Added authorizatio via session (cookie) to ManagementService

src/main/java/cz/hsrs/db/model/insert/UnitInsert.java

@@ -121,9 +121,9 @@ public class UnitInsert {
             return this;
         /** there is same unit in DB and it is paired to this user */     
         } else{
-            List<Sensor> insSensors = new LinkedList<Sensor>();        
-            for(int s = 0; s < this.sensors.size(); s++){
-                Sensor insSen = sensors.get(s).insertToDb(this.unitId);
+            List<Sensor> insSensors = new LinkedList<Sensor>();
+            for (Sensor sensor : this.sensors) {
+                Sensor insSen = sensor.insertToDb(this.unitId);
                 insSensors.add(insSen);
             }
             this.sensors = insSensors;

src/main/java/cz/hsrs/db/util/ManagementUtil.java

@@ -29,29 +29,26 @@ public class ManagementUtil extends DBUtil {
 
             if (payload.containsKey("sensors")) {
                 JSONArray sensorsJsonArray = payload.getJSONArray("sensors");
-                List<Sensor> sensors = new ArrayList<>(sensorsJsonArray.size());
+                long[] sensorIds = new long[sensorsJsonArray.size()];
                 for (int i = 0; i < sensorsJsonArray.size(); i++) {
                     JSONObject sensorJson = sensorsJsonArray.getJSONObject(i);
                     if (!sensorJson.containsKey("sensor_id")) {
                         throw new NoItemFoundException("Attribute 'sensor_id' is required.");
                     }
-                    long sensorId = sensorJson.getLong("sensor_id");
-                    sensors.add(new Sensor(sensorId, null, null, null));
+                    sensorIds[i] = sensorJson.getLong("sensor_id");
                 }
 
-                for (Sensor sensor : sensors) {
-                    long sensorId = sensor.getSensorId();
-                    String del = "DELETE FROM units_to_sensors WHERE sensor_id = "+sensorId + " AND unit_id = " + unitId;
-                    int result = SQLExecutor.executeUpdate(del);
-
-                    // TODO delete sensor in the database 
+                List<Sensor> sensors = new ArrayList<>(sensorIds.length);
+                for (long sensorId : sensorIds) {
+                    String sql = String.format("DELETE FROM units_to_sensors WHERE sensor_id = %s AND unit_id = %s", sensorId, unitId);
+                    int result = SQLExecutor.executeUpdate(sql);
                     //- delete sensor pokud je pouze u teto jednotky
                     //- delete pouze units_to_sensors pokud je u vice jednotek - typ senzoru - OK
-                    
-
+                    if (result > 0) {
+                        sensors.add(new Sensor(sensorId, null, null, null));
+                    }
                 }
                 return new UnitInsert(unitId, null, sensors);
-
             } else {
                 throw new NoItemFoundException("Attribute 'sensors' is required.");
             }
@@ -69,7 +66,7 @@ public class ManagementUtil extends DBUtil {
             long unitId = unitJson.getLong("unit_id");
             final UnitUtil unitUtil = new UnitUtil();
             int result = unitUtil.deleteUnit(unitId);
-            return result != 0 ? unitId : null;
+            return result > 0 ? unitId : null;
         } else {
             throw new NoItemFoundException("Attribute 'unit' is required.");
         }
@@ -139,13 +136,10 @@ public class ManagementUtil extends DBUtil {
                 throw new NoItemFoundException("Attribute 'unit_id' is required.");
             }
             long unitId = unitJson.getLong("unit_id");
-            String updUnit = "UPDATE units SET description = '"+unitJson.getString("description")+"' WHERE unit_id = "+unitId;
-            int result = SQLExecutor.executeUpdate(updUnit);
-
-            // TODO UPDATE unit attributes in the database
-
-            return new UnitInsert(unitId, null, null);
-
+            String unitDsc = unitJson.getString("description");
+            String sql = String.format("UPDATE units SET description = '%s' WHERE unit_id = %s", unitDsc, unitId);
+            int result = SQLExecutor.executeUpdate(sql);
+            return result > 0 ? new UnitInsert(unitId, unitDsc, null) : null;
         } else {
             throw new NoItemFoundException("Attribute 'unit' is required.");
         }

src/main/java/cz/hsrs/servlet/provider/DBServlet.java

@@ -149,7 +149,7 @@ public abstract class DBServlet extends HttpServlet {
             if (user.isAuthenticated()) {
                 return user;
             } else {
-                throw new AuthenticationException("Authentication fairlure for request " + request.getQueryString());
+                throw new AuthenticationException("Authentication failure for request " + request.getQueryString());
             }
         }
         else{
@@ -164,13 +164,13 @@ public abstract class DBServlet extends HttpServlet {
                     if(userLocal.athenticate(userName, pass)){
                         return userLocal;
                     } else{
-                        throw new AuthenticationException("Authentication fairlure for request " + request.getQueryString());
+                        throw new AuthenticationException("Authentication failure for request " + request.getQueryString());
                     }
                 } catch (Exception e) {
-                    throw new AuthenticationException("Authentication fairlure for request " + request.getQueryString());
+                    throw new AuthenticationException("Authentication failure for request " + request.getQueryString());
                 }
             } else{
-                throw new AuthenticationException("Authentication fairlure for request " + request.getQueryString());
+                throw new AuthenticationException("Authentication failure for request " + request.getQueryString());
             }
         }
     }

src/main/java/cz/hsrs/servlet/provider/DataService.java

@@ -9,6 +9,7 @@ import javax.naming.AuthenticationException;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.HttpHeaders;
 
 import cz.hsrs.db.DBJsonUtils;
 import cz.hsrs.db.model.UnitPosition;
@@ -81,6 +82,7 @@ public class DataService extends DBServlet {
         }
 
         response.addHeader("Access-Control-Allow-Origin", "*");
+        response.addHeader(HttpHeaders.CONTENT_TYPE, "application/json");
         /*
          * /DataService?Operation=GetUnits&user=telemetry&unit_id=356173060488215
          * /DataService?Operation=GetTracks&user=telemetry&limit=500

src/main/java/cz/hsrs/servlet/provider/ManagementService.java

@@ -94,11 +94,7 @@ public class ManagementService extends DBServlet {
         }
     }
 /* -- Prihlasovani -- */
-    /**
-     * 
-     * @param user
-     * @return
-     */
+
     private boolean isNotAuthorized(String user) {
         if(user == null || user.isEmpty()) {
             return true;
@@ -114,24 +110,20 @@ public class ManagementService extends DBServlet {
         return false;
     }
 
+    private LoginUser getUserBySession(HttpServletRequest request) throws ServletException {
+        try {
+            return getAuthenticatedLoginUser(request);
+        } catch (AuthenticationException e) {
+            throw new ServletException("Authentication failure for request "+ request.getQueryString());
+        }
+    }
+
     @Override
     protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         response.addHeader(HttpHeaders.CONTENT_TYPE, JSON_CONTENT);
         response.addHeader("Access-Control-Allow-Origin", "*");
         
-        /* -- Prihlasovani -- */
-/*        String user = request.getParameter("user");
-        if (isNotAuthorized(user)) {
-            throw new ServletException("Authentication failure for request: "+ request.getQueryString());
-        }
-*/        
-        /* session authentication method */
-        LoginUser loggedUser;
-        try {
-            loggedUser = getAuthenticatedLoginUser(request);
-        } catch (AuthenticationException e1) {
-            throw new ServletException("Authentication failure for request "+ request.getQueryString());
-        }
+        LoginUser loggedUser = getUserBySession(request);
 
         String contentType = request.getHeader(HttpHeaders.CONTENT_TYPE);
         if (contentType != null && !contentType.equalsIgnoreCase(JSON_CONTENT)) {
@@ -171,10 +163,7 @@ public class ManagementService extends DBServlet {
         response.addHeader(HttpHeaders.CONTENT_TYPE, JSON_CONTENT);
         response.addHeader("Access-Control-Allow-Origin", "*");
 
-        String user = request.getParameter("user");
-        if (isNotAuthorized(user)) {
-            throw new ServletException("Authentication failure for request: "+ request.getQueryString());
-        }
+        LoginUser loggedUser = getUserBySession(request);
 
         String contentType = request.getHeader(HttpHeaders.CONTENT_TYPE);
         if (contentType != null && !contentType.equalsIgnoreCase(JSON_CONTENT)) {
@@ -214,10 +203,7 @@ public class ManagementService extends DBServlet {
         response.addHeader(HttpHeaders.CONTENT_TYPE, JSON_CONTENT);
         response.addHeader("Access-Control-Allow-Origin", "*");
 
-        String user = request.getParameter("user");
-        if (isNotAuthorized(user)) {
-            throw new ServletException("Authentication failure for request: "+ request.getQueryString());
-        }
+        LoginUser loggedUser = getUserBySession(request);
 
         String contentType = request.getHeader(HttpHeaders.CONTENT_TYPE);
         if (contentType != null && !contentType.equalsIgnoreCase(JSON_CONTENT)) {