Package org.minijax.security

Class Security<T extends SecurityUser>

java.lang.Object

org.minijax.security.Security<T>

All Implemented Interfaces:

javax.ws.rs.core.SecurityContext

@Provider
@RequestScoped
public class Security<T extends SecurityUser>
extends java.lang.Object
implements javax.ws.rs.core.SecurityContext

The Security class manages logging in and out of the application. There should be a new unique Security instance for each request. It wraps the User DAO to retrieve users. It uses BCrypt to check passwords.

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	COOKIE_NAME
static int	MINIMUM_PASSWORD_LENGTH

Fields inherited from interface javax.ws.rs.core.SecurityContext

BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

Constructor Summary

Constructors

Constructor	Description
Security(SecurityDao dao, javax.ws.rs.core.Configuration configuration, java.lang.String authorization, java.lang.String cookie)

Method Summary

Modifier and Type	Method	Description
void	changePassword(java.lang.String oldPassword, java.lang.String newPassword, java.lang.String confirmNewPassword)	Changes the current user's password.
java.lang.String	forgotPassword(SecurityUser user)	Handles a request for "Forgot Password".
java.lang.String	getAuthenticationScheme()
java.lang.String	getSessionToken()	Returns the session token.
T	getUserPrincipal()	Returns the currently logged in user for this HTTP request.
boolean	isLoggedIn()	Returns true if a user is logged in for this HTTP request.
boolean	isSecure()
boolean	isUserInRole(java.lang.String role)
javax.ws.rs.core.NewCookie	login(java.lang.String email, java.lang.String password)	Logs in the user with email address and password.
javax.ws.rs.core.NewCookie	loginAs(SecurityUser candidate)	Logs in as another user.
javax.ws.rs.core.NewCookie	logout()	Logs out the user.
void	requireLogin()	Requires that the user is logged in.
void	requireRole(java.lang.String role)	Requires that the current user has the specified role.
javax.ws.rs.core.NewCookie	resetPassword(java.lang.String resetId, java.lang.String newPassword, java.lang.String confirmNewPassword)	Handles a request for "Reset Password".

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

MINIMUM_PASSWORD_LENGTH

public static final int MINIMUM_PASSWORD_LENGTH

See Also:

Constant Field Values

COOKIE_NAME

public static final java.lang.String COOKIE_NAME

See Also:

Constant Field Values

Constructor Detail

Security

@Inject
public Security(SecurityDao dao,
                @Context
                javax.ws.rs.core.Configuration configuration,
                @HeaderParam("Authorization")
                java.lang.String authorization,
                @CookieParam("a")
                java.lang.String cookie)

Method Detail

getUserPrincipal

public T getUserPrincipal()

Returns the currently logged in user for this HTTP request. Returns null if not logged in.

Specified by:

getUserPrincipal in interface javax.ws.rs.core.SecurityContext

Returns:

the currently logged in user.

isLoggedIn

public boolean isLoggedIn()

Returns true if a user is logged in for this HTTP request.

Returns:

true if user is logged in; false otherwise.

requireLogin

public void requireLogin()

Requires that the user is logged in.

requireRole

public void requireRole(java.lang.String role)

Requires that the current user has the specified role. This implicitly requires that the user is logged in.

Parameters:

role - The role.

getSessionToken

public java.lang.String getSessionToken()

Returns the session token.

Returns:

The session token.

login

public javax.ws.rs.core.NewCookie login(java.lang.String email,
                                        java.lang.String password)

Logs in the user with email address and password. Returns the user on success.

Parameters:

email - The user's email address.

password - The user's plain text password.

Returns:

the user details.

loginAs

public javax.ws.rs.core.NewCookie loginAs(SecurityUser candidate)

Logs in as another user. This is used for SSO such as Google authentication.

Parameters:

candidate - The candidate user account.

Returns:

The session details.

logout

public javax.ws.rs.core.NewCookie logout()

Logs out the user.

changePassword

public void changePassword(java.lang.String oldPassword,
                           java.lang.String newPassword,
                           java.lang.String confirmNewPassword)

Changes the current user's password.

Parameters:

oldPassword - The old password.

newPassword - The new password.

confirmNewPassword - The confirmed new password.

forgotPassword

public java.lang.String forgotPassword(SecurityUser user)

Handles a request for "Forgot Password". See this stackoverflow article for the general design: http://stackoverflow.com/a/1102817/2051724

Parameters:

user - The user.

Returns:

The reset code to be sent to the user.

resetPassword

public javax.ws.rs.core.NewCookie resetPassword(java.lang.String resetId,
                                                java.lang.String newPassword,
                                                java.lang.String confirmNewPassword)

Handles a request for "Reset Password". See this stackoverflow article for the general design: http://stackoverflow.com/a/1102817/2051724

Parameters:

resetId - The reset ID.

newPassword - The new password.

confirmNewPassword - The confirmed new password.

isUserInRole

public boolean isUserInRole(java.lang.String role)

Specified by:

isUserInRole in interface javax.ws.rs.core.SecurityContext

isSecure

public boolean isSecure()

Specified by:

isSecure in interface javax.ws.rs.core.SecurityContext

getAuthenticationScheme

public java.lang.String getAuthenticationScheme()

Specified by:

getAuthenticationScheme in interface javax.ws.rs.core.SecurityContext