Commit d5584f64 authored by Franz Reischl's avatar Franz Reischl
Browse files

Only returns List of users, not their roles or password

parent 618e3507
package university.at.jku.ce.authentication;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import university.at.jku.ce.dao.StudentDao;
import university.at.jku.ce.dao.h2dao.H2StudentDao;
import university.at.jku.ce.model.User;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
......@@ -15,10 +13,11 @@ import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.ext.Provider;
import university.at.jku.ce.dao.StudentDao;
import university.at.jku.ce.dao.h2dao.H2StudentDao;
import university.at.jku.ce.model.User;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
/**
* This filter verify the access permissions for a user
......
package university.at.jku.ce.dao;
import java.util.List;
import university.at.jku.ce.dao.h2dao.H2StudentDao;
import university.at.jku.ce.model.Student;
import university.at.jku.ce.model.Study;
import university.at.jku.ce.model.User;
import java.util.List;
public interface StudentDao {
public Student getStudent(int matrNr);
......@@ -28,6 +29,8 @@ public interface StudentDao {
public User getUser(String username);
public List<User> getAllUsers();
public List<H2StudentDao.UserName> getAllUserNames();
public void addUser(int id, Student student);
......
package university.at.jku.ce.resource;
import java.util.List;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.GenericEntity;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import university.at.jku.ce.dao.StudentDao;
import university.at.jku.ce.dao.h2dao.H2StudentDao;
import university.at.jku.ce.exception.ExceptionParam;
import university.at.jku.ce.model.User;
import javax.annotation.security.PermitAll;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.*;
import java.util.List;
@Path("/users")
public class UserResource {
StudentDao dao =new H2StudentDao();
@RolesAllowed("ADMIN")
@PermitAll
@GET
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
public Response getUsers(@Context HttpHeaders headers) {
System.out.println("Roles requested");
ExceptionParam.setMediaType(headers.getMediaType());
List<User>list= dao.getAllUsers();
GenericEntity<List<User>> entity=new GenericEntity<List<User>>(list) {};
List<H2StudentDao.UserName>list =
dao.getAllUserNames();
GenericEntity<List<H2StudentDao.UserName>> entity=new GenericEntity<List<H2StudentDao.UserName>>(list) {};
return Response.ok(entity).build();
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment