Added REST service for GET and PUT user

Added CORS header for REST services

src/main/java/cz/hsrs/db/util/UserUtil.java

@@ -236,6 +236,22 @@ public class UserUtil extends GroupUtil {
         String insert = "insert into system_users(user_name, user_password) Values('" + user_name + "','" + pass + "');";
         return SQLExecutor.executeUpdate(insert);
     }
+    
+    /**
+     * 
+     * @param user_name
+     * @param pass
+     * @param realName
+     * @param groupId
+     * @param rightsId
+     * @return
+     * @throws SQLException
+     */
+    public static int insertUser(String user_name, String pass, String realName, int groupId, int rightsId) throws SQLException {
+    	String insert = "INSERT INTO system_users(user_name, user_password, user_real_name, group_id, rights_id) "
+    			+ "VALUES('" + user_name + "','" + pass + "','"+realName+"',"+groupId+","+rightsId+");";
+    	return SQLExecutor.executeUpdate(insert);
+    }
 
     public int deleteUser(String user_name) throws SQLException {
         String del = "DELETE FROM system_users WHERE user_name='" + user_name + "';";

src/main/java/cz/hsrs/rest/beans/UserBean.java

@@ -0,0 +1,49 @@
+package cz.hsrs.rest.beans;
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement
+public class UserBean {
+	
+	public int userId;
+	public String userName;
+	public String userPass;
+	public String userRealName;
+	public int groupId;
+	public int rightsId;
+/*
+	public UserBean() {
+	}
+*/
+	/**
+	 * Constructor for loading from DB
+	 * @param userId
+	 * @param userName
+	 * @param userRealName
+	 * @param groupId
+	 * @param rightsId
+	 */
+	public UserBean(int userId, String userName, String userRealName, int groupId, int rightsId) {
+		this.userId = userId;
+		this.userName = userName;
+		this.userRealName = userRealName;
+		this.groupId = groupId;
+		this.rightsId = rightsId;
+	}
+
+	/**
+	 * Constructor for inserting to DB
+	 * @param userName
+	 * @param userPass
+	 * @param userRealName
+	 * @param groupId
+	 * @param rightsId
+	 */
+	public UserBean(String userName, String userPass, String userRealName, int groupId, int rightsId) {
+		this.userName = userName;
+		this.userPass = userPass;
+		this.userRealName = userRealName;
+		this.groupId = groupId;
+		this.rightsId = rightsId;
+	}
+}

src/main/java/cz/hsrs/rest/provider/UserRest.java

@@ -0,0 +1,105 @@
+/**
+ * 
+ */
+package cz.hsrs.rest.provider;
+
+import java.sql.SQLException;
+
+import javax.naming.AuthenticationException;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+
+import org.mortbay.jetty.HttpStatus;
+
+import cz.hsrs.db.util.UserUtil;
+import cz.hsrs.rest.beans.UserBean;
+import cz.hsrs.rest.util.AuthUtil;
+import cz.hsrs.rest.util.UserRestUtil;
+import cz.hsrs.servlet.security.LoginUser;
+import net.sf.json.JSONObject;
+
+/**
+ * @author mkepka
+ *
+ */
+@Path("/user")
+public class UserRest {
+	
+	/**
+	 * Empty constructor
+	 */
+	public UserRest() {
+	}
+	
+	/**
+	 * 
+	 * @param req
+	 * @return
+	 */
+	@GET
+	public Response getUser(@Context HttpServletRequest req) {
+        try {
+        	LoginUser loggedUser = AuthUtil.getAuthenticatedLoginUser(req);
+        	UserBean userDetails = UserRestUtil.getUser(loggedUser.getUserName());
+        	return Response.ok().entity(userDetails)
+    				.header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON)
+    				.build();
+        } catch (AuthenticationException e1) {
+        	return Response.status(HttpStatus.ORDINAL_401_Unauthorized)
+        		.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
+        		.entity("Authentication failure for request "+ req.getQueryString())
+        		.build();
+        } catch (SQLException e) {
+        	return Response.status(HttpStatus.ORDINAL_500_Internal_Server_Error)
+            		.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
+            		.entity(e.getLocalizedMessage())
+            		.build();
+		}
+	}
+	
+	/**
+	 * 
+	 * @param userJSON
+	 * @param req
+	 * @return
+	 */
+	@PUT
+	@Consumes(MediaType.APPLICATION_JSON)
+	public Response insertUser(JSONObject userJSON, @Context HttpServletRequest req) {
+		try {
+        	LoginUser loggedUser = AuthUtil.getAuthenticatedLoginUser(req);
+        	if(loggedUser.getRightsID() == 0) {
+        		UserUtil.insertUser(userJSON.getString("userName"),
+        				userJSON.getString("userPass"),
+        				userJSON.getString("userRealName"),
+        				userJSON.getInt("groupId"),
+        				userJSON.getInt("rightsId"));
+        	return Response.ok()
+    				.build();
+        	}
+        	else {
+        		return Response.status(HttpStatus.ORDINAL_403_Forbidden)
+                		.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
+                		.entity("Not enough rights for inserting!")
+                		.build();
+        	}
+        } catch (AuthenticationException e1) {
+        	return Response.status(HttpStatus.ORDINAL_401_Unauthorized)
+        		.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
+        		.entity("Authentication failure for request!")
+        		.build();
+        } catch (SQLException e) {
+        	return Response.status(HttpStatus.ORDINAL_500_Internal_Server_Error)
+            		.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
+            		.entity(e.getLocalizedMessage())
+            		.build();
+		}
+    }
+}

src/main/java/cz/hsrs/rest/util/AuthUtil.java

@@ -0,0 +1,53 @@
+package cz.hsrs.rest.util;
+
+import javax.naming.AuthenticationException;
+import javax.servlet.http.HttpServletRequest;
+
+import cz.hsrs.db.util.UserUtil;
+import cz.hsrs.servlet.security.JSPHelper;
+import cz.hsrs.servlet.security.LoginUser;
+
+/**
+ * Utility class for authentication
+ * @author mkepka
+ *
+ */
+public class AuthUtil {
+
+    /**
+     * Method provides info about logged user by SessionId in HTTPRequest
+     * @param request - HTTP request containing SESSIONID
+     *
+     */
+    public static LoginUser getAuthenticatedLoginUser(HttpServletRequest request) throws AuthenticationException {
+        LoginUser user = ((LoginUser) request.getSession().getAttribute(JSPHelper.USERATTRIBUTE));
+        if(user != null){
+            if (user.isAuthenticated()) {
+                return user;
+            } else {
+                throw new AuthenticationException("Authentication failure for request " + request.getQueryString());
+            }
+        }
+        else{
+            String remoteHost = request.getRemoteHost();
+            if ((remoteHost.equals("127.0.0.1") || remoteHost.equals("localhost")) && request.getParameter("user") != null) {
+                try {
+                    UserUtil uUtil = new UserUtil();
+                    String userName = request.getParameter(JSPHelper.USERATTRIBUTE);
+                    String pass = uUtil.getUserPassword(userName);
+                    LoginUser userLocal = new LoginUser(request);
+
+                    if(userLocal.athenticate(userName, pass)){
+                        return userLocal;
+                    } else{
+                        throw new AuthenticationException("Authentication fairlure for request " + request.getQueryString());
+                    }
+                } catch (Exception e) {
+                    throw new AuthenticationException("Authentication fairlure for request " + request.getQueryString());
+                }
+            } else{
+                throw new AuthenticationException("Authentication fairlure for request " + request.getQueryString());
+            }
+        }
+    }
+}

src/main/java/cz/hsrs/rest/util/CorsFilter.java

@@ -8,9 +8,9 @@ public class CorsFilter implements ContainerResponseFilter {
 
     @Override
     public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) {
-        requestContext.getHeaders().add("Access-Control-Allow-Origin", "*");
-        requestContext.getHeaders().add("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
-        requestContext.getHeaders().add("Access-Control-Allow-Credentials", "true");
-        requestContext.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
+    	responseContext.getHeaders().add("Access-Control-Allow-Origin", "*");
+    	responseContext.getHeaders().add("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
+    	responseContext.getHeaders().add("Access-Control-Allow-Credentials", "true");
+    	responseContext.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
     }
 }

src/main/java/cz/hsrs/rest/util/UserRestUtil.java

@@ -0,0 +1,33 @@
+package cz.hsrs.rest.util;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+import cz.hsrs.db.pool.SQLExecutor;
+import cz.hsrs.rest.beans.UserBean;
+
+public class UserRestUtil {
+
+	/**
+	 * 
+	 * @param userName
+	 * @return
+	 * @throws SQLException
+	 */
+	public static UserBean getUser(String userName) throws SQLException {
+		String query = "SELECT * FROM system_users WHERE user_name = '"+userName+"';";
+		ResultSet res = SQLExecutor.getInstance().executeQuery(query);
+		UserBean user = null;
+		if(res != null) {
+			while(res.next()) {
+				user = new UserBean(
+						res.getInt("user_id"),
+						res.getString("user_name"),
+						res.getString("user_real_name"),
+						res.getInt("group_id"),
+						res.getInt("rights_id"));
+			}
+		}
+		return user;
+	}
+}

src/main/webapp/WEB-INF/web.xml

@@ -124,7 +124,7 @@
       </init-param>
       <init-param>
           <param-name>jersey.config.server.provider.classnames</param-name>
-          <param-value>org.glassfish.jersey.media.multipart.MultiPartFeature</param-value>
+          <param-value>org.glassfish.jersey.media.multipart.MultiPartFeature;cz.hsrs.rest.util.CorsFilter</param-value>
       </init-param>
       <init-param>
           <param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name>