Commit abd1f7fe authored by Franz Reischl's avatar Franz Reischl
Browse files

Logon verification method via /users/self

parent 65801f5f
......@@ -35,8 +35,29 @@ public class UserResource {
return Response.ok(entity).build();
}
/** Can be used to verify login
* @param headers Framework headers
* @return User details
*/
@RolesAllowed({"STUDENT", "ADMIN"})
@GET
@Path("/self")
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
public Response getSelfUser(@Context HttpHeaders headers) {
ExceptionParam.setMediaType(headers.getMediaType());
List<String> authorization = headers.getRequestHeader(AUTHORIZATION_PROPERTY);
BasicAuthenticationUtil.AuthInfo authInfo = BasicAuthenticationUtil.authorize(authorization);
String authName = authInfo.getUser();
// Get the User object to be compared with login credentials
User userByName = dao.getUser(authName);
GenericEntity<User> entity = new GenericEntity<User>(userByName) {
};
return Response.ok(entity).build();
}
/**
* Get the detailed user information of a specific user
* Get the detailed user information of a specific user by its ID
* @param userId ID of specified user
* @param headers Framework headers
* @return User details
......@@ -54,7 +75,7 @@ public class UserResource {
User userByName = dao.getUser(username);
if (userByName.getRole().equals("STUDENT") && !userByName.getId().equals(userId)) throw new ForbiddenException();
if (userId <= 0) throw new BadRequestException();
if (userId < 0) throw new BadRequestException();
// Get the requested User object that will be returned (Can be different in case of admin)
User userById = dao.getUser(userId);
......
......@@ -6,7 +6,7 @@ INSERT INTO student(matrnr, firstname,lastname) values(5, 'Luis', 'Suarez');
INSERT INTO student(matrnr, firstname,lastname) values(6, 'Cristiano', 'Ronaldo');
INSERT INTO student(matrnr, firstname,lastname) values(7, 'Andrea', 'Pirlo');
INSERT INTO student(matrnr, firstname,lastname) values(8, 'Francesco', 'Totti');
INSERT INTO user(id, username, password, role) values(null, 'admin', 'admin','ADMIN');
INSERT INTO user(id, username, password, role) values(null, 'admin', 'adminpw','ADMIN');
INSERT INTO user(id, username, password, role) values(1, 'iniesta', 'iniestapw','STUDENT');
INSERT INTO user(id, username, password, role) values(2, 'messi', 'messipw','STUDENT');
INSERT INTO user(id, username, password, role) values(3, 'silva', 'silvapw','STUDENT');
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment