Commit d5584f64 authored by Franz Reischl's avatar Franz Reischl
Browse files

Only returns List of users, not their roles or password

parent 618e3507
package university.at.jku.ce.authentication;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import university.at.jku.ce.dao.StudentDao;
import university.at.jku.ce.dao.h2dao.H2StudentDao;
import university.at.jku.ce.model.User;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
......@@ -15,10 +13,11 @@ import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.ext.Provider;
import university.at.jku.ce.dao.StudentDao;
import university.at.jku.ce.dao.h2dao.H2StudentDao;
import university.at.jku.ce.model.User;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
/**
* This filter verify the access permissions for a user
......
package university.at.jku.ce.dao;
import java.util.List;
import university.at.jku.ce.dao.h2dao.H2StudentDao;
import university.at.jku.ce.model.Student;
import university.at.jku.ce.model.Study;
import university.at.jku.ce.model.User;
import java.util.List;
public interface StudentDao {
public Student getStudent(int matrNr);
......@@ -28,6 +29,8 @@ public interface StudentDao {
public User getUser(String username);
public List<User> getAllUsers();
public List<H2StudentDao.UserName> getAllUserNames();
public void addUser(int id, Student student);
......
package university.at.jku.ce.dao.h2dao;
import java.sql.Connection;
import java.sql.Date;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import university.at.jku.ce.dao.StudentDao;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.ext.Provider;
import university.at.jku.ce.model.Student;
import university.at.jku.ce.model.Study;
import university.at.jku.ce.model.User;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.NotFoundException;
import java.sql.*;
import java.util.ArrayList;
import java.util.List;
public class H2StudentDao implements StudentDao {
private Statement stmt;
private Connection con;
private PreparedStatement prStmt;
private ResultSet rs;
@Override
public Student getStudent(int matrNr) {
List<Student> students=new ArrayList<Student>();
try {
// STEP 1: Register JDBC driver
List<Student> students=new ArrayList<Student>();
try {
// STEP 1: Register JDBC driver
Class.forName(DaoParam.DRIVER);
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
//STEP 3: Execute a query
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
//STEP 3: Execute a query
String sql = "SELECT * FROM Student WHERE matrnr =?";
prStmt = con.prepareStatement(sql);
prStmt = con.prepareStatement(sql);
prStmt.setInt(1, matrNr);
rs=prStmt.executeQuery();
while (rs.next()) {
students.add(new Student(rs.getInt(1),rs.getString(2),rs.getString(3)));
}
// STEP 4: Clean-up environment
prStmt.close();
con.close();
} catch(SQLException se) {
//Handle errors for JDBC
se.printStackTrace();
// STEP 4: Clean-up environment
prStmt.close();
con.close();
} catch(SQLException se) {
//Handle errors for JDBC
se.printStackTrace();
throw new RuntimeException();
} catch(Exception e) {
//Handle errors for Class.forName
e.printStackTrace();
} finally {
//finally block used to close resources
try{
if(prStmt!=null) prStmt.close();
} catch(SQLException se2) {
} // nothing we can do
try {
if(con!=null) con.close();
} catch(SQLException se){
se.printStackTrace();
} //end finally try
} catch(Exception e) {
//Handle errors for Class.forName
e.printStackTrace();
} finally {
//finally block used to close resources
try{
if(prStmt!=null) prStmt.close();
} catch(SQLException se2) {
} // nothing we can do
try {
if(con!=null) con.close();
} catch(SQLException se){
se.printStackTrace();
} //end finally try
rs=null;
} //end try
if (students.size()==1) {return students.get(0);}
} //end try
if (students.size()==1) {return students.get(0);}
else {
if (students.size()<1) {throw new NotFoundException();}
else throw new RuntimeException();
......@@ -76,104 +68,104 @@ public class H2StudentDao implements StudentDao {
@Override
public List<Student> getAllStudents() {
List<Student> students=new ArrayList<Student>();
try {
// STEP 1: Register JDBC driver
List<Student> students=new ArrayList<Student>();
try {
// STEP 1: Register JDBC driver
Class.forName(DaoParam.DRIVER);
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
//STEP 3: Execute a query
stmt = con.createStatement();
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
//STEP 3: Execute a query
stmt = con.createStatement();
String sql = "SELECT * from Student";
rs=stmt.executeQuery(sql);
while (rs.next()) {
students.add(new Student(rs.getInt(1),rs.getString(2),rs.getString(3)));
}
// STEP 4: Clean-up environment
stmt.close();
con.close();
} catch(SQLException se) {
se.printStackTrace();
// STEP 4: Clean-up environment
stmt.close();
con.close();
} catch(SQLException se) {
se.printStackTrace();
throw new RuntimeException();
} catch(Exception e) {
//Handle errors for Class.forName
e.printStackTrace();
} finally {
//finally block used to close resources
try{
if(stmt!=null) stmt.close();
} catch(SQLException se2) {
} // nothing we can do
try {
if(con!=null) con.close();
} catch(SQLException se){
se.printStackTrace();
} //end finally try
} catch(Exception e) {
//Handle errors for Class.forName
e.printStackTrace();
} finally {
//finally block used to close resources
try{
if(stmt!=null) stmt.close();
} catch(SQLException se2) {
} // nothing we can do
try {
if(con!=null) con.close();
} catch(SQLException se){
se.printStackTrace();
} //end finally try
rs=null;
} //end try
} //end try
return students;
}
@Override
public Student addStudent(Student student) {
public Student addStudent(Student student) {
int nextMatrNr=0;
try {
// STEP 1: Register JDBC driver
try {
// STEP 1: Register JDBC driver
Class.forName(DaoParam.DRIVER);
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
//Step 3: Find next matrnr
stmt = con.createStatement();
stmt = con.createStatement();
String sql = "SELECT max(matrnr) from student";
rs=stmt.executeQuery(sql);
while (rs.next()) {
nextMatrNr=rs.getInt(1);
}
nextMatrNr++;
student.setMatrNr(nextMatrNr);
//STEP 4: Execute insert
//STEP 4: Execute insert
sql = "INSERT INTO student values(?,?,?)";
prStmt = con.prepareStatement(sql);
prStmt = con.prepareStatement(sql);
prStmt.setInt(1, student.getMatrNr());
prStmt.setString(2, student.getFirstName());
prStmt.setString(3, student.getLastName());
prStmt.executeUpdate();
// STEP 5: Clean-up environment
stmt.close();
// STEP 5: Clean-up environment
stmt.close();
prStmt.close();
con.close();
} catch(SQLException se) {
//Handle errors for JDBC
se.printStackTrace();
con.close();
} catch(SQLException se) {
//Handle errors for JDBC
se.printStackTrace();
throw new RuntimeException();
} catch(Exception e) {
//Handle errors for Class.forName
e.printStackTrace();
} finally {
//finally block used to close resources
try{
if(stmt!=null) stmt.close();
} catch(SQLException se2) {
} // nothing we can do
try{
if(prStmt!=null) prStmt.close();
} catch(SQLException se2) {
} // nothing we can do
try {
if(con!=null) con.close();
} catch(SQLException se){
se.printStackTrace();
} //end finally try
} catch(Exception e) {
//Handle errors for Class.forName
e.printStackTrace();
} finally {
//finally block used to close resources
try{
if(stmt!=null) stmt.close();
} catch(SQLException se2) {
} // nothing we can do
try{
if(prStmt!=null) prStmt.close();
} catch(SQLException se2) {
} // nothing we can do
try {
if(con!=null) con.close();
} catch(SQLException se){
se.printStackTrace();
} //end finally try
rs=null;
} //end try
} //end try
if (nextMatrNr!=0)addUser(nextMatrNr,student);
return student;
}
......@@ -181,230 +173,230 @@ public class H2StudentDao implements StudentDao {
@Override
public Student updateStudent(Student student) {
getStudent(student.getMatrNr());
try {
// STEP 1: Register JDBC driver
try {
// STEP 1: Register JDBC driver
Class.forName(DaoParam.DRIVER);
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
//STEP 3: Execute update
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
//STEP 3: Execute update
String sql = "UPDATE student SET firstname=?, lastname=? WHERE matrnr=? ";
prStmt = con.prepareStatement(sql);
prStmt = con.prepareStatement(sql);
prStmt.setString(1,student.getFirstName());
prStmt.setString(2, student.getLastName());
prStmt.setInt(3, student.getMatrNr());
prStmt.executeUpdate();
// STEP 5: Clean-up environment
// STEP 5: Clean-up environment
prStmt.close();
con.close();
} catch(SQLException se) {
//Handle errors for JDBC
se.printStackTrace();
con.close();
} catch(SQLException se) {
//Handle errors for JDBC
se.printStackTrace();
throw new RuntimeException();
} catch(Exception e) {
//Handle errors for Class.forName
e.printStackTrace();
} finally {
//finally block used to close resources
try{
if(prStmt!=null) prStmt.close();
} catch(SQLException se2) {
} // nothing we can do
try {
if(con!=null) con.close();
} catch(SQLException se){
se.printStackTrace();
} //end finally try
} catch(Exception e) {
//Handle errors for Class.forName
e.printStackTrace();
} finally {
//finally block used to close resources
try{
if(prStmt!=null) prStmt.close();
} catch(SQLException se2) {
} // nothing we can do
try {
if(con!=null) con.close();
} catch(SQLException se){
se.printStackTrace();
} //end finally try
rs=null;
} //end try
} //end try
updateUser(student);
return student;
}
@Override
public void removeStudent(int matrNr){
getStudent(matrNr);
try {
// STEP 1: Register JDBC driver
try {
// STEP 1: Register JDBC driver
Class.forName(DaoParam.DRIVER);
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
//STEP 3: Execute delete
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
//STEP 3: Execute delete
String sql = "DELETE FROM student where matrnr=?";
prStmt = con.prepareStatement(sql);
prStmt = con.prepareStatement(sql);
prStmt.setInt(1, matrNr);
prStmt.executeUpdate();
// STEP 5: Clean-up environment
// STEP 5: Clean-up environment
prStmt.close();
con.close();
} catch(SQLException se) {
con.close();
} catch(SQLException se) {
se.printStackTrace();
throw new BadRequestException();
} catch(Exception e) {
//Handle errors for Class.forName
e.printStackTrace();
} catch(Exception e) {
//Handle errors for Class.forName
e.printStackTrace();
throw new RuntimeException();
} finally {
//finally block used to close resources
try{
if(prStmt!=null) prStmt.close();
} catch(SQLException se2) {
} // nothing we can do
try {
if(con!=null) con.close();
} catch(SQLException se){
se.printStackTrace();
} //end finally try
} finally {
//finally block used to close resources
try{
if(prStmt!=null) prStmt.close();
} catch(SQLException se2) {
} // nothing we can do
try {
if(con!=null) con.close();
} catch(SQLException se){
se.printStackTrace();
} //end finally try
rs=null;
} //end try
} //end try
removeUser(matrNr);
}
@Override
public List<Study> getInscriptions(int matrNr) {
List<Study> inscriptions=new ArrayList<Study>();
try {
// STEP 1: Register JDBC driver
List<Study> inscriptions=new ArrayList<Study>();
try {
// STEP 1: Register JDBC driver
Class.forName(DaoParam.DRIVER);
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
//STEP 3: Execute a query
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
//STEP 3: Execute a query
String sql = "SELECT s.* FROM inscription i INNER JOIN study s ON i.studyid=s.studyid WHERE i.matrnr=? ";
prStmt = con.prepareStatement(sql);
prStmt = con.prepareStatement(sql);
prStmt.setInt(1, matrNr);
rs=prStmt.executeQuery();
while (rs.next()) {
inscriptions.add(new Study(rs.getInt(1),rs.getString(2)));
}
// STEP 4: Clean-up environment
prStmt.close();
con.close();
} catch(SQLException se) {
//Handle errors for JDBC
se.printStackTrace();
// STEP 4: Clean-up environment
prStmt.close();
con.close();
} catch(SQLException se) {
//Handle errors for JDBC
se.printStackTrace();
throw new RuntimeException();
} catch(Exception e) {
//Handle errors for Class.forName
e.printStackTrace();
} finally {
//finally block used to close resources
try{
if(prStmt!=null) prStmt.close();
} catch(SQLException se2) {
} // nothing we can do
try {
if(con!=null) con.close();
} catch(SQLException se){
se.printStackTrace();
} //end finally try
} catch(Exception e) {
//Handle errors for Class.forName
e.printStackTrace();
} finally {
//finally block used to close resources
try{
if(prStmt!=null) prStmt.close();
} catch(SQLException se2) {
} // nothing we can do
try {
if(con!=null) con.close();
} catch(SQLException se){
se.printStackTrace();
} //end finally try
rs=null;
} //end try
} //end try
return inscriptions;
}
@Override
public Study addInscription(int matrNr, Study study) {
try {
// STEP 1: Register JDBC driver
try {
// STEP 1: Register JDBC driver
Class.forName(DaoParam.DRIVER);
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
stmt = con.createStatement();
String sql = "INSERT INTO inscription values(?,?,sysdate)";
prStmt = con.prepareStatement(sql);