Author: tchemit Date: 2014-05-16 15:49:52 +0200 (Fri, 16 May 2014) New Revision: 3963 Url: http://forge.chorem.org/projects/pollen/repository/revisions/3963 Log: review login workflow Removed: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiSession.java Modified: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestContext.java trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestFilter.java trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiUtil.java trunk/src/site/rst/restApi.rst Modified: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestContext.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestContext.java 2014-05-16 13:14:22 UTC (rev 3962) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestContext.java 2014-05-16 13:49:52 UTC (rev 3963) @@ -48,8 +48,6 @@ httpContext.getRequest().setAttribute(REQUEST_POLLEN_REQUEST_CONTEXT, serviceContext); } - protected PollenRestApiSession session; - protected PollenServiceContext serviceContext; public void setServiceContext(PollenServiceContext serviceContext) { @@ -68,14 +66,6 @@ return serviceContext.getSecurityContext(); } - public PollenRestApiSession getSession() { - return session; - } - - public void setSession(PollenRestApiSession session) { - this.session = session; - } - public SecurityService getSecurityService() { return serviceContext.newService(SecurityService.class); } Modified: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestFilter.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestFilter.java 2014-05-16 13:14:22 UTC (rev 3962) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestFilter.java 2014-05-16 13:49:52 UTC (rev 3963) @@ -23,6 +23,8 @@ * #L% */ +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.chorem.pollen.persistence.PollenPersistenceContext; import org.chorem.pollen.persistence.entity.PollenPrincipal; import org.chorem.pollen.persistence.entity.SessionToken; @@ -37,6 +39,7 @@ import org.debux.webmotion.server.render.RenderStatus; import javax.servlet.http.HttpServletResponse; +import java.util.Locale; import java.util.Map; /** @@ -47,8 +50,13 @@ */ public class PollenRestApiRequestFilter extends WebMotionFilter { + public static final String REQUEST_SESSION_TOKEN_PARAMETER = "sessionToken"; + public static final String REQUEST_PERMISSION_PARAMETER = "permission"; + /** Logger. */ + private static final Log log = LogFactory.getLog(PollenRestApiRequestFilter.class); + public void inject(Call call, HttpContext context) throws PollenInvalidSessionTokenException { PollenRestApiRequestContext requestContext = prepareRequestContext(context); @@ -75,7 +83,7 @@ protected PollenRestApiRequestContext prepareRequestContext(HttpContext context) throws PollenInvalidSessionTokenException { - PollenRestApiSession session = PollenRestApiSession.getSession(context); + Locale locale = getUSerLocale(context); PollenRestApiApplicationContext applicationContext = PollenRestApiApplicationContext.getApplicationContext(context.getServletContext()); @@ -83,12 +91,10 @@ PollenPersistenceContext persistenceContext = PollenTopiaTransactionFilter.getPersistenceContext(context.getRequest()); - PollenServiceContext serviceContext = - applicationContext.newServiceContext(persistenceContext, session.getLocale()); + PollenServiceContext serviceContext = applicationContext.newServiceContext(persistenceContext, locale); PollenRestApiRequestContext requestContext = new PollenRestApiRequestContext(); requestContext.setServiceContext(serviceContext); - requestContext.setSession(session); PollenSecurityContext securityContext = createSecurityContext(context, applicationContext, requestContext); requestContext.setSecurityContext(securityContext); @@ -99,20 +105,22 @@ } - protected PollenSecurityContext createSecurityContext(HttpContext httpContext, + protected PollenSecurityContext createSecurityContext(HttpContext context, PollenRestApiApplicationContext applicationContext, PollenRestApiRequestContext requestContext) throws PollenInvalidSessionTokenException { SecurityService securityService = requestContext.getSecurityService(); - // --- get session token (from session) --- // - PollenRestApiSession session = requestContext.getSession(); - String authParam = session.getSessionToken(); + // --- get session token (from request parameters) --- // + Map<String, String[]> parameters = context.getParameters(); + String[] strings = parameters.get(REQUEST_SESSION_TOKEN_PARAMETER); + String authParam = strings == null || strings.length < 1 ? null : strings[0]; + SessionToken sessionToken = securityService.getSessionTokenByToken(authParam); // --- get mainPrincipal (from request parameters) --- // - Map<String, String[]> parameters = httpContext.getParameters(); - String[] strings = parameters.get(REQUEST_PERMISSION_PARAMETER); + parameters = context.getParameters(); + strings = parameters.get(REQUEST_PERMISSION_PARAMETER); String credentialParam = strings == null || strings.length < 1 ? null : strings[0]; PollenPrincipal mainPrincipal = securityService.getPollenPrincipalByPermissionToken(credentialParam); @@ -124,4 +132,26 @@ } + protected Locale getUSerLocale(HttpContext context) { + String language = context.getHeader(HttpContext.HEADER_LANGUAGE); + + if (log.isInfoEnabled()) { + log.info("Found Accept-Language: " + language); + } + + if (language == null) { + + language = Locale.FRENCH.getLanguage(); + + if (log.isInfoEnabled()) { + log.info("Use default language: " + language); + } + + } + + Locale locale = new Locale(language); + return locale; + + } + } Deleted: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiSession.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiSession.java 2014-05-16 13:14:22 UTC (rev 3962) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiSession.java 2014-05-16 13:49:52 UTC (rev 3963) @@ -1,88 +0,0 @@ -package org.chorem.pollen.rest.api; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.debux.webmotion.server.call.CookieManager; -import org.debux.webmotion.server.call.HttpContext; - -import java.io.Serializable; -import java.util.Locale; - -/** - * Created on 5/16/14. - * - * @author Tony Chemit <chemit@codelutin.com> - * @since 2.0 - */ -public class PollenRestApiSession implements Serializable { - - private static final long serialVersionUID = 1L; - - /** Logger. */ - private static final Log log = LogFactory.getLog(PollenRestApiSession.class); - - public static final String COOKIE_SESSION = "pollenSession"; - - public static PollenRestApiSession getSession(HttpContext context) { - - CookieManager cookieManager = context.getCookieManager(); - - CookieManager.CookieEntity sessionCookie = cookieManager.get(COOKIE_SESSION); - - if (sessionCookie == null) { - - if (log.isInfoEnabled()) { - log.info("Will create user session."); - } - - PollenRestApiSession session = new PollenRestApiSession(); - - String language = context.getHeader(HttpContext.HEADER_LANGUAGE); - - if (log.isInfoEnabled()) { - log.info("Found Accept-Language: " + language); - } - - if (language == null) { - - language = Locale.FRENCH.getLanguage(); - - if (log.isInfoEnabled()) { - log.info("Use default language: " + language); - } - - } - - Locale locale = new Locale(language); - session.setLocale(locale); - - sessionCookie = cookieManager.create(COOKIE_SESSION, session); - cookieManager.add(sessionCookie); - - } - - PollenRestApiSession session = sessionCookie.getValue(PollenRestApiSession.class); - return session; - - } - - protected Locale locale; - - protected String sessionToken; - - public Locale getLocale() { - return locale; - } - - public void setLocale(Locale locale) { - this.locale = locale; - } - - public String getSessionToken() { - return sessionToken; - } - - public void setSessionToken(String sessionToken) { - this.sessionToken = sessionToken; - } -} Modified: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiUtil.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiUtil.java 2014-05-16 13:14:22 UTC (rev 3962) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiUtil.java 2014-05-16 13:49:52 UTC (rev 3963) @@ -7,8 +7,6 @@ import com.fasterxml.jackson.module.afterburner.AfterburnerModule; import com.google.common.collect.Lists; import org.apache.commons.lang3.StringUtils; -import org.chorem.pollen.persistence.entity.SessionToken; -import org.chorem.pollen.services.service.security.PollenSecurityContext; import org.debux.webmotion.server.call.HttpContext; import javax.servlet.http.HttpServletResponse; @@ -68,18 +66,18 @@ response.addHeader(HttpContext.HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, "*"); response.addHeader(HttpContext.HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); - PollenSecurityContext securityContext = requestContext.getSecurityContext(); - SessionToken sessionToken = securityContext.getSessionToken(); - if (sessionToken != null) { +// PollenSecurityContext securityContext = requestContext.getSecurityContext(); +// SessionToken sessionToken = securityContext.getSessionToken(); +// if (sessionToken != null) { +// +// context.getResponse().setHeader(sessionToken.getPollenToken().getToken()); +// +// } else { +// +// context.getResponse().setHeader(requestContext.getSession().setSessionToken(null); +// +// } - requestContext.getSession().setSessionToken(sessionToken.getPollenToken().getToken()); - - } else { - - requestContext.getSession().setSessionToken(null); - - } - } public static void addOptionCorsHeaders(HttpContext context) { Modified: trunk/src/site/rst/restApi.rst =================================================================== --- trunk/src/site/rst/restApi.rst 2014-05-16 13:14:22 UTC (rev 3962) +++ trunk/src/site/rst/restApi.rst 2014-05-16 13:49:52 UTC (rev 3963) @@ -34,7 +34,7 @@ - mandaTory parameter **login** - mandaTory parameter **password** -- optional parameter **remberberMe** +- optional parameter **remberberMe** (TODO) Validation ~~~~~~~~~~ @@ -51,10 +51,8 @@ permission: "Token" } -A cookie named **pollenSession** with this data will be keep this data til you are logout. +You must keep the **permission** value and add it in all your REST queries as the parameter named **sessionToken**. -The cookie will be user for each request To log you in. - GET /v1/lostpassword/{Token} ----------------------------