Implemented OAuth2 (not yet with Hub)

pom.xml

@@ -284,7 +284,24 @@
             <version>2.3.1</version>
         </dependency>
 
-
+<!--        OAuth dependencies-->
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+            <version>0.12.3</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>0.12.3</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId> <!-- or jjwt-gson if Gson is preferred -->
+            <version>0.12.3</version>
+            <scope>runtime</scope>
+        </dependency>
     </dependencies>
 
     <properties>

src/main/java/cz/hsrs/core/ApplicationInfo.java

@@ -11,11 +11,14 @@ public final class ApplicationInfo {
     private static final Logger logger = Logger.getLogger(ApplicationInfo.class.getSimpleName());
 
     private static final long startAppEpoch;
-    private static final Properties properties;
+    private static final Properties buildProps;
+
+    private static final GlobalProperties globProps;
 
     static {
         startAppEpoch = System.currentTimeMillis();
-        properties = loadVersionProperties("version.txt");
+        buildProps = loadVersionProperties("version.txt");
+        globProps = new GlobalProperties(loadVersionProperties("global.properties"));
     }
 
     private static Properties loadVersionProperties(String fileName) {
@@ -40,10 +43,48 @@ public final class ApplicationInfo {
     }
 
     public static String appVersion() {
-        return properties.getProperty("version", "unknown");
+        return buildProps.getProperty("version", "unknown");
     }
 
     public static String buildVersion() {
-        return properties.getProperty("build.date", "unknown");
+        return buildProps.getProperty("build.date", "unknown");
+    }
+
+    public static GlobalProperties globalProperties() {
+        return globProps;
+    }
+
+    public static class GlobalProperties {
+        private final Properties props;
+
+        private GlobalProperties(Properties props) {
+            this.props = props;
+        }
+
+        public String keyStonePath() {
+            return props.getProperty("keystone.path");
+        }
+
+        public String keyStonePass() {
+            return props.getProperty("keystone.password");
+        }
+
+        public String authCertAlias() {
+            return props.getProperty("keystone.certificate.alias");
+        }
+
+        public String authType() {
+            return props.getProperty("auth.type");
+        }
+
+        public String[] permissions() {
+            String name = props.getProperty("access.permission.name");
+            String[] scopes = props.getProperty("access.permission.scopes").split("\\s");
+            String[] res = new String[scopes.length];
+            for (int i = 0; i < res.length; i++) {
+                res[i] = name+":"+scopes[i];
+            }
+            return res;
+        }
     }
 }

src/main/java/cz/hsrs/rest/provider/GroupRest.java

@@ -0,0 +1,36 @@
+package cz.hsrs.rest.provider;
+
+import cz.hsrs.rest.util.GroupRestUtil;
+import net.sf.json.JSONArray;
+import net.sf.json.JSONObject;
+import org.mortbay.jetty.HttpStatus;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+
+@Path("/manage/group")
+public class GroupRest {
+
+    @GET @Path("/all")
+    @Produces(MediaType.APPLICATION_JSON)
+    public Response getAll(@Context HttpServletRequest req) {
+        // check if 'userId' is Admin
+        String userId = req.getAttribute("userId").toString();
+
+        try {
+            JSONArray allGroups = GroupRestUtil.getAllGroups();
+            return Response.ok().entity(allGroups).build();
+        } catch (RuntimeException e) {
+            int code = HttpStatus.ORDINAL_500_Internal_Server_Error;
+            return Response.status(code).entity(new JSONObject()
+                            .element("code", code)
+                            .element("message", e.getMessage())
+                    ).build();
+        }
+    }
+}

src/main/java/cz/hsrs/rest/provider/InfoRest.java

@@ -9,13 +9,16 @@ import javax.ws.rs.Produces;
 import javax.ws.rs.core.Response;
 import java.util.concurrent.TimeUnit;
 
-import static cz.hsrs.core.ApplicationInfo.appVersion;
-import static cz.hsrs.core.ApplicationInfo.buildVersion;
+import static cz.hsrs.core.ApplicationInfo.*;
 import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
 
 @Path("/info")
 public class InfoRest {
 
+    private enum AuthType {
+        OAUTH, LOCAL_AUTH
+    }
+
     @GET @Produces(APPLICATION_JSON)
     public Response getOverallInfo() {
         long uptimeMillis = ApplicationInfo.uptime();
@@ -23,14 +26,13 @@ public class InfoRest {
                 TimeUnit.MILLISECONDS.toMinutes(uptimeMillis),
                 TimeUnit.MILLISECONDS.toSeconds(uptimeMillis) - TimeUnit.MINUTES.toSeconds(TimeUnit.MILLISECONDS.toMinutes(uptimeMillis))
         );
+        AuthType authType = AuthType.valueOf(globalProperties().authType());
         JSONObject jsonObject = new JSONObject();
         jsonObject.put("uptime", uptime);
         jsonObject.put("appVersion", appVersion());
         jsonObject.put("buildVersion", buildVersion());
+        jsonObject.put("authType", authType.name());
 
-        return Response
-                .status(200)
-                .entity(jsonObject.toString())
-                .build();
+        return Response.ok().entity(jsonObject).build();
     }
 }

src/main/java/cz/hsrs/rest/provider/ObservationRest.java

@@ -24,6 +24,8 @@ import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
+import cz.hsrs.rest.beans.UserBean;
+import cz.hsrs.rest.util.UserRestUtil;
 import org.mortbay.jetty.HttpStatus;
 
 import cz.hsrs.db.util.ExportUtil;
@@ -39,7 +41,7 @@ import net.sf.json.JSONObject;
  * @author mkepka
  *
  */
-@Path("/observation/")
+@Path("/data/observation")
 public class ObservationRest {
     
     public static Logger logger = Logger.getLogger("ObservationRest");
@@ -62,8 +64,7 @@ public class ObservationRest {
      * /rest/observation/export?group_id=25&sensor_id=340340092&month_of_year=4&year=2021&style=timeseries
      * 
      */
-    @Path("/export")
-    @GET
+    @GET @Path("/export")
     public Response getObservationsCrossTab(
             @QueryParam(ParamsList.SENSOR_ID) Long sensorId,
             @QueryParam(ParamsList.UNIT_ID) String unitIds,
@@ -76,9 +77,9 @@ public class ObservationRest {
             @DefaultValue("true") @QueryParam("nullable") Boolean nullable,
             @Context HttpServletRequest req) {
         try {
-            LoginUser loggedUser = AuthUtil.getAuthenticatedLoginUser(req);
+            String userId = req.getAttribute("userId").toString();
             if(groupId == null) {
-                groupId = UserUtil.getUserGroupId(loggedUser.getUserName());
+                groupId = UserUtil.getUserGroupId(userId);
             }
             if (groupId == null) {
                 return Response.status(HttpStatus.ORDINAL_400_Bad_Request)
@@ -144,16 +145,10 @@ public class ObservationRest {
             return Response.status(HttpStatus.ORDINAL_500_Internal_Server_Error)
                     .entity(new ExceptionBean(e.getClass().getName(), e.getLocalizedMessage()))
                     .build();
-        } catch (AuthenticationException e) {
-        	return Response.status(HttpStatus.ORDINAL_401_Unauthorized)
-                    .entity(new ExceptionBean(e.getClass().getName(), e.getMessage()))
-                    .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON)
-                    .build();
-		}
+        }
     }
-    
-    @Path("/exportstyle")
-    @GET
+
+    @GET @Path("/exportstyle")
     @Produces(MediaType.APPLICATION_JSON)
     public Response getExportStyles() {
     	JSONArray arr = new JSONArray();

src/main/java/cz/hsrs/rest/provider/TrackRest.java

@@ -27,7 +27,7 @@ import cz.hsrs.rest.util.TrackRestUtil;
  * @author mkepka
  *
  */
-@Path("/track/")
+@Path("/data/track/")
 public class TrackRest {
 
 	public static Logger logger = Logger.getLogger("TrackRest");
@@ -43,24 +43,15 @@ public class TrackRest {
 	 * /rest/track/dates?group_name=
 	 * /rest/track/dates?group_id=
 	 * /rest/track/dates?unit_id=
-	 * 
-	 * @param unitIds
-	 * @param groupId
-	 * @param req
-	 * @return
 	 */
-	@Path("/dates")
-    @GET
+    @GET @Path("/dates")
 	public Response getDatesOfTracks(
 			@QueryParam(ParamsList.UNIT_ID) String unitIds,
 			@QueryParam(ParamsList.GROUP_ID) Integer groupId,
 			@QueryParam(ParamsList.GROUP_NAME) String groupName,
-			@Context HttpServletRequest req){
+			@Context HttpServletRequest req)
+	{
 		try {
-			//LoginUser loggedUser = AuthUtil.getAuthenticatedLoginUser(req);
-			if(groupId == null) {
-				//groupId = UserUtil.getUserGroupId(loggedUser.getUserName());
-			}
 			String jsonTimes;
 			if(unitIds!= null && !unitIds.isEmpty()){
 				jsonTimes = TrackRestUtil.getDatesByUnits(unitIds);
@@ -94,23 +85,16 @@ public class TrackRest {
 	/**
 	 * /rest/track/points
 	 * /rest/track/points?unit_id=352625691996753&from_time=2022-03-19 10:00:00&to_time=2022-03-29 12:00:00
-	 * @param unitId
-	 * @param fromTime
-	 * @param toTime
-	 * @param req
-	 * @return
 	 */
-	@Path("/points")
-    @GET
+    @GET @Path("/points")
 	public Response getPointsOfTrack(
 			@QueryParam(ParamsList.UNIT_ID) Long unitId,
 			@QueryParam(ParamsList.SENSOR_ID) String sensorIds,
 			@QueryParam(ParamsList.FROM_TIME) String fromTime,
 			@QueryParam(ParamsList.TO_TIME) String toTime,
-			@Context HttpServletRequest req){
+			@Context HttpServletRequest req)
+	{
 		try {
-			//LoginUser loggedUser = AuthUtil.getAuthenticatedLoginUser(req);
-
 			if(fromTime != null && toTime != null) {
 				long weekInMilis = (7*24*60*60*1000);
 				if((DateUtil.parseTimestamp(toTime).getTime() - DateUtil.parseTimestamp(fromTime).getTime()) <= weekInMilis) {
@@ -141,12 +125,8 @@ public class TrackRest {
                 .build();
 		} catch (ParseException e) {
 			return Response.status(HttpStatus.ORDINAL_400_Bad_Request)
-	                .entity(new ExceptionBean(e.getClass().getName(), e.getLocalizedMessage()))
-	                .build();
-		}/* catch (AuthenticationException e) {
-        	return Response.status(HttpStatus.ORDINAL_401_Unauthorized)
-                    .entity(new ExceptionBean(e.getClass().getName(), e.getLocalizedMessage()))
-                    .build();
-		}*/
+					.entity(new ExceptionBean(e.getClass().getName(), e.getLocalizedMessage()))
+					.build();
+		}
 	}
 }

src/main/java/cz/hsrs/rest/provider/UserRest.java

@@ -3,19 +3,24 @@
  */
 package cz.hsrs.rest.provider;
 
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
 import java.sql.SQLException;
 
 import javax.naming.AuthenticationException;
 import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
+import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
+import io.jsonwebtoken.*;
 import org.mortbay.jetty.HttpStatus;
 
 import cz.hsrs.db.model.NoItemFoundException;
@@ -27,50 +32,118 @@ import cz.hsrs.rest.util.UserRestUtil;
 import cz.hsrs.servlet.security.LoginUser;
 import net.sf.json.JSONObject;
 
+import static cz.hsrs.core.ApplicationInfo.globalProperties;
+
 /**
  * @author mkepka
  *
  */
-@Path("/user")
+@Path("/manage/user")
 public class UserRest {
-    
-    /**
-     * Empty constructor
-     */
-    public UserRest() {
+
+    private static final String KEYSTORE_PATH = globalProperties().keyStonePath();
+    private static final String KEYSTORE_PASS = globalProperties().keyStonePass();
+    private static final String CERT_ALIAS = globalProperties().authCertAlias();
+
+    private static JwtParser jwtParser;
+
+    static {
+        try {
+            FileInputStream is = new FileInputStream(KEYSTORE_PATH);
+            KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
+            keystore.load(is, KEYSTORE_PASS.toCharArray());
+
+            Certificate cer = keystore.getCertificate(CERT_ALIAS);
+
+            PublicKey publicKey = cer.getPublicKey();
+            jwtParser = Jwts.parser().verifyWith(publicKey).build();
+        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
+            System.err.println(e.getMessage());
+        }
+    }
+
+    @POST @Path("/new")
+    @Produces(MediaType.APPLICATION_JSON)
+    @Consumes(MediaType.APPLICATION_JSON)
+    public Response insertNewUser(JSONObject jsonBody, @Context HttpServletRequest req) {
+        UserBean user;
+        try {
+            String userId = req.getAttribute("userId").toString();
+            user = UserRestUtil.getUser(userId);
+        } catch (SQLException e) {
+            int code = HttpStatus.ORDINAL_500_Internal_Server_Error;
+            return Response.status(code)
+                    .entity(new JSONObject()
+                            .element("code", code)
+                            .element("message", e.getMessage())
+                    ).build();
+        }
+
+        if (user.rightsId != 0) {
+            int code = HttpStatus.ORDINAL_403_Forbidden;
+            return Response.status(code)
+                    .entity(new JSONObject()
+                            .element("code", code)
+                            .element("message", "Not enough rights!")
+                    ).build();
+        }
+
+        Claims claims;
+        try {
+            String profileRaw = jsonBody.getString("profile");
+            Jwt<JwsHeader, Claims> jwt = jwtParser.parseSignedClaims(profileRaw);
+            claims = jwt.getPayload();
+        } catch (RuntimeException e) {
+            int code = HttpStatus.ORDINAL_500_Internal_Server_Error;
+            return Response.status(code)
+                    .entity(new JSONObject()
+                            .element("code", code)
+                            .element("message", e.getMessage())
+                    ).build();
+        }
+
+        String username = claims.get("nickname", String.class);
+        String fullName = claims.get("name", String.class);
+
+        int groupId = jsonBody.getInt("groupId");
+
+        try {
+            UserRestUtil.saveUser(new UserBean(-1, username, fullName, groupId, 1));
+            return Response.ok().build();
+        } catch (SQLException e) {
+            int code = HttpStatus.ORDINAL_500_Internal_Server_Error;
+            return Response.status(code)
+                    .entity(new JSONObject()
+                            .element("code", code)
+                            .element("message", e.getMessage())
+                    ).build();
+        }
     }
     
     /**
      * Method for getting user details
-     * URL: /rest/user
-     * @param req
-     * @return
+     * URL: /manage/user
      */
     @GET
     @Produces(MediaType.APPLICATION_JSON)
     public Response getUser(@Context HttpServletRequest req) {
         try {
-            LoginUser loggedUser = AuthUtil.getAuthenticatedLoginUser(req);
-            UserBean userDetails = UserRestUtil.getUser(loggedUser.getUserName());
-            return Response.ok().entity(userDetails)
-                    .build();
-        } catch (AuthenticationException e1) {
-            return Response.status(HttpStatus.ORDINAL_401_Unauthorized)
-                    .entity(new ExceptionBean(e1.getClass().getName(), "Authentication failure for request!"))
-                    .build();
+            String userId = req.getAttribute("userId").toString();
+            UserBean user = UserRestUtil.getUser(userId);
+            return Response.ok().entity(user).build();
         } catch (SQLException e) {
-            return Response.status(HttpStatus.ORDINAL_500_Internal_Server_Error)
-                    .entity(new ExceptionBean(e.getClass().getName(), e.getLocalizedMessage()))
-                    .build();
+            int code = HttpStatus.ORDINAL_500_Internal_Server_Error;
+            return Response.status(code)
+                    .entity(new JSONObject()
+                            .element("code", code)
+                            .element("message", e.getMessage())
+                    ).build();
         }
     }
     
     /**
      * Method for inserting user
-     * URL: /rest/user
-     * @param userJSON
-     * @param req
-     * @return
+     * URL: /api/manage/user
      */
     @POST
     @Consumes(MediaType.APPLICATION_JSON)
@@ -85,28 +158,22 @@ public class UserRest {
                             userJSON.getString("userRealName"),
                             userJSON.getInt("groupId"),
                             userJSON.getInt("rightsId"));
-            		return Response.ok()
-                            .build();
+            		return Response.ok().build();
             	} else {
                     return Response.status(HttpStatus.ORDINAL_409_Conflict)
-                            .entity(new ExceptionBean("Exception", "User with given name cannot be created!"))
-                            .build();
+                            .entity(new ExceptionBean("Exception", "User with given name cannot be created!")).build();
             	}
-            
             }
             else {
                 return Response.status(HttpStatus.ORDINAL_403_Forbidden)
-                        .entity(new ExceptionBean("AuthenticationException", "Not enough rights!"))
-                        .build();
+                        .entity(new ExceptionBean("AuthenticationException", "Not enough rights!")).build();
             }
         } catch (AuthenticationException e1) {
             return Response.status(HttpStatus.ORDINAL_401_Unauthorized)
-                    .entity(new ExceptionBean(e1.getClass().getName(), "Authentication failure for request!"))
-                    .build();
+                    .entity(new ExceptionBean(e1.getClass().getName(), "Authentication failure for request!")).build();
         } catch (SQLException e) {
             return Response.status(HttpStatus.ORDINAL_500_Internal_Server_Error)
-            		.entity(new ExceptionBean(e.getClass().getName(), e.getLocalizedMessage()))
-                    .build();
+            		.entity(new ExceptionBean(e.getClass().getName(), e.getLocalizedMessage())).build();
         }
     }
     
@@ -115,7 +182,6 @@ public class UserRest {
      * @param userName - name of user
      * @return true if userName is already used
      * 			false if userName is not used
-     * @throws SQLException
      */
     private boolean checkDuplicity(String userName) throws SQLException {
 		UserUtil uUtil = new UserUtil();
@@ -131,28 +197,20 @@ public class UserRest {
 
 	/**
      * 
-     * URL: /rest/user/rights
-     * @param req
-     * @return
+     * URL: /api/manage/user/rights
      */
-    @Path("/rights")
-    @GET
+    @GET @Path("/rights")
     @Produces(MediaType.APPLICATION_JSON)
     public Response getRights(@Context HttpServletRequest req) {
         try {
-            
             AuthUtil.getAuthenticatedLoginUser(req);
-            
-            return Response.ok(UserRestUtil.getAllRights())
-                    .build();
+            return Response.ok(UserRestUtil.getAllRights()).build();
         } catch (AuthenticationException e) {
             return Response.status(HttpStatus.ORDINAL_401_Unauthorized)
-                    .entity(new ExceptionBean(e.getClass().getName(), "Authentication failure for request!"))
-                    .build();
+                    .entity(new ExceptionBean(e.getClass().getName(), "Authentication failure for request!")).build();
         } catch (SQLException e) {
             return Response.status(HttpStatus.ORDINAL_500_Internal_Server_Error)
-                    .entity(new ExceptionBean(e.getClass().getName(), e.getLocalizedMessage()))
-                    .build();
+                    .entity(new ExceptionBean(e.getClass().getName(), e.getLocalizedMessage())).build();
         }
     }
 }

src/main/java/cz/hsrs/rest/provider/WatchDogRest.java

@@ -13,6 +13,7 @@ import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
+import net.sf.json.JSONObject;
 import org.mortbay.jetty.HttpStatus;
 
 import cz.hsrs.rest.ParamsList;
@@ -30,37 +31,25 @@ import cz.hsrs.servlet.security.LoginUser;
  * @author mkepka
  *
  */
-@Path("/watchdog")
+@Path("/data/watchdog")
 public class WatchDogRest {
 
-	/**
-	 * Empty constructor
-	 */
-	public WatchDogRest() {
-	}
-
-	/**
-	 * Test service for validating DB connection. It returns user details for logged user.
-	 * @param req
-	 * @return
-	 */
-	@Path("/test")
-	@GET
+	/** Test service for validating DB connection. It returns user details for logged user. */
+	@GET @Path("/test")
 	@Produces(MediaType.APPLICATION_JSON)
 	public Response testDB(@Context HttpServletRequest req) {
 		try {
-            LoginUser loggedUser = AuthUtil.getAuthenticatedLoginUser(req);
-            UserBean userDetails = UserRestUtil.getUser(loggedUser.getUserName());
+            String userId = req.getAttribute("userId").toString();
+            UserBean userDetails = UserRestUtil.getUser(userId);
             return Response.ok().entity(userDetails)
                     .build();
-        } catch (AuthenticationException e1) {
-            return Response.status(HttpStatus.ORDINAL_401_Unauthorized)
-                    .entity(new ExceptionBean(e1.getClass().getName(), "Authentication failure for request!"))
-                    .build();
         } catch (SQLException e) {
-            return Response.status(HttpStatus.ORDINAL_500_Internal_Server_Error)
-                    .entity(new ExceptionBean(e.getClass().getName(), e.getLocalizedMessage()))
-                    .build();
+			int code = HttpStatus.ORDINAL_500_Internal_Server_Error;
+			return Response.status(code)
+					.entity(new JSONObject()
+							.element("code", code)
+							.element("message", e.getMessage())
+					).build();
         }
 	}
 	/**
@@ -72,104 +61,110 @@ public class WatchDogRest {
 	 * @param req HTTPRequest contains logged user session
 	 * @return List of observations timestamps
 	 */
-	@Path("/group/")
-	@GET
+	@GET @Path("/group/")
 	@Produces(MediaType.APPLICATION_JSON)
-	public Response getLastTimestampsPerGroup(@QueryParam(ParamsList.GROUP_ID) Integer groupId,
-											  @QueryParam(ParamsList.GROUP_NAME) String groupName,
-											  @Context HttpServletRequest req) {
+	public Response getLastTimestampsPerGroup(
+			@QueryParam(ParamsList.GROUP_ID) Integer groupId,
+			@QueryParam(ParamsList.GROUP_NAME) String groupName,
+			@Context HttpServletRequest req)
+	{
 		try {
-			LoginUser loggedUser = AuthUtil.getAuthenticatedLoginUser(req);
-			
+			UserBean user = UserRestUtil.getUser(req.getAttribute("userId").toString());
+
 			/* to check last values needs to have superuser rights */
-			if(loggedUser.getRightsId() < 0) {
+			if(user.rightsId < 0) {
 				List<LastObsTimestampBean> obsList = ObservationRestUtil.getLastTimestampPerGroup(groupName, groupId);
 				return Response.ok().entity(obsList)
 	                    .build();
+			} else {
+				int code = HttpStatus.ORDINAL_403_Forbidden;
+				return Response.status(code)
+						.entity(new JSONObject()
+								.element("code", code)
+								.element("message", "Not enough rights!")
+						).build();
 			}
-			else {
-				throw new AuthenticationException();
-			}
-		} catch (AuthenticationException e1) {
-            return Response.status(HttpStatus.ORDINAL_401_Unauthorized)
-                    .entity(new ExceptionBean(e1.getClass().getName(), "Authentication failure for request!"))
-                    .build();
 		} catch (SQLException e) {
-            return Response.status(HttpStatus.ORDINAL_500_Internal_Server_Error)
-                    .entity(new ExceptionBean(e.getClass().getName(), e.getLocalizedMessage()))
-                    .build();
-        }
+			int code = HttpStatus.ORDINAL_500_Internal_Server_Error;
+			return Response.status(code)
+					.entity(new JSONObject()
+							.element("code", code)
+							.element("message", e.getMessage())
+					).build();
+		}
 	}
 	
 	/**
 	 * Service provides list of observation last time stamps for given unit or list of units
 	 * e.g.: /rest/watchdog/unit?unit_id=1305167549144045 
 	 * e.g.: /rest/watchdog/unit?unit_id=1305167549144045,1305167549149707
-	 * @param unitId
-	 * @param req
-	 * @return
 	 */
-	@Path("/unit/")
-	@GET
+	@GET @Path("/unit/")
 	@Produces(MediaType.APPLICATION_JSON)
-	public Response getLastTimestampsPerUnit(@QueryParam(ParamsList.UNIT_ID) String unitId,
-										     @Context HttpServletRequest req) {
+	public Response getLastTimestampsPerUnit(
+			@QueryParam(ParamsList.UNIT_ID) String unitId,
+			@Context HttpServletRequest req
+	) {
 		try {
-			LoginUser loggedUser = AuthUtil.getAuthenticatedLoginUser(req);
-			
+			UserBean user = UserRestUtil.getUser(req.getAttribute("userId").toString());
+
 			/* to check last values needs to have superuser rights */
-			if(loggedUser.getRightsId() < 0) {
+			if(user.rightsId < 0) {
 				List<LastObsTimestampBean> obsList = ObservationRestUtil.getLastTimestampPerUnit(unitId);
 				return Response.ok().entity(obsList)
 	                    .build();
+			} else {
+				int code = HttpStatus.ORDINAL_403_Forbidden;
+				return Response.status(code)
+						.entity(new JSONObject()
+								.element("code", code)
+								.element("message", "Not enough rights!")
+						).build();
 			}
-			else {
-				throw new AuthenticationException();
-			}
-		} catch (AuthenticationException e1) {
-            return Response.status(HttpStatus.ORDINAL_401_Unauthorized)
-                    .entity(new ExceptionBean(e1.getClass().getName(), "Authentication failure for request!"))
-                    .build();
 		} catch (SQLException e) {
-            return Response.status(HttpStatus.ORDINAL_500_Internal_Server_Error)
-                    .entity(new ExceptionBean(e.getClass().getName(), e.getLocalizedMessage()))
-                    .build();
-        }
+			int code = HttpStatus.ORDINAL_500_Internal_Server_Error;
+			return Response.status(code)
+					.entity(new JSONObject()
+							.element("code", code)
+							.element("message", e.getMessage())
+					).build();
+		}
 	}
 	
 	/**
 	 * Service provides list of observation last time stamps for given sensor or list of sensors
 	 * e.g.: /rest/watchdog/sensor?sensor_id=560030000
 	 * e.g.: /rest/watchdog/sensor?sensor_id=560030000,360200000
-	 * @param sensorId
-	 * @param req
-	 * @return
 	 */
-	@Path("/sensor/")
-	@GET
+	@GET @Path("/sensor/")
 	@Produces(MediaType.APPLICATION_JSON)
-	public Response getLastTimestampsPerSensor(@QueryParam(ParamsList.SENSOR_ID) String sensorId,
-										     @Context HttpServletRequest req) {
+	public Response getLastTimestampsPerSensor(
+			@QueryParam(ParamsList.SENSOR_ID) String sensorId,
+			@Context HttpServletRequest req
+	) {
 		try {
-			LoginUser loggedUser = AuthUtil.getAuthenticatedLoginUser(req);
+			UserBean user = UserRestUtil.getUser(req.getAttribute("userId").toString());
 			
 			/* to check last values needs to have superuser rights */
-			if(loggedUser.getRightsId() < 0) {
+			if(user.rightsId < 0) {
 				List<LastObsTimestampBean> obsList = ObservationRestUtil.getLastTimestampPerSensor(sensorId);
 				return Response.ok().entity(obsList)
 	                    .build();
+			} else {
+				int code = HttpStatus.ORDINAL_403_Forbidden;
+				return Response.status(code)
+						.entity(new JSONObject()
+								.element("code", code)
+								.element("message", "Not enough rights!")
+						).build();
 			}
-			else {
-				throw new AuthenticationException();
-			}
-		} catch (AuthenticationException e1) {
-            return Response.status(HttpStatus.ORDINAL_401_Unauthorized)
-                    .entity(new ExceptionBean(e1.getClass().getName(), "Authentication failure for request!"))
-                    .build();
 		} catch (SQLException e) {
-            return Response.status(HttpStatus.ORDINAL_500_Internal_Server_Error)
-                    .entity(new ExceptionBean(e.getClass().getName(), e.getLocalizedMessage()))
-                    .build();
+			int code = HttpStatus.ORDINAL_500_Internal_Server_Error;
+			return Response.status(code)
+					.entity(new JSONObject()
+							.element("code", code)
+							.element("message", e.getMessage())
+					).build();
         }
 	}
 }

src/main/java/cz/hsrs/rest/util/GroupRestUtil.java

@@ -0,0 +1,30 @@
+package cz.hsrs.rest.util;
+
+import cz.hsrs.db.pool.SQLExecutor;
+import cz.hsrs.rest.beans.UserBean;
+import net.sf.json.JSONArray;
+import net.sf.json.JSONObject;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+public class GroupRestUtil {
+
+    public static JSONArray getAllGroups() {
+        String query = "SELECT id, group_name FROM public.groups;";
+        try(ResultSet res = SQLExecutor.getInstance().executeQuery(query)) {
+            JSONArray groups = new JSONArray();
+            if (res != null) {
+                while (res.next()) {
+                    groups.add(new JSONObject()
+                            .element("id", res.getInt("id"))
+                            .element("group_name", res.getString("group_name"))
+                    );
+                }
+            }
+            return groups;
+        } catch (SQLException e) {
+            throw new RuntimeException(e.getMessage());
+        }
+    }
+}

src/main/java/cz/hsrs/rest/util/UserRestUtil.java

@@ -11,12 +11,12 @@ import cz.hsrs.rest.beans.UserBean;
 
 public class UserRestUtil {
 
-	/**
-	 * 
-	 * @param userName
-	 * @return
-	 * @throws SQLException
-	 */
+	public static void saveUser(UserBean newUser) throws SQLException {
+		String query = String.format("INSERT INTO public.system_users(user_name, user_real_name, group_id, rights_id) VALUES('%s', '%s', %d, %d)",
+				newUser.userName, newUser.userRealName, newUser.groupId, newUser.rightsId);
+		SQLExecutor.executeUpdate(query);
+	}
+
 	public static UserBean getUser(String userName) throws SQLException {
 		String query = "SELECT * FROM system_users WHERE user_name = '"+userName+"';";
 		ResultSet res = SQLExecutor.getInstance().executeQuery(query);

src/main/java/cz/hsrs/servlet/provider/AlertService.java

@@ -40,27 +40,21 @@ public class AlertService extends DBServlet{
     }
     
     protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-        super.doGet(request, response);
+        request.setCharacterEncoding("UTF-8");
+        response.setCharacterEncoding("UTF-8");
 
-        RequestParameters params = new RequestParameters(request);
-        
-        /* session authentication method */
-        try {
-            getAuthenticatedLoginUser(request);
-        } catch (AuthenticationException e1) {
-            throw new ServletException("Authentication failure for request "+ request.getQueryString());
-        }
-        
         response.addHeader("Access-Control-Allow-Origin", "*");
+
+        RequestParameters params = new RequestParameters(request);
         PrintWriter out = response.getWriter();
         try {
         	/* GetAlerts request */
             if (request.getParameter(ServiceParameters.OPERATION).equals(GET_ALERTS)) {
-                DBJsonUtils.writeJSON(out, db.alertUtil.getAlerts(params.getUnitId()));
+                DBJsonUtils.writeJSON(out, db.alertUtil.getAlerts(params.unitId));
             }
             /* GetAlertEventsByTime request */
             else if (request.getParameter(ServiceParameters.OPERATION).equals(GET_ALERT_EVENTS_BY_TIME)) {
-                List<AlertEvent> events = db.alertUtil.getAlertEventsByTime(params.getUnitId(), params.from, params.to);
+                List<AlertEvent> events = db.alertUtil.getAlertEventsByTime(params.unitId, params.from, params.to);
                 DBJsonUtils.writeJSON(out, events);
             } else {
                 throw new ServletException("Wrong request "+request.getQueryString());
@@ -81,9 +75,5 @@ public class AlertService extends DBServlet{
             this.from = request.getParameter("from");
             this.to = request.getParameter("to");
         }
-
-        public long getUnitId() {
-            return unitId;
-        }
     }
 }

src/main/java/cz/hsrs/servlet/provider/AnalystService.java

@@ -52,8 +52,6 @@ public class AnalystService extends DBServlet{
     
     @Override
     protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-        super.doGet(request, response);
-        
         /* 
          * AnalystService?Operation=GetWorkOnSites&user=telemetry&unit_id=356173060289134&date=2015-11-13
          * AnalystService?Operation=GetWorkOnSites&user=telemetry&unit_id=356173060289134&from=2015-11-13&to=2015-11-15
@@ -88,28 +86,15 @@ public class AnalystService extends DBServlet{
          * AnalystService?Operation=GetManagementZoneGeomByPoint&user=telemetry&point=1942324.5738307,6365182.80917219
          * 
          */
-        
-        /*
-         * For FarmTelemetry purpose only temporary authentication
-         * */
-        RequestParameters params = new RequestParameters(request);
-        String user = params.getUsername();
-        if(user == null){
-            throw new ServletException("Authentication fairlure for request "+ request.getQueryString());
-        }
-        else{
-            try {
-                String testLang = db.userUtil.getUserLanguage(user);
-                if(testLang.isEmpty()){
-                    throw new ServletException("Authentication fairlure for request "+ request.getQueryString());
-                }
-            } catch (SQLException | NoItemFoundException e1) {
-                throw new ServletException("Authentication fairlure for request "+ request.getQueryString());
-            }
-        }
+
+        request.setCharacterEncoding("UTF-8");
+        response.setCharacterEncoding("UTF-8");
         response.addHeader("Access-Control-Allow-Origin", "*");
         response.setContentType("application/json; charset=UTF-8");
 
+        RequestParameters params = new RequestParameters(request);
+        String user = request.getAttribute("userId").toString();
+
         PrintWriter out = response.getWriter();
         try{
             // request GetWorkOnSites
@@ -246,7 +231,6 @@ public class AnalystService extends DBServlet{
         private final String date;
         private final String fromDate;
         private final String toDate;
-        private final String username;
         private final String minStopDuration;
         private final String minWorkDuration;
         private final String allowedTimeOutside;
@@ -269,9 +253,6 @@ public class AnalystService extends DBServlet{
             Object toO = request.getParameter("to");
             this.toDate = toO != null ? toO.toString() : null;
 
-            Object userO = request.getParameter("user");
-            this.username = userO != null ? userO.toString() : null;
-
             Object minStopO = request.getParameter("minstop");
             this.minStopDuration = minStopO != null ? minStopO.toString() : null;
 
@@ -312,10 +293,6 @@ public class AnalystService extends DBServlet{
         public String getToDate(){
             return toDate;
         }
-        
-        public String getUsername(){
-            return username;
-        }
 
         public String getMinStopDuration() {
             return minStopDuration;
@@ -353,8 +330,8 @@ public class AnalystService extends DBServlet{
         public String toString() {
             return "RequestParameters [unit_id=" + unit_id + ", date=" + date
                          + ", fromDate=" + fromDate + ", toDate=" + toDate
-                         + ", username=" + username + ", minStopDuration="
-                         + minStopDuration + ", minWorkDuration=" + minWorkDuration
+                         + ", minStopDuration=" + minStopDuration
+                         + ", minWorkDuration=" + minWorkDuration
                          + ", allowedTimeOutside=" + allowedTimeOutside
                          + ", siteId=" + siteId + ", point=" + point + "]";
           }

src/main/java/cz/hsrs/servlet/provider/ChartServlet.java

@@ -40,7 +40,7 @@ public class ChartServlet extends HttpServlet {
 
 	private static File pngFile;
 
-		// http://localhost:8080/DBService/ChartServlet?operation=GetPNG&sensor_id=20&width=500&height=300
+		// http://localhost:8080/DBService/api/data/ChartServlet?operation=GetPNG&sensor_id=20&width=500&height=300
 
 
 	public ChartServlet() {

src/main/java/cz/hsrs/servlet/provider/DBServlet.java

@@ -53,7 +53,6 @@ public abstract class DBServlet extends HttpServlet {
             logger.log(Level.WARNING,e.getMessage(), e);
             throw new ServletException("Wrong request ", e);
         } catch (Exception e1) {
-            e.printStackTrace();
             logger.log(Level.WARNING, e.getMessage(), e);
             throw new ServletException(e);
         }
@@ -98,14 +97,6 @@ public abstract class DBServlet extends HttpServlet {
         super.init();
     }
 
-    @Override
-    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
-        // TODO Auto-generated method stub
-        req.setCharacterEncoding("UTF-8");
-        resp.setCharacterEncoding("UTF-8");
-    }
-
     protected void setDataBaseConnection() {
         String propFile = getServletContext().getRealPath("WEB-INF/database.properties");
         Properties prop = new Properties();
@@ -116,62 +107,4 @@ public abstract class DBServlet extends HttpServlet {
             logger.log(Level.SEVERE, e.getMessage(), e);
         }
     }
-
-    @Deprecated
-    protected String getAuthenticatedUser(HttpServletRequest request) throws AuthenticationException {
-        LoginUser user = ((LoginUser) request.getSession().getAttribute(JSPHelper.USERATTRIBUTE));
-        if (user == null) {
-            if (request.getRemoteHost().equals("127.0.0.1")
-                    && request.getParameter("user") != null) {
-                return request.getParameter("user");
-            } else
-                throw new AuthenticationException(
-                        "Authentication fairlure for request "
-                                + request.getQueryString());
-        }
-        if (user.isAuthenticated()) {
-            return user.getUserName();
-        } else {
-            throw new AuthenticationException(
-                    "Authentication fairlure for request "
-                            + request.getQueryString());
-        }
-    }
-
-    /**
-     * Method provides info about logged user by SessionId in HTTPRequest
-     * @param request - HTTP request containing SESSIONID
-     *
-     */
-    protected LoginUser getAuthenticatedLoginUser(HttpServletRequest request) throws AuthenticationException {
-        LoginUser user = ((LoginUser) request.getSession().getAttribute(JSPHelper.USERATTRIBUTE));
-        if(user != null){
-            if (user.isAuthenticated()) {
-                return user;
-            } else {
-                throw new AuthenticationException("Authentication failure for request " + request.getQueryString());
-            }
-        }
-        else{
-            String remoteHost = request.getRemoteHost();
-            if ((remoteHost.equals("127.0.0.1") || remoteHost.equals("localhost")) && request.getParameter("user") != null) {
-                try {
-                    UserUtil uUtil = new UserUtil();
-                    String userName = request.getParameter(JSPHelper.USERATTRIBUTE);
-                    String pass = uUtil.getUserPassword(userName);
-                    LoginUser userLocal = new LoginUser(request);
-
-                    if(userLocal.athenticate(userName, pass)){
-                        return userLocal;
-                    } else{
-                        throw new AuthenticationException("Authentication failure for request " + request.getQueryString());
-                    }
-                } catch (Exception e) {
-                    throw new AuthenticationException("Authentication failure for request " + request.getQueryString());
-                }
-            } else{
-                throw new AuthenticationException("Authentication failure for request " + request.getQueryString());
-            }
-        }
-    }
 }

src/main/java/cz/hsrs/servlet/provider/DataService.java

@@ -10,6 +10,7 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
 
 import cz.hsrs.db.DBJsonUtils;
 import cz.hsrs.db.model.UnitPosition;
@@ -57,37 +58,7 @@ public class DataService extends DBServlet {
     }
 
 
-    protected void doGet(HttpServletRequest request,
-            HttpServletResponse response) throws ServletException, IOException {
-        super.doGet(request, response);
-        RequestParameters params = new RequestParameters(request);
-        
-        /* For FarmTelemetry purpose only temporary authentication */
-/*       
-        String user = params.getUser();
-        if(user == null){
-            throw new ServletException("Authentication failure, no user specified for request: "+ request.getQueryString());
-        }
-        else{
-            try {
-                String testLang = db.userUtil.getUserLanguage(user);
-                if(testLang.isEmpty()){
-                    throw new ServletException("Authentication failure for request "+ request.getQueryString());
-                }
-            } catch (SQLException | NoItemFoundException e1) {
-                throw new ServletException("Authentication failure for request "+ request.getQueryString());
-            }
-        }
-*/
-        /* session authentication method */
-        LoginUser loggedUser;
-        try {
-            loggedUser = getAuthenticatedLoginUser(request);
-            String userName = loggedUser.getUserName();
-            params.setUser(userName);
-        } catch (AuthenticationException e1) {
-            throw new ServletException("Authentication failure for request "+ request.getQueryString());
-        }
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
 
         /* CORS Filtering */
         String originDomain = request.getHeader("origin");
@@ -96,8 +67,11 @@ public class DataService extends DBServlet {
         response.addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
         response.addHeader("Access-Control-Allow-Credentials", "true");
         response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
+
+        request.setCharacterEncoding("UTF-8");
+        response.setCharacterEncoding("UTF-8");
         
-        response.addHeader(HttpHeaders.CONTENT_TYPE, "application/json");
+        response.addHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON);
         
         /*
          * /DataService?Operation=GetUnits&user=telemetry&unit_id=356173060488215
@@ -111,36 +85,40 @@ public class DataService extends DBServlet {
          * /DataService?Operation=GetUnitsGeoJson
          */
         PrintWriter out = response.getWriter();
+
+        RequestParameters params = new RequestParameters(request);
+        String userId = request.getAttribute("userId").toString();
+
         try {
             switch (request.getParameter(ServiceParameters.OPERATION)) {
                 case GET_UNITS: {
-                    DBJsonUtils.writeJSON(out, new RealUnit(), db.userUtil.getLastPositionsByUserNameRes(params.getUser(), params.getUnitId()));
+                    DBJsonUtils.writeJSON(out, new RealUnit(), db.userUtil.getLastPositionsByUserNameRes(userId, params.getUnitId()));
                 } break;
                 case GET_TRACK: {
-                    DBJsonUtils.writeJSON(out, new UnitTrack(), db.userUtil.getTracksByUserName(params.getUser(), params.limit));
+                    DBJsonUtils.writeJSON(out, new UnitTrack(), db.userUtil.getTracksByUserName(userId, params.limit));
                 } break;
                 case GET_LAST_POSTION: {
-                    DBJsonUtils.writeJSON(out, db.userUtil.getLastPositionsByUserName(params.getUser()));
+                    DBJsonUtils.writeJSON(out, db.userUtil.getLastPositionsByUserName(userId));
                 } break;
                 case GET_LAST_POSTION_WITH_STATUS: {
-                    List<LastPosition> posList = db.userUtil.getLastPositionWithStatus(params.getUser());
+                    List<LastPosition> posList = db.userUtil.getLastPositionWithStatus(userId);
                     DBJsonUtils.writeJSON(out, posList);
                 } break;
                 case GET_RECENT_TRACK: {
-                    DBJsonUtils.writeJSON(out, new UnitTrack(), db.userUtil.getTracksByUserName(params.getUser(), 1000));
+                    DBJsonUtils.writeJSON(out, new UnitTrack(), db.userUtil.getTracksByUserName(userId, 1000));
                 } break;
                 case GET_POSITIONS: {
-                    DBJsonUtils.writeJSON(out, new UnitPosition(), db.userUtil.getPositionsByUserName(params.getUser(), params.limit));
+                    DBJsonUtils.writeJSON(out, new UnitPosition(), db.userUtil.getPositionsByUserName(userId, params.limit));
                 } break;
                 case GET_POSITIONS_RANGE: {
-                    DBJsonUtils.writeJSON(out, new UnitPositionSimple(), db.userUtil.getPositionsTimeRangeByUserName(params.getUser(), params.fromTime, params.toTime, params.getUnitId(), params.getOrdering()));
+                    DBJsonUtils.writeJSON(out, new UnitPositionSimple(), db.userUtil.getPositionsTimeRangeByUserName(userId, params.fromTime, params.toTime, params.getUnitId(), params.getOrdering()));
                 } break;
                 case GET_UNITS_LIST: {
-                    DBJsonUtils.writeJSON(out, db.userUtil.getUnitsByUser(params.getUser()));
+                    DBJsonUtils.writeJSON(out, db.userUtil.getUnitsByUser(userId));
                 } break;
                 case GET_UNITS_GEOJSON:{
-                	out.write(UserUtil.getUnitsGeoJson(params.getUser()));
-                	//DBJsonUtils.writeJSON(out, UserUtil.getUnitsGeoJson(params.getUser()));
+                	out.write(UserUtil.getUnitsGeoJson(userId));
+                	//DBJsonUtils.writeJSON(out, UserUtil.getUnitsGeoJson(userId));
                 } break;
                 case GET_UNIT_TYPES:{
                 	out.write(UnitUtil.getUnitTypes());
@@ -180,10 +158,6 @@ public class DataService extends DBServlet {
         private String ordering;
 
         RequestParameters(HttpServletRequest request) throws NullPointerException{
-            Object userO = request.getParameter("user");
-            if(userO != null){
-                user = userO.toString();
-            }
             Object limO = request.getParameter("limit");
             if (limO != null) {
                 limit = Integer.parseInt(limO.toString());
@@ -219,10 +193,6 @@ public class DataService extends DBServlet {
         public void setUnitId(long unitId) {
             this.unitId = unitId;
         }
-        
-        public String getUser() {
-            return user;
-        }
 
         public void setUser(String user) {
             this.user = user;

src/main/java/cz/hsrs/servlet/provider/GroupService.java

@@ -4,7 +4,6 @@ import java.io.IOException;
 import java.io.PrintWriter;
 import java.sql.SQLException;
 
-import javax.naming.AuthenticationException;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
@@ -14,7 +13,6 @@ import javax.ws.rs.core.HttpHeaders;
 import cz.hsrs.db.DBJsonUtils;
 import cz.hsrs.db.util.UtilFactory;
 import cz.hsrs.servlet.feeder.ServiceParameters;
-import cz.hsrs.servlet.security.LoginUser;
 
 /**
  * Servlet implementation class GroupService
@@ -43,18 +41,9 @@ public class GroupService extends DBServlet{
     }
     /** @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response */
     protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-        super.doGet(request, response);
-        RequestParameters params = new RequestParameters(request);
 
-        /* session authentication method */
-        LoginUser loggedUser;
-        try {
-            loggedUser = getAuthenticatedLoginUser(request);
-            String userName = loggedUser.getUserName();
-            params.setUser(userName);
-        } catch (AuthenticationException e1) {
-            throw new ServletException("Authentication failure for request "+ request.getQueryString());
-        }
+        request.setCharacterEncoding("UTF-8");
+        response.setCharacterEncoding("UTF-8");
 
         /* CORS Filtering */
         String originDomain = request.getHeader("origin");
@@ -63,20 +52,28 @@ public class GroupService extends DBServlet{
         response.addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
         response.addHeader("Access-Control-Allow-Credentials", "true");
         response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
-        
+
+        request.setCharacterEncoding("UTF-8");
+        response.setCharacterEncoding("UTF-8");
+
         response.addHeader(HttpHeaders.CONTENT_TYPE, "application/json;charset=UTF-8");
 
+        String userId = request.getAttribute("userId").toString();
+
         PrintWriter out = response.getWriter();
         try {
             switch (request.getParameter(ServiceParameters.OPERATION)) {
                 case GET_GROUPS:
-                    DBJsonUtils.writeJSON(out, db.groupUtil.getGroups(params.getUser()));
+                    DBJsonUtils.writeJSON(out, db.groupUtil.getGroups(userId));
                     break;
                 case GET_SUPER_GROUPS:
-                    DBJsonUtils.writeJSON(out, db.groupUtil.getSuperGroups(params.getUser()));
+                    DBJsonUtils.writeJSON(out, db.groupUtil.getSuperGroups(userId));
                     break;
-                case GET_SUB_GROUPS:
-                    DBJsonUtils.writeJSON(out, db.groupUtil.getSubGroups(params.getGroupId()));
+                case GET_SUB_GROUPS: {
+                    Object id = request.getParameter("parent_group");
+                    int groupId = id != null ? Integer.parseInt(id.toString()) : -1;
+                    DBJsonUtils.writeJSON(out, db.groupUtil.getSubGroups(groupId));
+                }
                     break;
                 default:
                     throw new NullPointerException("No operation specified.");
@@ -85,30 +82,4 @@ public class GroupService extends DBServlet{
             solveGetException(e, out);
         }
     }
-
-    static class RequestParameters {
-        private String user;
-        private int groupId;
-
-        RequestParameters(HttpServletRequest request) throws NullPointerException{
-            Object id = request.getParameter("parent_group");
-            this.groupId = id != null ? Integer.parseInt(id.toString()) : -1;
-        }
-
-        public String getUser() {
-            return user;
-        }
-
-        public int getGroupId() {
-            return groupId;
-        }
-
-        public void setGroupId(int groupId) {
-            this.groupId = groupId;
-        }
-
-        public void setUser(String user) {
-            this.user = user;
-        }
-    }
 }

src/main/java/cz/hsrs/servlet/provider/MMService.java

@@ -37,15 +37,11 @@ public class MMService extends DBServlet{
 	}
 	
 	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-		super.doGet(request, response);
-
-		try {
-			getAuthenticatedLoginUser(request);
-		} catch (AuthenticationException e) {
-			throw new ServletException(e);
-		}
+		request.setCharacterEncoding("UTF-8");
+		response.setCharacterEncoding("UTF-8");
 
 		RequestParameters params = new RequestParameters(request);
+
 		PrintWriter out = response.getWriter();
 		try {
 			if (request.getParameter(ServiceParameters.OPERATION).equals(GET_OBSERVATIONS)) {
@@ -66,11 +62,6 @@ public class MMService extends DBServlet{
 			solveGetException(e, out);
 		}
 	}
-
-	private boolean canGzip(HttpServletRequest request){
-		String accEnc = request.getHeader("Accept-Encoding");
-		return accEnc != null && accEnc.contains("gzip");
-	}
 	
 	static class RequestParameters {
 

src/main/java/cz/hsrs/servlet/provider/ManagementService.java

@@ -11,6 +11,8 @@ import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.core.HttpHeaders;
 
 import cz.hsrs.core.WebServiceException;
+import cz.hsrs.db.util.UserUtil;
+import cz.hsrs.servlet.security.JSPHelper;
 import net.sf.json.JSON;
 import net.sf.json.JSONException;
 import net.sf.json.JSONObject;
@@ -94,26 +96,40 @@ public class ManagementService extends DBServlet {
             throw new JSONException(e.getMessage());
         }
     }
-/* -- Prihlasovani -- */
 
-    private boolean isNotAuthorized(String user) {
-        if(user == null || user.isEmpty()) {
-            return true;
-        }
-        try {
-            String testLang = db.userUtil.getUserLanguage(user);
-            if (testLang.isEmpty()) {
-                return true;
-            }
-        } catch (SQLException | NoItemFoundException e) {
-            return true;
-        }
-        return false;
-    }
 
+    /* -- Prihlasovani -- */
     private LoginUser getUserBySession(HttpServletRequest request) throws ServletException {
         try {
-            return getAuthenticatedLoginUser(request);
+            LoginUser user = ((LoginUser) request.getSession().getAttribute(JSPHelper.USERATTRIBUTE));
+            if(user != null){
+                if (user.isAuthenticated()) {
+                    return user;
+                } else {
+                    throw new AuthenticationException("Authentication failure for request " + request.getQueryString());
+                }
+            }
+            else{
+                String remoteHost = request.getRemoteHost();
+                if ((remoteHost.equals("127.0.0.1") || remoteHost.equals("localhost")) && request.getParameter("user") != null) {
+                    try {
+                        UserUtil uUtil = new UserUtil();
+                        String userName = request.getParameter(JSPHelper.USERATTRIBUTE);
+                        String pass = uUtil.getUserPassword(userName);
+                        LoginUser userLocal = new LoginUser(request);
+
+                        if(userLocal.athenticate(userName, pass)){
+                            return userLocal;
+                        } else{
+                            throw new AuthenticationException("Authentication failure for request " + request.getQueryString());
+                        }
+                    } catch (Exception e) {
+                        throw new AuthenticationException("Authentication failure for request " + request.getQueryString());
+                    }
+                } else{
+                    throw new AuthenticationException("Authentication failure for request " + request.getQueryString());
+                }
+            }
         } catch (AuthenticationException e) {
             throw new ServletException("Authentication failure for request "+ request.getQueryString());
         }
@@ -130,8 +146,8 @@ public class ManagementService extends DBServlet {
         response.addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
         response.addHeader("Access-Control-Allow-Credentials", "true");
         response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
-        
-        LoginUser loggedUser = getUserBySession(request);
+
+        String loggedUserName = request.getAttribute("userId").toString();
 
         String contentType = request.getHeader(HttpHeaders.CONTENT_TYPE);
         if (contentType != null && !contentType.equalsIgnoreCase(JSON_CONTENT)) {
@@ -150,8 +166,8 @@ public class ManagementService extends DBServlet {
             JSONObject bodyJson = stringToJson(body);
             String operationMode = request.getParameter(ServiceParameters.OPERATION);
             switch (operationMode) {
-                case INSERT_UNIT:   bodyResponse = insertUnit(bodyJson, loggedUser.getUserName());   break;
-                case INSERT_SENSOR: bodyResponse = insertSensor(bodyJson, loggedUser.getUserName()); break;
+                case INSERT_UNIT:   bodyResponse = insertUnit(bodyJson, loggedUserName);   break;
+                case INSERT_SENSOR: bodyResponse = insertSensor(bodyJson, loggedUserName); break;
                 default: throw new ServletException(
                         String.format("No operation specified! Allowed: [%s, %s].", INSERT_UNIT, INSERT_SENSOR)
                 );
@@ -178,7 +194,6 @@ public class ManagementService extends DBServlet {
         response.addHeader("Access-Control-Allow-Credentials", "true");
         response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
 
-        LoginUser loggedUser = getUserBySession(request);
 
         String contentType = request.getHeader(HttpHeaders.CONTENT_TYPE);
         if (contentType != null && !contentType.equalsIgnoreCase(JSON_CONTENT)) {
@@ -225,8 +240,6 @@ public class ManagementService extends DBServlet {
         response.addHeader("Access-Control-Allow-Credentials", "true");
         response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
 
-        LoginUser loggedUser = getUserBySession(request);
-
         String contentType = request.getHeader(HttpHeaders.CONTENT_TYPE);
         if (contentType != null && !contentType.equalsIgnoreCase(JSON_CONTENT)) {
             throw new ServletException("Received request does not contain JSON data. " +

src/main/java/cz/hsrs/servlet/provider/SensorService.java

@@ -44,19 +44,10 @@ public class SensorService extends DBServlet {
     }
 
     protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-        super.doGet(request, response);
-        RequestParameters params = new RequestParameters(request);
-        
-        /* session login method */
-        LoginUser loggedUser;
-        try {
-            loggedUser = getAuthenticatedLoginUser(request);
-            String userName = loggedUser.getUserName();
-            params.setUser(userName);
-        } catch (AuthenticationException e1) {
-            throw new ServletException("Authentication failure for request "+ request.getQueryString());
-        }
-        
+
+        request.setCharacterEncoding("UTF-8");
+        response.setCharacterEncoding("UTF-8");
+
         /* CORS Filtering */
         String originDomain = request.getHeader("origin");
         originDomain = originDomain == null ? "*" : originDomain;
@@ -64,7 +55,7 @@ public class SensorService extends DBServlet {
         response.addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
         response.addHeader("Access-Control-Allow-Credentials", "true");
         response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
-        
+
         response.addHeader(HttpHeaders.CONTENT_TYPE, "application/json;charset=UTF-8");
 
         /*
@@ -79,6 +70,9 @@ public class SensorService extends DBServlet {
          * /SensorService?Operation=GetAllSensors
          * /SensorService?Operation=GetAllSensorTypes
          */
+
+        RequestParameters params = new RequestParameters(request);
+
         PrintWriter out = response.getWriter();
         try {
             /* GetSensors */
@@ -183,8 +177,7 @@ public class SensorService extends DBServlet {
             Object too =  request.getParameter("to");
             this.to = too != null ? too.toString() : "3000-01-01 00:00:00+01";
 
-            Object userO = request.getParameter("user");
-            this.user = userO != null ? userO.toString() : null;
+            this.user = request.getAttribute("userId").toString();
 
             Object groupO = request.getParameter("group");
             this.group = groupO != null ? groupO.toString() : null;

src/main/java/cz/hsrs/servlet/security/ControllerServlet.java

@@ -101,8 +101,7 @@ public class ControllerServlet extends DBServlet {
     }
 
     @Override
-    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
+    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
         procesRequest(req, resp);
     }
     

src/main/java/cz/hsrs/servlet/security/OAuthGuardFilter.java

@@ -0,0 +1,122 @@
+package cz.hsrs.servlet.security;
+
+import io.jsonwebtoken.*;
+import net.sf.json.JSONObject;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.*;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.util.List;
+import java.util.Set;
+
+import static cz.hsrs.core.ApplicationInfo.globalProperties;
+import static javax.ws.rs.core.HttpHeaders.AUTHORIZATION;
+import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
+import static org.mortbay.jetty.HttpStatus.ORDINAL_401_Unauthorized;
+import static org.mortbay.jetty.HttpStatus.ORDINAL_403_Forbidden;
+
+public class OAuthGuardFilter implements Filter {
+
+    private static final String KEYSTORE_PATH = globalProperties().keyStonePath();
+    private static final String KEYSTORE_PASS = globalProperties().keyStonePass();
+    private static final String CERT_ALIAS = globalProperties().authCertAlias();
+    private static final String[] PERMISSIONS = globalProperties().permissions();
+    private static final String TOKEN_TYPE = "Bearer";
+
+    private JwtParser jwtParser;
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        try {
+            FileInputStream is = new FileInputStream(KEYSTORE_PATH);
+            KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
+            keystore.load(is, KEYSTORE_PASS.toCharArray());
+
+            Certificate cer = keystore.getCertificate(CERT_ALIAS);
+
+            PublicKey publicKey = cer.getPublicKey();
+            jwtParser = Jwts.parser().verifyWith(publicKey).build();
+
+        } catch (NoSuchAlgorithmException | CertificateException | KeyStoreException | IOException e) {
+            throw new ServletException(e);
+        }
+    }
+
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
+        if (!(servletRequest instanceof HttpServletRequest && servletResponse instanceof HttpServletResponse)) {
+            servletResponse.getWriter().print(new JSONObject()
+                    .element("message", "Request is not HTTP type.")
+            ); return;
+        }
+
+        HttpServletRequest req = (HttpServletRequest) servletRequest;
+        HttpServletResponse res = (HttpServletResponse) servletResponse;
+
+        String authToken = req.getHeader(AUTHORIZATION);
+        if (authToken == null || !authToken.startsWith(TOKEN_TYPE)) {
+            handleError(res, ORDINAL_401_Unauthorized,
+                    String.format("HTTP request does not contain required token. It requires '"+TOKEN_TYPE+"' JWT token.")); return;
+        }
+
+        try {
+            String token = authToken.substring(TOKEN_TYPE.length()+1);
+            Jwt<JwsHeader, Claims> jwt = jwtParser.parseSignedClaims(token);
+            Claims claims = jwt.getPayload();
+
+            Set<String> resourceSrv = claims.getAudience();
+            String reqUrl = String.format("%s://%s%s%s",
+                    req.getScheme(), req.getServerName(),
+                    (req.getServerPort() != 80 ? (":"+req.getServerPort()) : ""),
+                    req.getContextPath()
+            );
+
+            boolean resSrvAllowed = resourceSrv.stream().anyMatch(r -> r.equals(reqUrl));
+            if (!resSrvAllowed) {
+                handleError(res, ORDINAL_403_Forbidden,
+                        String.format("The resource server '%s' is not allowed to access.", reqUrl)); return;
+            }
+
+            List<?> permissions = claims.get("permissions", List.class);
+            boolean matchAny = false;
+            for (Object permissionObj : permissions) {
+                String permission = permissionObj.toString();
+                for (String requiredPermission : PERMISSIONS) {
+                    if (permission.equals(requiredPermission)) {
+                        matchAny = true; break;
+                    }
+                }
+            }
+            if (!matchAny) {
+                handleError(res, ORDINAL_403_Forbidden,
+                        "Not enough permissions to access the resource server."); return;
+            }
+
+            req.setAttribute("userId", "admin"); // TODO get 'userId' from the claims
+
+            filterChain.doFilter(servletRequest, servletResponse);
+        } catch(JwtException ex) {
+            handleError(res, ORDINAL_401_Unauthorized, ex.getMessage());
+        }
+    }
+
+    private static void handleError(HttpServletResponse res, int code, String message) throws IOException {
+        res.setStatus(code);
+        res.setContentType(APPLICATION_JSON);
+        res.getWriter().print(new JSONObject()
+                .element("code", code)
+                .element("message", message)
+        );
+    }
+
+        @Override
+    public void destroy() {
+
+    }
+
+}

src/main/resources/global.properties

@@ -0,0 +1,11 @@
+
+# Java Keystone JKS properties
+keystone.path=/home/vrenclouff/Development/senslog/core/senslog_keystore.jks
+keystone.password=SENSlog
+keystone.certificate.alias=auth0_senslog_cert
+
+# Authorization & Authentication properties
+auth.type=OAUTH
+
+access.permission.name=senslog
+access.permission.scopes=all

src/main/webapp/WEB-INF/web.xml

@@ -14,103 +14,81 @@
         <servlet-name>ManagementService</servlet-name>
         <servlet-class>cz.hsrs.servlet.provider.ManagementService</servlet-class>
     </servlet>
-    <servlet-mapping>
-        <servlet-name>ManagementService</servlet-name>
-        <url-pattern>/ManagementService</url-pattern>
-    </servlet-mapping>
 
     <servlet>
-        <description>
-        </description>
         <display-name>FeederServlet</display-name>
         <servlet-name>FeederServlet</servlet-name>
         <servlet-class>cz.hsrs.servlet.feeder.FeederServlet</servlet-class>
     </servlet>
-    <servlet-mapping>
-        <servlet-name>FeederServlet</servlet-name>
-        <url-pattern>/FeederServlet</url-pattern>
-    </servlet-mapping>
 
     <servlet>
-        <description>
-        </description>
         <display-name>ChartServlet</display-name>
         <servlet-name>ChartServlet</servlet-name>
         <servlet-class>cz.hsrs.servlet.provider.ChartServlet</servlet-class>
     </servlet>
 
     <servlet>
-        <description>
-        </description>
         <display-name>SensorService</display-name>
         <servlet-name>SensorService</servlet-name>
         <servlet-class>cz.hsrs.servlet.provider.SensorService</servlet-class>
     </servlet>
 
     <servlet>
-        <description>
-        </description>
         <display-name>AlertService</display-name>
         <servlet-name>AlertService</servlet-name>
         <servlet-class>cz.hsrs.servlet.provider.AlertService</servlet-class>
     </servlet>
     
     <servlet>
-        <description>
-        </description>
         <display-name>AnalystService</display-name>
         <servlet-name>AnalystService</servlet-name>
         <servlet-class>cz.hsrs.servlet.provider.AnalystService</servlet-class>
     </servlet>
     
     <servlet>
-        <description>
-        </description>
         <display-name>MMService</display-name>
         <servlet-name>MMService</servlet-name>
         <servlet-class>cz.hsrs.servlet.provider.MMService</servlet-class>
     </servlet>
 
     <servlet>
-        <description>
-        </description>
         <display-name>DataService</display-name>
         <servlet-name>DataService</servlet-name>
         <servlet-class>cz.hsrs.servlet.provider.DataService</servlet-class>
     </servlet>
+
     <servlet>
-        <description>
-        </description>
         <display-name>GroupService</display-name>
         <servlet-name>GroupService</servlet-name>
         <servlet-class>cz.hsrs.servlet.provider.GroupService</servlet-class>
     </servlet>
 
+<!--    <servlet>-->
+<!--        <display-name>ControllerServlet</display-name>-->
+<!--        <servlet-name>ControllerServlet</servlet-name>-->
+<!--        <servlet-class>cz.hsrs.servlet.security.ControllerServlet</servlet-class>-->
+<!--    </servlet>-->
+
     <servlet>
-        <description>
-        </description>
-        <display-name>ControllerServlet</display-name>
-        <servlet-name>ControllerServlet</servlet-name>
-        <servlet-class>cz.hsrs.servlet.security.ControllerServlet</servlet-class>
-    </servlet>
-    <servlet>
-        <description>
-        </description>
         <display-name>Logout</display-name>
         <servlet-name>Logout</servlet-name>
         <servlet-class>cz.hsrs.servlet.security.LogoutServlet</servlet-class>
     </servlet>
-    <servlet>
-        <description>
-        </description>
-        <display-name>ChangeLang</display-name>
-        <servlet-name>ChangeLang</servlet-name>
-        <servlet-class>cz.hsrs.servlet.lang.ChangeLangServlet</servlet-class>
-    </servlet>
+
+<!--    <servlet>-->
+<!--        <display-name>ChangeLang</display-name>-->
+<!--        <servlet-name>ChangeLang</servlet-name>-->
+<!--        <servlet-class>cz.hsrs.servlet.lang.ChangeLangServlet</servlet-class>-->
+<!--    </servlet>-->
+
+    <filter>
+        <filter-name>OAuthGuardFiltr</filter-name>
+        <filter-class>cz.hsrs.servlet.security.OAuthGuardFilter</filter-class>
+    </filter>
     
 <!-- Jersey 2.x REST -->
   <servlet>
-      <servlet-name>Jersey REST Service</servlet-name>
+      <servlet-name>Jersey_Services</servlet-name>
       <!-- <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>-->
        <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
       <init-param>
@@ -137,56 +115,83 @@
 <!--       <param-value>cz.hsrs.hsformserver.rest.AuthFilter</param-value> -->
 <!--     </init-param> -->
       <load-on-startup>1</load-on-startup>
+
+
   </servlet>
 
+    <!-- Jersey Endpoints where /api/data and /api/manage are protected by OAuth -->
     <servlet-mapping>
-        <servlet-name>Logout</servlet-name>
-        <url-pattern>/Logout</url-pattern>
-    </servlet-mapping>
-    <servlet-mapping>
-        <servlet-name>ChangeLang</servlet-name>
-        <url-pattern>/ChangeLang</url-pattern>
+        <servlet-name>Jersey_Services</servlet-name>
+        <url-pattern>/api/*</url-pattern>
     </servlet-mapping>
+
+    <!-- Endpoints for Data Access -->
+    <filter-mapping>
+        <filter-name>OAuthGuardFiltr</filter-name>
+        <url-pattern>/api/data/*</url-pattern>
+    </filter-mapping>
     <servlet-mapping>
-        <servlet-name>ControllerServlet</servlet-name>
-        <url-pattern>/ControllerServlet</url-pattern>
+        <servlet-name>FeederServlet</servlet-name>
+        <url-pattern>/api/data/FeederServlet</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
         <servlet-name>ChartServlet</servlet-name>
-        <url-pattern>/ChartServlet</url-pattern>
+        <url-pattern>/api/data/ChartServlet</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
         <servlet-name>DataService</servlet-name>
-        <url-pattern>/DataService</url-pattern>
+        <url-pattern>/api/data/DataService</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
-        <servlet-name>GroupService</servlet-name>
-        <url-pattern>/GroupService</url-pattern>
+        <servlet-name>SensorService</servlet-name>
+        <url-pattern>/api/data/SensorService</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
-        <servlet-name>SensorService</servlet-name>
-        <url-pattern>/SensorService</url-pattern>
+        <servlet-name>AnalystService</servlet-name>
+        <url-pattern>/api/data/AnalystService</url-pattern>
     </servlet-mapping>
-
     <servlet-mapping>
-        <servlet-name>AlertService</servlet-name>
-        <url-pattern>/AlertService</url-pattern>
+        <servlet-name>MMService</servlet-name>
+        <url-pattern>/api/data/MMService</url-pattern>
     </servlet-mapping>
-    
+
+
+    <!-- Endpoints for Managing Access -->
+    <filter-mapping>
+        <filter-name>OAuthGuardFiltr</filter-name>
+        <url-pattern>/api/manage/*</url-pattern>
+    </filter-mapping>
     <servlet-mapping>
-        <servlet-name>AnalystService</servlet-name>
-        <url-pattern>/AnalystService</url-pattern>
+        <servlet-name>ManagementService</servlet-name>
+        <url-pattern>/api/manage/ManagementService</url-pattern>
     </servlet-mapping>
-    
     <servlet-mapping>
-        <servlet-name>MMService</servlet-name>
-        <url-pattern>/MMService</url-pattern>
+        <servlet-name>GroupService</servlet-name>
+        <url-pattern>/api/manage/GroupService</url-pattern>
     </servlet-mapping>
 
+
+    <!-- Endpoints for others without OAuth -->
     <servlet-mapping>
-      <servlet-name>Jersey REST Service</servlet-name>
-      <url-pattern>/rest/*</url-pattern>
+        <servlet-name>Logout</servlet-name>
+        <url-pattern>/Logout</url-pattern>
     </servlet-mapping>
+    <servlet-mapping>
+        <servlet-name>AlertService</servlet-name>
+        <url-pattern>/api/AlertService</url-pattern>
+    </servlet-mapping>
+
+    <!-- Disabled endpoints without OAuth but require authorization -->
+<!--    <servlet-mapping>-->
+<!--        <servlet-name>ControllerServlet</servlet-name> // init-->
+<!--        <url-pattern>/api/ControllerServlet</url-pattern>-->
+<!--    </servlet-mapping>-->
+<!--    <servlet-mapping>-->
+<!--        <servlet-name>ChangeLang</servlet-name>-->
+<!--        <url-pattern>/api/ChangeLang</url-pattern>-->
+<!--    </servlet-mapping>-->
+
+
 
     <init-param>
         <param-name>development</param-name>
@@ -198,7 +203,6 @@
     </welcome-file-list>
 
     <listener>
-        <description>sessionListener</description>
         <listener-class>cz.hsrs.servlet.security.SessionListener</listener-class>
     </listener>
     <listener>
@@ -208,5 +212,5 @@
     <session-config>
         <session-timeout>240</session-timeout>
     </session-config>
-
+
 </web-app>

src/main/webapp/js/maplog-app-osm.js

@@ -83,7 +83,7 @@ function initializeMap() {
     maplog.tq.qlayer = "positions";
     maplog.tq.unitsLayer = maplog.unitsLayer;
 
-    maplog.unitSwitcher = new MapLog.Control.UnitSwitcher(dbservice+"/GroupService?Operation=GetGroups",maplog.unitsLayer, {container: maplog.switcherPanel,maplog:maplog});
+    maplog.unitSwitcher = new MapLog.Control.UnitSwitcher(dbservice+"/api/manage/GroupService?Operation=GetGroups",maplog.unitsLayer, {container: maplog.switcherPanel,maplog:maplog});
     var selectFeature = new OpenLayers.Control.SelectFeature(
                 [maplog.unitsLayer],
                 {

src/main/webapp/js/maplog-app.js

@@ -218,7 +218,7 @@ function initializeMap() {
     maplog.tq.qlayer = "positions";
     maplog.tq.unitsLayer = maplog.unitsLayer;
 
-    maplog.unitSwitcher = new MapLog.Control.UnitSwitcher(dbservice+"/GroupService?Operation=GetGroups",maplog.unitsLayer, {container: maplog.switcherPanel,maplog:maplog});
+    maplog.unitSwitcher = new MapLog.Control.UnitSwitcher(dbservice+"/api/manage/GroupService?Operation=GetGroups",maplog.unitsLayer, {container: maplog.switcherPanel,maplog:maplog});
     var selectFeature = new OpenLayers.Control.SelectFeature(
                 [maplog.unitsLayer],
                 {