatus());
LogoutResult logoutResult = result.readEntity(LogoutResult.class);
assertNotNull(logoutResult);
assertThat(logoutResult.getMsg(), containsString("No certificate exists for sessionId blabla"));
assertEquals(Status.UNAUTHORIZED.getStatusCode(), result.getStatus());
}
}