org.minijax.security

Class Security<T extends SecurityUser>

java.lang.Object

org.minijax.security.Security<T>

All Implemented Interfaces:

javax.ws.rs.core.SecurityContext

@Provider
 @RequestScoped
public class Security<T extends SecurityUser>
extends Object
implements javax.ws.rs.core.SecurityContext

The Security class manages logging in and out of the application. There should be a new unique Security instance for each request. It wraps the User DAO to retrieve users. It uses BCrypt to check passwords.

Field Summary

Fields

Modifier and Type	Field and Description
static String	COOKIE_NAME
static int	MINIMUM_PASSWORD_LENGTH

Fields inherited from interface javax.ws.rs.core.SecurityContext

BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

Constructor Summary

Constructors

Constructor and Description
Security(SecurityDao dao, javax.ws.rs.core.Configuration configuration, String authorization, String cookie)

Method Summary

Modifier and Type	Method and Description
void	changePassword(String oldPassword, String newPassword, String confirmNewPassword) Changes the current user's password.
String	forgotPassword(SecurityUser user) Handles a request for "Forgot Password".
String	getAuthenticationScheme()
String	getSessionToken() Returns the session token.
T	getUserPrincipal() Returns the currently logged in user for this HTTP request.
boolean	isLoggedIn() Returns true if a user is logged in for this HTTP request.
boolean	isSecure()
boolean	isUserInRole(String role)
javax.ws.rs.core.NewCookie	login(String email, String password) Logs in the user with email address and password.
javax.ws.rs.core.NewCookie	loginAs(SecurityUser candidate) Logs in as another user.
javax.ws.rs.core.NewCookie	logout() Logs out the user.
void	requireLogin() Requires that the user is logged in.
javax.ws.rs.core.NewCookie	resetPassword(String resetId, String newPassword, String confirmNewPassword) Handles a request for "Reset Password".

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

MINIMUM_PASSWORD_LENGTH

public static final int MINIMUM_PASSWORD_LENGTH

See Also:

Constant Field Values

COOKIE_NAME

public static final String COOKIE_NAME

See Also:

Constant Field Values

Constructor Detail

Security

@Inject
public Security(SecurityDao dao,
                        @Context
                        javax.ws.rs.core.Configuration configuration,
                        @HeaderParam(value="Authorization")
                        String authorization,
                        @CookieParam(value="a")
                        String cookie)

Method Detail

getUserPrincipal

public T getUserPrincipal()

Returns the currently logged in user for this HTTP request. Returns null if not logged in.

Specified by:

getUserPrincipal in interface javax.ws.rs.core.SecurityContext

Returns:

the currently logged in user.

isLoggedIn

public boolean isLoggedIn()

Returns true if a user is logged in for this HTTP request.

Returns:

true if user is logged in; false otherwise.

requireLogin

public void requireLogin()

Requires that the user is logged in.

getSessionToken

public String getSessionToken()

Returns the session token.

Returns:

The session token.

login

public javax.ws.rs.core.NewCookie login(String email,
                                        String password)

Logs in the user with email address and password. Returns the user on success.

Parameters:

email - The user's email address.

password - The user's plain text password.

Returns:

the user details.

loginAs

public javax.ws.rs.core.NewCookie loginAs(SecurityUser candidate)

Logs in as another user. This is used for SSO such as Google authentication.

Parameters:

candidate - The candidate user account.

Returns:

The session details.

logout

public javax.ws.rs.core.NewCookie logout()

Logs out the user.

changePassword

public void changePassword(String oldPassword,
                           String newPassword,
                           String confirmNewPassword)

Changes the current user's password.

Parameters:

oldPassword - The old password.

newPassword - The new password.

confirmNewPassword - The confirmed new password.

forgotPassword

public String forgotPassword(SecurityUser user)

Handles a request for "Forgot Password". See this stackoverflow article for the general design: http://stackoverflow.com/a/1102817/2051724

Parameters:

user - The user.

Returns:

The reset code to be sent to the user.

resetPassword

public javax.ws.rs.core.NewCookie resetPassword(String resetId,
                                                String newPassword,
                                                String confirmNewPassword)

Handles a request for "Reset Password". See this stackoverflow article for the general design: http://stackoverflow.com/a/1102817/2051724

Parameters:

resetId - The reset ID.

newPassword - The new password.

confirmNewPassword - The confirmed new password.

isUserInRole

public boolean isUserInRole(String role)

Specified by:

isUserInRole in interface javax.ws.rs.core.SecurityContext

isSecure

public boolean isSecure()

Specified by:

isSecure in interface javax.ws.rs.core.SecurityContext

getAuthenticationScheme

public String getAuthenticationScheme()

Specified by:

getAuthenticationScheme in interface javax.ws.rs.core.SecurityContext