Fixing authentication method for Servlets

Adding rightID for response after login of user

pom.xml

@@ -193,34 +193,11 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-annotations</artifactId>
-            <!-- <version>2.11.1</version>-->
             <version>2.9.7</version>
             <scope>provided</scope>
         </dependency>
 
 <!-- JERSEY -->
-<!-- 
-    <dependency>
-        <groupId>com.sun.jersey</groupId>
-        <artifactId>jersey-server</artifactId>
-        <version>1.19.4</version>
-    </dependency>
-    <dependency>
-        <groupId>com.sun.jersey</groupId>
-        <artifactId>jersey-core</artifactId>
-        <version>1.19.4</version>
-    </dependency>
-    <dependency>
-        <groupId>com.sun.jersey</groupId>
-        <artifactId>jersey-servlet</artifactId>
-        <version>1.19.4</version>
-    </dependency>
-    <dependency>
-        <groupId>com.sun.jersey</groupId>
-        <artifactId>jersey-json</artifactId>
-        <version>1.19.4</version>
-    </dependency>
- -->
     <dependency>
         <groupId>org.glassfish.jersey.containers</groupId>
         <artifactId>jersey-container-servlet</artifactId>
@@ -236,27 +213,13 @@
         <artifactId>jersey-media-json-jackson</artifactId>
         <version>${jersey2.version}</version>
     </dependency>
-    
-<!--
     <dependency>
-        <groupId>org.glassfish.jersey.inject</groupId>
-        <artifactId>jersey-hk2</artifactId>
+        <groupId>org.glassfish.jersey.media</groupId>
+        <artifactId>jersey-media-multipart</artifactId>
         <version>${jersey2.version}</version>
     </dependency>
--->
-        <dependency>
-            <groupId>org.glassfish.jersey.media</groupId>
-            <artifactId>jersey-media-multipart</artifactId>
-            <version>${jersey2.version}</version>
-        </dependency>
-<!-- 
-        <dependency>
-            <groupId>com.sun.jersey.contribs</groupId>
-            <artifactId>jersey-multipart</artifactId>
-            <version>1.19.4</version>
-        </dependency>
--->
 <!-- JERSEY -->
+
     <!-- https://mvnrepository.com/artifact/org.jvnet.mimepull/mimepull -->
     <dependency>
         <groupId>org.jvnet.mimepull</groupId>

src/main/java/cz/hsrs/db/util/UserUtil.java

@@ -66,8 +66,25 @@ public class UserUtil extends GroupUtil {
         ResultSet res = stmt.executeQuery(query);
         if (res.next()) {
             return res.getString(1);
-        } else
+        } else {
             throw new NoItemFoundException("getUserPassword " + user_name + " not found.");
+        }
+    }
+    /**
+     * Methods provides rightID of the given user
+     * @param userName is the unique user name
+     * @return integer represents rightID
+     * @throws SQLException 
+     * @throws NoItemFoundException 
+     */
+    public int getRightsId(String userName) throws SQLException, NoItemFoundException {
+        String query = "SELECT rights_id FROM system_users WHERE user_name='"+userName+"';";
+        ResultSet res = SQLExecutor.getInstance().executeQuery(query);
+        if(res.next()) {
+            return res.getInt(1);
+        } else {
+                throw new NoItemFoundException("Rights for " + userName + " not found!");
+        }
     }
     
     /**

src/main/java/cz/hsrs/servlet/provider/AlertService.java

@@ -1,87 +1,89 @@
-/**
- * 
- */
-package cz.hsrs.servlet.provider;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.sql.SQLException;
-import java.util.List;
-
-import javax.naming.AuthenticationException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import cz.hsrs.db.DBJsonUtils;
-import cz.hsrs.db.model.AlertEvent;
-import cz.hsrs.db.util.UtilFactory;
-import cz.hsrs.servlet.feeder.ServiceParameters;
-import cz.hsrs.servlet.security.LoginUser;
-
-/**
- * Servlet handling request for alerts
- * @author mkepka
- */
-public class AlertService extends DBServlet{
-    private static final long serialVersionUID = 1L;
-    
-    public static final String GET_ALERTS = "GetAlerts";
-    public static final String GET_ALERT_EVENTS_BY_TIME = "GetAlertEventsByTime";
-    
-    private UtilFactory db;
-    
-    public void init() throws ServletException {
-        super.init();
-        try {
-            db = new UtilFactory();
-        } catch (Exception e) {
-            throw new ServletException(e);
-        }
-    }
-    
-    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-        super.doGet(request, response);
-
-        RequestParameters params = new RequestParameters(request);
-
-        try {
-            getAuthenticatedLoginUser(request);
-        } catch (AuthenticationException e1) {
-            throw new ServletException("Authentication failure for request "+ request.getQueryString());
-        }
-
-        response.addHeader("Access-Control-Allow-Origin", "*");
-        PrintWriter out = response.getWriter();
-        try {
-            if (request.getParameter(ServiceParameters.OPERATION).equals(GET_ALERTS)) {
-                DBJsonUtils.writeJSON(out, db.alertUtil.getAlerts(params.getUnitId()));
-            }
-            else if (request.getParameter(ServiceParameters.OPERATION).equals(GET_ALERT_EVENTS_BY_TIME)) {
-                List<AlertEvent> events = db.alertUtil.getAlertEventsByTime(params.getUnitId(), params.from, params.to);
-                DBJsonUtils.writeJSON(out, events);
-            } else {
-                throw new ServletException("Wrong request "+request.getQueryString());
-            }
-        } catch (SQLException e) {
-            solveGetException(e, out);
-        }
-    }
-
-    static class RequestParameters {
-        private final long unitId;
-        private final String from;
-        private final String to;
-
-        RequestParameters(HttpServletRequest request) throws NullPointerException {
-            Object uid = request.getParameter("unit_id");
-            this.unitId = uid != null ? Long.parseLong(uid.toString()) : null;
-            this.from = request.getParameter("from");
-            this.to = request.getParameter("to");
-        }
-
-        public long getUnitId() {
-            return unitId;
-        }
-    }
+/**
+ * 
+ */
+package cz.hsrs.servlet.provider;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.sql.SQLException;
+import java.util.List;
+
+import javax.naming.AuthenticationException;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import cz.hsrs.db.DBJsonUtils;
+import cz.hsrs.db.model.AlertEvent;
+import cz.hsrs.db.util.UtilFactory;
+import cz.hsrs.servlet.feeder.ServiceParameters;
+
+/**
+ * Servlet handling request for alerts
+ * @author mkepka
+ */
+public class AlertService extends DBServlet{
+    private static final long serialVersionUID = 1L;
+    
+    public static final String GET_ALERTS = "GetAlerts";
+    public static final String GET_ALERT_EVENTS_BY_TIME = "GetAlertEventsByTime";
+    
+    private UtilFactory db;
+    
+    public void init() throws ServletException {
+        super.init();
+        try {
+            db = new UtilFactory();
+        } catch (Exception e) {
+            throw new ServletException(e);
+        }
+    }
+    
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        super.doGet(request, response);
+
+        RequestParameters params = new RequestParameters(request);
+        
+        /* session authentication method */
+        try {
+            getAuthenticatedLoginUser(request);
+        } catch (AuthenticationException e1) {
+            throw new ServletException("Authentication failure for request "+ request.getQueryString());
+        }
+        
+        response.addHeader("Access-Control-Allow-Origin", "*");
+        PrintWriter out = response.getWriter();
+        try {
+        	/* GetAlerts request */
+            if (request.getParameter(ServiceParameters.OPERATION).equals(GET_ALERTS)) {
+                DBJsonUtils.writeJSON(out, db.alertUtil.getAlerts(params.getUnitId()));
+            }
+            /* GetAlertEventsByTime request */
+            else if (request.getParameter(ServiceParameters.OPERATION).equals(GET_ALERT_EVENTS_BY_TIME)) {
+                List<AlertEvent> events = db.alertUtil.getAlertEventsByTime(params.getUnitId(), params.from, params.to);
+                DBJsonUtils.writeJSON(out, events);
+            } else {
+                throw new ServletException("Wrong request "+request.getQueryString());
+            }
+        } catch (SQLException e) {
+            solveGetException(e, out);
+        }
+    }
+
+    static class RequestParameters {
+        private final long unitId;
+        private final String from;
+        private final String to;
+
+        RequestParameters(HttpServletRequest request) throws NullPointerException {
+            Object uid = request.getParameter("unit_id");
+            this.unitId = uid != null ? Long.parseLong(uid.toString()) : null;
+            this.from = request.getParameter("from");
+            this.to = request.getParameter("to");
+        }
+
+        public long getUnitId() {
+            return unitId;
+        }
+    }
 }

src/main/java/cz/hsrs/servlet/provider/AnalystService.java

@@ -17,6 +17,7 @@ import cz.hsrs.db.util.UtilFactory;
 import cz.hsrs.servlet.feeder.ServiceParameters;
 
 /**
+ * Servlet providing FarmTelemetry analyses
  * @author mkepka
  *
  */
@@ -53,7 +54,7 @@ public class AnalystService extends DBServlet{
     protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         super.doGet(request, response);
         
-        /* For FarmTelemetry purpose only temporary
+        /* 
          * AnalystService?Operation=GetWorkOnSites&user=telemetry&unit_id=356173060289134&date=2015-11-13
          * AnalystService?Operation=GetWorkOnSites&user=telemetry&unit_id=356173060289134&from=2015-11-13&to=2015-11-15
          * 
@@ -87,6 +88,10 @@ public class AnalystService extends DBServlet{
          * AnalystService?Operation=GetManagementZoneGeomByPoint&user=telemetry&point=1942324.5738307,6365182.80917219
          * 
          */
+        
+        /*
+         * For FarmTelemetry purpose only temporary authentication
+         * */
         RequestParameters params = new RequestParameters(request);
         String user = params.getUsername();
         if(user == null){

src/main/java/cz/hsrs/servlet/provider/ChartServlet.java

@@ -1,129 +1,128 @@
-package cz.hsrs.servlet.provider;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Properties;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import cz.hsrs.db.ChartGenerator;
-import cz.hsrs.db.DBChartUtils;
-import cz.hsrs.db.pool.SQLExecutor;
-import cz.hsrs.db.util.SensorUtil;
-
-/**
- * Servlet implementation class ChartServlet
- */
-public class ChartServlet extends HttpServlet {
-
-	static final long serialVersionUID = 1L;
-
-	public static final String FROMTIME = "fromtime";
-	public static final String TOTIME = "totime";
-	public static final String PHENOMENON = "phenomenon";
-	public static final String SENSOR_ID = "sensor_id";
-	public static final String UNIT_ID = "unit_id";
-	public static final String GID = "gid";
-	public static final String OPERATION = "operation";
-	public static final String SERVICE = "service";
-	public static final String REQUEST = "request";
-	public static final String HEIGHT = "height";
-	public static final String WIDTH = "width";
-
-	private final String chartDir = "";
-
-	private static File pngFile;
-
-		// http://localhost:8080/DBService/ChartServlet?operation=GetPNG&sensor_id=20&width=500&height=300
-
-
-	public ChartServlet() {
-		super();
-	}
-
-
-	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-		processRequest(request, response);
-	}
-
-	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-		processRequest(request, response);
-	}
-
-	protected void processRequest(HttpServletRequest request,
-			HttpServletResponse response) throws ServletException, IOException {
-		try {
-			if (request.getParameter(ChartServlet.OPERATION).equals("GetPNG")) {
-				if (pngFile != null) {
-					pngFile.delete();
-				}
-				pngFile = generateTargetLink(request);
-				RequestDispatcher rd = request
-				.getRequestDispatcher(chartDir + pngFile.getName());
-				rd.forward(request, response);
-			} else if (request.getParameter(ChartServlet.OPERATION).equals("GetObservation")) {
-				throw new NullPointerException("Not yet implemented.");
-			} else {
-				throw new NullPointerException("No operation specified.");
-			}
-		} catch (Exception e) {
-			request.setAttribute("exception", e);
-			RequestDispatcher rd = request.getRequestDispatcher("/errorpage.jsp");
-			rd.forward(request, response);
-		}
-
-	}
-
-	protected File generateTargetLink(HttpServletRequest request) throws Exception {
-
-		String fromTime = request.getParameter(ChartServlet.FROMTIME);
-		String toTime = request.getParameter(ChartServlet.TOTIME);
-		String sensor_id = request.getParameter(ChartServlet.SENSOR_ID);
-		String unit_id = request.getParameter(ChartServlet.UNIT_ID);
-		String height = request.getParameter(ChartServlet.HEIGHT);
-		String width =  request.getParameter(ChartServlet.WIDTH);
-
-		Date dateFrom, dateTo;
-		if (fromTime == null && toTime == null) {
-			Date d = new Date();
-			dateFrom = new Date(d.getTime() - (1000 * 60 * 60 * 24 * 7));
-			dateTo = new Date(d.getTime());
-		} else {
-			final SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd-HH-mm-ss");
-			dateFrom = new Date(format.parse(fromTime).getTime());
-			dateTo = new Date(format.parse(toTime).getTime());
-		}
-		
-		int h = Integer.parseInt(height);
-		int w = Integer.parseInt(width);	
-		long s_id = Long.parseLong(sensor_id);
-		long u_id = Long.parseLong(unit_id);
-		
-		String dir = getServletContext().getRealPath(chartDir);
-		ChartGenerator chg = new ChartGenerator(dir);
-
-		SensorUtil sens = new SensorUtil();
-		return chg.getSensorChart(sens.getSensorById(s_id), u_id, dateFrom, dateTo, w, h);
-
-	}
-
-	@Override
-	public void init() throws ServletException {
-		super.init();
-		String propFile = getServletContext().getRealPath("WEB-INF/database.properties");
-		Properties prop = new Properties();
-		try {
-			prop.load(new FileInputStream(propFile));
-			SQLExecutor.setProperties(prop);
-		} catch (Exception e) {
-			throw new ServletException(e.getMessage());
-		}
-	}
-}
+package cz.hsrs.servlet.provider;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.Properties;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import cz.hsrs.db.ChartGenerator;
+import cz.hsrs.db.pool.SQLExecutor;
+import cz.hsrs.db.util.SensorUtil;
+
+/**
+ * Servlet implementation class ChartServlet
+ */
+public class ChartServlet extends HttpServlet {
+
+	static final long serialVersionUID = 1L;
+
+	public static final String FROMTIME = "fromtime";
+	public static final String TOTIME = "totime";
+	public static final String PHENOMENON = "phenomenon";
+	public static final String SENSOR_ID = "sensor_id";
+	public static final String UNIT_ID = "unit_id";
+	public static final String GID = "gid";
+	public static final String OPERATION = "operation";
+	public static final String SERVICE = "service";
+	public static final String REQUEST = "request";
+	public static final String HEIGHT = "height";
+	public static final String WIDTH = "width";
+
+	private final String chartDir = "";
+
+	private static File pngFile;
+
+		// http://localhost:8080/DBService/ChartServlet?operation=GetPNG&sensor_id=20&width=500&height=300
+
+
+	public ChartServlet() {
+		super();
+	}
+
+
+	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+		processRequest(request, response);
+	}
+
+	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+		processRequest(request, response);
+	}
+
+	protected void processRequest(HttpServletRequest request,
+			HttpServletResponse response) throws ServletException, IOException {
+		try {
+			if (request.getParameter(ChartServlet.OPERATION).equals("GetPNG")) {
+				if (pngFile != null) {
+					pngFile.delete();
+				}
+				pngFile = generateTargetLink(request);
+				RequestDispatcher rd = request
+				.getRequestDispatcher(chartDir + pngFile.getName());
+				rd.forward(request, response);
+			} else if (request.getParameter(ChartServlet.OPERATION).equals("GetObservation")) {
+				throw new NullPointerException("Not yet implemented.");
+			} else {
+				throw new NullPointerException("No operation specified.");
+			}
+		} catch (Exception e) {
+			request.setAttribute("exception", e);
+			RequestDispatcher rd = request.getRequestDispatcher("/errorpage.jsp");
+			rd.forward(request, response);
+		}
+
+	}
+
+	protected File generateTargetLink(HttpServletRequest request) throws Exception {
+
+		String fromTime = request.getParameter(ChartServlet.FROMTIME);
+		String toTime = request.getParameter(ChartServlet.TOTIME);
+		String sensor_id = request.getParameter(ChartServlet.SENSOR_ID);
+		String unit_id = request.getParameter(ChartServlet.UNIT_ID);
+		String height = request.getParameter(ChartServlet.HEIGHT);
+		String width =  request.getParameter(ChartServlet.WIDTH);
+
+		Date dateFrom, dateTo;
+		if (fromTime == null && toTime == null) {
+			Date d = new Date();
+			dateFrom = new Date(d.getTime() - (1000 * 60 * 60 * 24 * 7));
+			dateTo = new Date(d.getTime());
+		} else {
+			final SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd-HH-mm-ss");
+			dateFrom = new Date(format.parse(fromTime).getTime());
+			dateTo = new Date(format.parse(toTime).getTime());
+		}
+		
+		int h = Integer.parseInt(height);
+		int w = Integer.parseInt(width);	
+		long s_id = Long.parseLong(sensor_id);
+		long u_id = Long.parseLong(unit_id);
+		
+		String dir = getServletContext().getRealPath(chartDir);
+		ChartGenerator chg = new ChartGenerator(dir);
+
+		SensorUtil sens = new SensorUtil();
+		return chg.getSensorChart(sens.getSensorById(s_id), u_id, dateFrom, dateTo, w, h);
+
+	}
+
+	@Override
+	public void init() throws ServletException {
+		super.init();
+		String propFile = getServletContext().getRealPath("WEB-INF/database.properties");
+		Properties prop = new Properties();
+		try {
+			prop.load(new FileInputStream(propFile));
+			SQLExecutor.setProperties(prop);
+		} catch (Exception e) {
+			throw new ServletException(e.getMessage());
+		}
+	}
+}

src/main/java/cz/hsrs/servlet/provider/DataService.java

@@ -53,7 +53,7 @@ public class DataService extends DBServlet {
         super.doGet(request, response);
         RequestParameters params = new RequestParameters(request);
         
-        /* For FarmTelemetry purpose only temporary */
+        /* For FarmTelemetry purpose only temporary authentication */
 /*       
         String user = params.getUser();
         if(user == null){
@@ -70,7 +70,7 @@ public class DataService extends DBServlet {
             }
         }
 */
-        /* session login method */
+        /* session authentication method */
         LoginUser loggedUser;
         try {
             loggedUser = getAuthenticatedLoginUser(request);

src/main/java/cz/hsrs/servlet/provider/GroupService.java

@@ -1,106 +1,107 @@
-package cz.hsrs.servlet.provider;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.sql.SQLException;
-
-import javax.naming.AuthenticationException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.core.HttpHeaders;
-
-import cz.hsrs.db.DBJsonUtils;
-import cz.hsrs.db.util.UtilFactory;
-import cz.hsrs.servlet.feeder.ServiceParameters;
-import cz.hsrs.servlet.security.LoginUser;
-
-/**
- * Servlet implementation class GroupService
- */
-public class GroupService extends DBServlet{
-    private static final long serialVersionUID = 1L;
-    
-    public static final String GET_SUPER_GROUPS = "GetSuperGroups";    
-    public static final String GET_SUB_GROUPS = "GetSubGroups";    
-    public static final String GET_GROUPS = "GetGroups";
-
-    private UtilFactory db;
-       
-    /** @see HttpServlet#HttpServlet() */
-    public GroupService() { super(); }
-
-    public void init() throws ServletException {
-        super.init();
-        
-        try {
-            db = new UtilFactory();
-        } catch (Exception e) {
-            throw new ServletException(e);
-        }
-    }
-    /** @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response */
-    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-        super.doGet(request, response);
-        RequestParameters params = new RequestParameters(request);
-
-        LoginUser loggedUser;
-        try {
-            loggedUser = getAuthenticatedLoginUser(request);
-            String userName = loggedUser.getUserName();
-            params.setUser(userName);
-        } catch (AuthenticationException e1) {
-            throw new ServletException("Authentication failure for request "+ request.getQueryString());
-        }
-
-        response.addHeader("Access-Control-Allow-Origin", "*");
-        response.addHeader(HttpHeaders.CONTENT_TYPE, "application/json;charset=UTF-8");
-        // params.setUSER("");
-
-        PrintWriter out = response.getWriter();
-        try {
-            switch (request.getParameter(ServiceParameters.OPERATION)) {
-                case GET_GROUPS:
-                    DBJsonUtils.writeJSON(out, db.groupUtil.getGroups(params.getUser()));
-                    break;
-                case GET_SUPER_GROUPS:
-                    DBJsonUtils.writeJSON(out, db.groupUtil.getSuperGroups(params.getUser()));
-                    break;
-                case GET_SUB_GROUPS:
-                    DBJsonUtils.writeJSON(out, db.groupUtil.getSubGroups(params.getGroupId()));
-                    break;
-                default:
-                    throw new NullPointerException("No operation specified.");
-            }
-        } catch (SQLException e) {
-            solveGetException(e, out);
-        }
-    }
-
-    static class RequestParameters {
-        private String user;
-        private int groupId;
-
-        RequestParameters(HttpServletRequest request) throws NullPointerException{
-            Object id = request.getParameter("parent_group");
-            this.groupId = id != null ? Integer.parseInt(id.toString()) : -1;
-        }
-
-        public String getUser() {
-            return user;
-        }
-
-        public int getGroupId() {
-            return groupId;
-        }
-
-        public void setGroupId(int groupId) {
-            this.groupId = groupId;
-        }
-
-        public void setUser(String user) {
-            this.user = user;
-        }
-    }
+package cz.hsrs.servlet.provider;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.sql.SQLException;
+
+import javax.naming.AuthenticationException;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.HttpHeaders;
+
+import cz.hsrs.db.DBJsonUtils;
+import cz.hsrs.db.util.UtilFactory;
+import cz.hsrs.servlet.feeder.ServiceParameters;
+import cz.hsrs.servlet.security.LoginUser;
+
+/**
+ * Servlet implementation class GroupService
+ * @author jezekjan
+ */
+public class GroupService extends DBServlet{
+    private static final long serialVersionUID = 1L;
+    
+    public static final String GET_SUPER_GROUPS = "GetSuperGroups";    
+    public static final String GET_SUB_GROUPS = "GetSubGroups";    
+    public static final String GET_GROUPS = "GetGroups";
+
+    private UtilFactory db;
+       
+    /** @see HttpServlet#HttpServlet() */
+    public GroupService() { super(); }
+
+    public void init() throws ServletException {
+        super.init();
+        
+        try {
+            db = new UtilFactory();
+        } catch (Exception e) {
+            throw new ServletException(e);
+        }
+    }
+    /** @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response */
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        super.doGet(request, response);
+        RequestParameters params = new RequestParameters(request);
+
+        /* session authentication method */
+        LoginUser loggedUser;
+        try {
+            loggedUser = getAuthenticatedLoginUser(request);
+            String userName = loggedUser.getUserName();
+            params.setUser(userName);
+        } catch (AuthenticationException e1) {
+            throw new ServletException("Authentication failure for request "+ request.getQueryString());
+        }
+
+        response.addHeader("Access-Control-Allow-Origin", "*");
+        response.addHeader(HttpHeaders.CONTENT_TYPE, "application/json;charset=UTF-8");
+
+        PrintWriter out = response.getWriter();
+        try {
+            switch (request.getParameter(ServiceParameters.OPERATION)) {
+                case GET_GROUPS:
+                    DBJsonUtils.writeJSON(out, db.groupUtil.getGroups(params.getUser()));
+                    break;
+                case GET_SUPER_GROUPS:
+                    DBJsonUtils.writeJSON(out, db.groupUtil.getSuperGroups(params.getUser()));
+                    break;
+                case GET_SUB_GROUPS:
+                    DBJsonUtils.writeJSON(out, db.groupUtil.getSubGroups(params.getGroupId()));
+                    break;
+                default:
+                    throw new NullPointerException("No operation specified.");
+            }
+        } catch (SQLException e) {
+            solveGetException(e, out);
+        }
+    }
+
+    static class RequestParameters {
+        private String user;
+        private int groupId;
+
+        RequestParameters(HttpServletRequest request) throws NullPointerException{
+            Object id = request.getParameter("parent_group");
+            this.groupId = id != null ? Integer.parseInt(id.toString()) : -1;
+        }
+
+        public String getUser() {
+            return user;
+        }
+
+        public int getGroupId() {
+            return groupId;
+        }
+
+        public void setGroupId(int groupId) {
+            this.groupId = groupId;
+        }
+
+        public void setUser(String user) {
+            this.user = user;
+        }
+    }
 }

src/main/java/cz/hsrs/servlet/provider/ManagementService.java

@@ -4,6 +4,7 @@ import java.io.BufferedReader;
 import java.io.IOException;
 import java.sql.SQLException;
 
+import javax.naming.AuthenticationException;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -20,6 +21,7 @@ import cz.hsrs.db.model.NoItemFoundException;
 import cz.hsrs.db.model.insert.UnitInsert;
 import cz.hsrs.db.util.UtilFactory;
 import cz.hsrs.servlet.feeder.ServiceParameters;
+import cz.hsrs.servlet.security.LoginUser;
 
 
 /**
@@ -118,10 +120,18 @@ public class ManagementService extends DBServlet {
         response.addHeader("Access-Control-Allow-Origin", "*");
         
         /* -- Prihlasovani -- */
-        String user = request.getParameter("user");
+/*        String user = request.getParameter("user");
         if (isNotAuthorized(user)) {
             throw new ServletException("Authentication failure for request: "+ request.getQueryString());
         }
+*/        
+        /* session authentication method */
+        LoginUser loggedUser;
+        try {
+            loggedUser = getAuthenticatedLoginUser(request);
+        } catch (AuthenticationException e1) {
+            throw new ServletException("Authentication failure for request "+ request.getQueryString());
+        }
 
         String contentType = request.getHeader(HttpHeaders.CONTENT_TYPE);
         if (contentType != null && !contentType.equalsIgnoreCase(JSON_CONTENT)) {
@@ -140,8 +150,8 @@ public class ManagementService extends DBServlet {
             JSONObject bodyJson = stringToJson(body);
             String operationMode = request.getParameter(ServiceParameters.OPERATION);
             switch (operationMode) {
-                case INSERT_UNIT:   bodyResponse = insertUnit(bodyJson, user);   break;
-                case INSERT_SENSOR: bodyResponse = insertSensor(bodyJson, user); break;
+                case INSERT_UNIT:   bodyResponse = insertUnit(bodyJson, loggedUser.getUserName());   break;
+                case INSERT_SENSOR: bodyResponse = insertSensor(bodyJson, loggedUser.getUserName()); break;
                 default: throw new ServletException(
                         String.format("No operation specified! Allowed: [%s, %s].", INSERT_UNIT, INSERT_SENSOR)
                 );

src/main/java/cz/hsrs/servlet/provider/SensorService.java

@@ -15,6 +15,11 @@ import cz.hsrs.db.util.UtilFactory;
 import cz.hsrs.servlet.feeder.ServiceParameters;
 import cz.hsrs.servlet.security.LoginUser;
 
+/**
+ * Servlet provides methods for Sensor services 
+ * @author jezekjan
+ *
+ */
 public class SensorService extends DBServlet {
 
     private static final long serialVersionUID = 1L;
@@ -51,21 +56,6 @@ public class SensorService extends DBServlet {
             throw new ServletException("Authentication failure for request "+ request.getQueryString());
         }
         
-        /* Simple TESTING auth method */
-        /*
-        if(params.getUser() == null){
-            throw new ServletException("Authentication failure, no user specified for request: "+ request.getQueryString());
-        } else{
-            try {
-                String testLang = db.userUtil.getUserLanguage(params.getUser());
-                if(testLang.isEmpty()){
-                    throw new ServletException("Authentication failure for request "+ request.getQueryString());
-                }
-            } catch (SQLException | NoItemFoundException e1) {
-                throw new ServletException("Authentication failure for request "+ request.getQueryString());
-            }
-        }
-        */
         response.addHeader("Access-Control-Allow-Origin", "*");
         response.addHeader(HttpHeaders.CONTENT_TYPE, "application/json;charset=UTF-8");
 

src/main/java/cz/hsrs/servlet/security/ControllerServlet.java

@@ -1,100 +1,105 @@
-package cz.hsrs.servlet.security;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import cz.hsrs.servlet.provider.DBServlet;
-
-public class ControllerServlet extends DBServlet {
-
-    /**
-     * 
-     */
-    private static final long serialVersionUID = 1L;
-    //private String feedback = "";
-    private HttpSession session = null;
-
-    protected void procesRequest(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
-        req.getSession().invalidate();
-        
-        session = req.getSession(true);
-        session.setMaxInactiveInterval(60*10);
-
-        // if (session.getAttribute(JSPHelper.USERATTRIBUTE)==null) {
-        /** Session je prazdna... Uzivatel se musi nalogovat */
-        LoginUser user = new LoginUser(req);
-
-        /*tests if request came from GUI or from light REST client*/
-        String coming = req.getParameter("coming");
-        
-        if (user.athenticate(req.getParameter("username"), req.getParameter("password"))) {
-            /** uspesny login - dej uzivatele do session a presmeruj */
-            session.setAttribute(JSPHelper.USERATTRIBUTE, user);
-            
-            Cookie sescookie = new Cookie("sessionid",req.getSession().getId());
-            Cookie langcookie = new Cookie("language",user.getUserLanguage());
-            Cookie audiocookie = new Cookie("audio",String.valueOf(user.isAudio()));
-            sescookie.setPath("/");
-            langcookie.setPath("/");
-            audiocookie.setPath("/");
-            resp.addCookie(sescookie);
-            resp.addCookie(langcookie);
-            resp.addCookie(audiocookie);
-            
-            if(coming != null){
-                if (coming.equalsIgnoreCase("null") == false){
-                    if(coming.equalsIgnoreCase("/insert.jsp")==true){
-                        JSPHelper.redirect(resp, req.getContextPath() + "/insert.jsp?unit_id");
-                    }
-                    else if(coming.equalsIgnoreCase("/vypis.jsp")==true){
-                        JSPHelper.redirect(resp, req.getContextPath() + "/index.jsp");
-                    }
-                    else{
-                        JSPHelper.redirect(resp, req.getContextPath() + coming);
-                    }
-                }
-                else{
-                    JSPHelper.redirect(resp, req.getContextPath() + "/crossroad.jsp");
-                }
-            }
-            /** request doesn't contain coming parameter - came from REST client*/
-            else{
-                resp.setStatus(200);
-                resp.setHeader("Access-Control-Allow-Origin", "*");
-                resp.getWriter().println("{\"sessionid\":\""+req.getSession().getId()+"\", "
-                        + "\"language\":\""+user.getUserLanguage()+"\", \"audio\":\""+ user.isAudio() +"\"}");
-            }
-        } else {
-        	/** Login prichazi z webove stranky, vrat webovou stranku 
-        	 */
-            if(coming != null){
-                /** spatny login - presmeruj na stranku pro nalogovani */
-                session.setAttribute(JSPHelper.FEEDBACKATTRIBUTE, "Wrong login or user name");
-                JSPHelper.redirect(resp, req.getContextPath() + "/signin.jsp");
-                /** Login prichazi z REST klienta, vrat jen zpravu*/
-            } else{
-                resp.setStatus(401);
-                resp.setHeader("Access-Control-Allow-Origin", "*");
-                resp.setHeader("Content-Type", "text/plain; charset=utf-8");
-                resp.getWriter().println("Wrong username or password!");
-            }
-        }
-    }
-
-    @Override
-    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
-        procesRequest(req, resp);
-    }
-    
-    @Override
-    protected void doPost(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
-        procesRequest(req, resp);
-    }
+package cz.hsrs.servlet.security;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import cz.hsrs.servlet.provider.DBServlet;
+
+/**
+ * Servlet for user authentication
+ * @author jezekjan
+ *
+ */
+public class ControllerServlet extends DBServlet {
+
+    /**
+     * 
+     */
+    private static final long serialVersionUID = 1L;
+    //private String feedback = "";
+    private HttpSession session = null;
+
+    protected void procesRequest(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+        req.getSession().invalidate();
+        
+        session = req.getSession(true);
+        session.setMaxInactiveInterval(60*10);
+
+        // if (session.getAttribute(JSPHelper.USERATTRIBUTE)==null) {
+        /** Session je prazdna... Uzivatel se musi nalogovat */
+        LoginUser user = new LoginUser(req);
+
+        /*tests if request came from GUI or from light REST client*/
+        String coming = req.getParameter("coming");
+        
+        if (user.athenticate(req.getParameter("username"), req.getParameter("password"))) {
+            /** uspesny login - dej uzivatele do session a presmeruj */
+            session.setAttribute(JSPHelper.USERATTRIBUTE, user);
+            
+            Cookie sescookie = new Cookie("sessionid",req.getSession().getId());
+            Cookie langcookie = new Cookie("language",user.getUserLanguage());
+            Cookie audiocookie = new Cookie("audio",String.valueOf(user.isAudio()));
+            sescookie.setPath("/");
+            langcookie.setPath("/");
+            audiocookie.setPath("/");
+            resp.addCookie(sescookie);
+            resp.addCookie(langcookie);
+            resp.addCookie(audiocookie);
+            
+            if(coming != null){
+                if (coming.equalsIgnoreCase("null") == false){
+                    if(coming.equalsIgnoreCase("/insert.jsp")==true){
+                        JSPHelper.redirect(resp, req.getContextPath() + "/insert.jsp?unit_id");
+                    }
+                    else if(coming.equalsIgnoreCase("/vypis.jsp")==true){
+                        JSPHelper.redirect(resp, req.getContextPath() + "/index.jsp");
+                    }
+                    else{
+                        JSPHelper.redirect(resp, req.getContextPath() + coming);
+                    }
+                }
+                else{
+                    JSPHelper.redirect(resp, req.getContextPath() + "/crossroad.jsp");
+                }
+            }
+            /** request doesn't contain coming parameter - came from REST client*/
+            else{
+                resp.setStatus(200);
+                resp.setHeader("Access-Control-Allow-Origin", "*");
+                resp.setHeader("Content-Type", "application/json; charset=utf-8");
+                resp.getWriter().println("{\"sessionid\":\""+req.getSession().getId()+"\", \"language\":\""+user.getUserLanguage()+"\", \"audio\":\"" + user.isAudio() + "\", \"rightsID\":"+user.getRightsID()+"}");
+            }
+        } else {
+        	/** Login prichazi z webove stranky, vrat webovou stranku 
+        	 */
+            if(coming != null){
+                /** spatny login - presmeruj na stranku pro nalogovani */
+                session.setAttribute(JSPHelper.FEEDBACKATTRIBUTE, "Wrong login or user name");
+                JSPHelper.redirect(resp, req.getContextPath() + "/signin.jsp");
+                /** Login prichazi z REST klienta, vrat jen zpravu*/
+            } else{
+                resp.setStatus(401);
+                resp.setHeader("Access-Control-Allow-Origin", "*");
+                resp.setHeader("Content-Type", "text/plain; charset=utf-8");
+                resp.getWriter().println("Wrong username or password!");
+            }
+        }
+    }
+
+    @Override
+    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+            throws ServletException, IOException {
+        procesRequest(req, resp);
+    }
+    
+    @Override
+    protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+            throws ServletException, IOException {
+        procesRequest(req, resp);
+    }
 }

src/main/java/cz/hsrs/servlet/security/LoginUser.java

@@ -1,125 +1,140 @@
-package cz.hsrs.servlet.security;
-
-import java.sql.SQLException;
-import java.util.logging.Level;
-
-import javax.servlet.http.HttpServletRequest;
-
-import cz.hsrs.db.model.NoItemFoundException;
-import cz.hsrs.db.pool.SQLExecutor;
-import cz.hsrs.db.util.UserUtil;
-
-public class LoginUser {
-    final HttpServletRequest req;
-    private String userName;
-    private UserUtil util;
-    private String userLang;
-    private boolean audio;
-
-    public LoginUser(HttpServletRequest request) {
-        req = request;
-        util = new UserUtil();
-    }
-
-    /**
-     * Method authenticates user if given user name and password are correct
-     * @param userName of user trying to authenticate
-     * @param password of user trying to authenticate
-     * @return true if user was successfully authenticate, false elsewhere
-     */
-    public boolean athenticate(String userName, String password) {
-        String right_pass = getPassword(userName);
-        if(right_pass != null){
-            if (right_pass.equals(password)) {
-                try {
-                    this.userName = userName;
-                    this.userLang = getLanguage();
-                    this.audio = hasAudio();
-                    int sessionInserts = util.setUserSession(userName, req.getSession().getId(), req.getRemoteHost());
-                    return true;
-                } catch (SQLException e) {
-                    //** session is already in the database - so lets do the same.
-                    SQLExecutor.logger.log(Level.SEVERE, e.getMessage(), e.getStackTrace());
-                    return true;
-                }
-            } else{
-                /* password is not correct */
-                return false;
-            }
-        } else {
-            /* user wasn't found */
-            return false;
-        }
-    }
-
-    public boolean isAudio() {
-        return audio;
-    }
-
-    public boolean logOut(HttpServletRequest request) {
-        try{
-            request.getSession().invalidate();
-            return true;
-        } catch (Exception e) {
-            return false;
-        } 
-    }
-
-    public boolean isAuthenticated() {
-        return (userName != null);
-    }
-
-    public String getUserName() {
-        return userName;
-    }
-
-    public String getUserLanguage() {
-        return userLang;
-    }
-    
-    public void setUserLanguage(String newLang){
-        if(setLanguage(newLang)==true){
-            this.userLang = newLang;
-        }
-    }
-    
-    private boolean setLanguage(String newLang){
-        UserUtil uUtil = new UserUtil();
-        try {
-            uUtil.setUserLanguage(userName, newLang);
-            return true;
-        } catch (SQLException e) {
-            SQLExecutor.logger.log(Level.SEVERE, e.getMessage(), e.getStackTrace());
-            return false;
-        }
-    }
-
-    private String getLanguage() throws SQLException{
-        try {
-            UserUtil util = new UserUtil();
-            return util.getUserLanguage(userName);
-        } catch (NoItemFoundException e) {
-            throw new SQLException(e);
-        } 
-        
-    }
-    
-    private boolean hasAudio() throws SQLException{
-        try {
-            UserUtil util = new UserUtil();
-            return util.getAudio(userName);
-        } catch (NoItemFoundException e) {
-            throw new SQLException(e);
-        } 
-        
-    }
-    
-    protected String getPassword(String un) {
-        try {
-            return util.getUserPassword(un);
-        } catch (Exception e) {
-             SQLExecutor.logger.log(Level.SEVERE, e.getMessage(), e.getStackTrace());
-             return null;
-        }
-    }
+package cz.hsrs.servlet.security;
+
+import java.sql.SQLException;
+import java.util.logging.Level;
+
+import javax.servlet.http.HttpServletRequest;
+
+import cz.hsrs.db.model.NoItemFoundException;
+import cz.hsrs.db.pool.SQLExecutor;
+import cz.hsrs.db.util.UserUtil;
+
+public class LoginUser {
+    final HttpServletRequest req;
+    private String userName;
+    private UserUtil util;
+    private String userLang;
+    private boolean audio;
+    private int rightsId;
+    //private int groupId;
+
+    public LoginUser(HttpServletRequest request) {
+        req = request;
+        util = new UserUtil();
+    }
+
+    /**
+     * Method authenticates user if given user name and password are correct
+     * @param userName of user trying to authenticate
+     * @param password of user trying to authenticate
+     * @return true if user was successfully authenticate, false elsewhere
+     */
+    public boolean athenticate(String userName, String password) {
+        String right_pass = getPassword(userName);
+        if(right_pass != null){
+            if (right_pass.equals(password)) {
+                try {
+                    this.userName = userName;
+                    this.userLang = getLanguage();
+                    this.audio = hasAudio();
+                    this.rightsId = getRights();
+                    int sessionInserts = util.setUserSession(userName, req.getSession().getId(), req.getRemoteHost());
+                    return true;
+                } catch (SQLException e) {
+                    //** session is already in the database - so lets do the same.
+                    SQLExecutor.logger.log(Level.SEVERE, e.getMessage(), e.getStackTrace());
+                    return true;
+                }
+            } else{
+                /* password is not correct */
+                return false;
+            }
+        } else {
+            /* user wasn't found */
+            return false;
+        }
+    }
+
+    public boolean isAudio() {
+        return audio;
+    }
+
+    public boolean logOut(HttpServletRequest request) {
+        try{
+            request.getSession().invalidate();
+            return true;
+        } catch (Exception e) {
+            return false;
+        } 
+    }
+
+    public boolean isAuthenticated() {
+        return (userName != null);
+    }
+
+    public String getUserName() {
+        return userName;
+    }
+
+    public String getUserLanguage() {
+        return userLang;
+    }
+    
+    public int getRightsID() {
+        return this.rightsId;
+    }
+    
+    public void setUserLanguage(String newLang){
+        if(setLanguage(newLang)==true){
+            this.userLang = newLang;
+        }
+    }
+    
+    private boolean setLanguage(String newLang){
+        UserUtil uUtil = new UserUtil();
+        try {
+            uUtil.setUserLanguage(userName, newLang);
+            return true;
+        } catch (SQLException e) {
+            SQLExecutor.logger.log(Level.SEVERE, e.getMessage(), e.getStackTrace());
+            return false;
+        }
+    }
+
+    private int getRights() throws SQLException {
+        try {
+            return util.getRightsId(userName);
+        }catch (NoItemFoundException e) {
+            throw new SQLException(e);
+        } 
+    }
+    
+    private String getLanguage() throws SQLException{
+        try {
+            UserUtil util = new UserUtil();
+            return util.getUserLanguage(userName);
+        } catch (NoItemFoundException e) {
+            throw new SQLException(e);
+        } 
+        
+    }
+    
+    private boolean hasAudio() throws SQLException{
+        try {
+            UserUtil util = new UserUtil();
+            return util.getAudio(userName);
+        } catch (NoItemFoundException e) {
+            throw new SQLException(e);
+        } 
+        
+    }
+    
+    protected String getPassword(String un) {
+        try {
+            return util.getUserPassword(un);
+        } catch (Exception e) {
+             SQLExecutor.logger.log(Level.SEVERE, e.getMessage(), e.getStackTrace());
+             return null;
+        }
+    }
 }