Commit d5584f64 authored by Franz Reischl's avatar Franz Reischl
Browse files

Only returns List of users, not their roles or password

parent 618e3507
package university.at.jku.ce.authentication;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import university.at.jku.ce.dao.StudentDao;
import university.at.jku.ce.dao.h2dao.H2StudentDao;
import university.at.jku.ce.model.User;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
......@@ -15,10 +13,11 @@ import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.ext.Provider;
import university.at.jku.ce.dao.StudentDao;
import university.at.jku.ce.dao.h2dao.H2StudentDao;
import university.at.jku.ce.model.User;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
/**
* This filter verify the access permissions for a user
......
package university.at.jku.ce.dao;
import java.util.List;
import university.at.jku.ce.dao.h2dao.H2StudentDao;
import university.at.jku.ce.model.Student;
import university.at.jku.ce.model.Study;
import university.at.jku.ce.model.User;
import java.util.List;
public interface StudentDao {
public Student getStudent(int matrNr);
......@@ -29,6 +30,8 @@ public interface StudentDao {
public List<User> getAllUsers();
public List<H2StudentDao.UserName> getAllUserNames();
public void addUser(int id, Student student);
public void removeUser(int id);
......
package university.at.jku.ce.dao.h2dao;
import java.sql.Connection;
import java.sql.Date;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import university.at.jku.ce.dao.StudentDao;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.ext.Provider;
import university.at.jku.ce.model.Student;
import university.at.jku.ce.model.Study;
import university.at.jku.ce.model.User;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.NotFoundException;
import java.sql.*;
import java.util.ArrayList;
import java.util.List;
public class H2StudentDao implements StudentDao {
private Statement stmt;
......@@ -504,6 +496,7 @@ public class H2StudentDao implements StudentDao {
}
}
@Override
public List<User> getAllUsers(){
List<User> users=new ArrayList<User>();
try {
......@@ -549,6 +542,71 @@ public class H2StudentDao implements StudentDao {
}
public class UserName {
int id;
String name;
public int getId() {
return id;
}
public String getName() {
return name;
}
UserName(int id, String name){
this.id = id; this.name = name;
}
}
@Override
public List<UserName> getAllUserNames(){
List<UserName> users=new ArrayList<>();
try {
// STEP 1: Register JDBC driver
Class.forName(DaoParam.DRIVER);
System.out.println("adsf");
//STEP 2: Open a connection
con = DriverManager.getConnection(DaoParam.JDBC_URL,DaoParam.USER,DaoParam.PASSWORD);
//STEP 3: Execute a query
String sql = "SELECT id, username FROM user";
prStmt = con.prepareStatement(sql);
rs=prStmt.executeQuery();
while (rs.next()) {
users.add(new UserName(rs.getInt(1),rs.getString(2)));
}
// STEP 4: Clean-up environment
prStmt.close();
con.close();
} catch(SQLException se) {
//Handle errors for JDBC
se.printStackTrace();
throw new RuntimeException();
} catch(Exception e) {
//Handle errors for Class.forName
e.printStackTrace();
} finally {
//finally block used to close resources
try{
if(prStmt!=null) prStmt.close();
} catch(SQLException se2) {
} // nothing we can do
try {
if(con!=null) con.close();
} catch(SQLException se){
se.printStackTrace();
} //end finally try
rs=null;
//end try
}
return users;
}
@Override
public void addUser(int id,Student student) {
try {
......
package university.at.jku.ce.resource;
import java.util.List;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.GenericEntity;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import university.at.jku.ce.dao.StudentDao;
import university.at.jku.ce.dao.h2dao.H2StudentDao;
import university.at.jku.ce.exception.ExceptionParam;
import university.at.jku.ce.model.User;
import javax.annotation.security.PermitAll;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.*;
import java.util.List;
@Path("/users")
public class UserResource {
StudentDao dao =new H2StudentDao();
@RolesAllowed("ADMIN")
@PermitAll
@GET
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
public Response getUsers(@Context HttpHeaders headers) {
System.out.println("Roles requested");
ExceptionParam.setMediaType(headers.getMediaType());
List<User>list= dao.getAllUsers();
GenericEntity<List<User>> entity=new GenericEntity<List<User>>(list) {};
List<H2StudentDao.UserName>list =
dao.getAllUserNames();
GenericEntity<List<H2StudentDao.UserName>> entity=new GenericEntity<List<H2StudentDao.UserName>>(list) {};
return Response.ok(entity).build();
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment