Package org.minijax.security

Class Security<T extends SecurityUser>

java.lang.Object

org.minijax.security.Security<T>

All Implemented Interfaces:

jakarta.ws.rs.core.SecurityContext

@Provider
@RequestScoped
public class Security<T extends SecurityUser>
extends Object
implements jakarta.ws.rs.core.SecurityContext

The Security class manages logging in and out of the application. There should be a new unique Security instance for each request. It wraps the User DAO to retrieve users. It uses BCrypt to check passwords.

Field Summary

Fields

Modifier and Type	Field	Description
static String	COOKIE_NAME
static int	MINIMUM_PASSWORD_LENGTH

Fields inherited from interface jakarta.ws.rs.core.SecurityContext

BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

Constructor Summary

Constructors

Constructor	Description
Security(SecurityDao dao, jakarta.ws.rs.core.Configuration configuration, String authorization, String cookie)

Method Summary

Modifier and Type	Method	Description
ChangePasswordResult	changePassword(String oldPassword, String newPassword, String confirmNewPassword)	Changes the current user's password.
String	forgotPassword(SecurityUser user)	Handles a request for "Forgot Password".
String	getAuthenticationScheme()
String	getSessionToken()	Returns the session token.
Class<SecurityUser>	getUserClass()
T	getUserPrincipal()	Returns the currently logged in user for this HTTP request.
boolean	isLoggedIn()	Returns true if a user is logged in for this HTTP request.
boolean	isSecure()
boolean	isUserInRole(String role)
LoginResult	login(String email, String password)	Logs in the user with email address and password.
jakarta.ws.rs.core.NewCookie	loginAs(SecurityUser candidate)	Logs in as another user.
jakarta.ws.rs.core.NewCookie	logout()	Logs out the user.
void	requireLogin()	Requires that the user is logged in.
ResetPasswordResult	resetPassword(String resetId, String newPassword, String confirmNewPassword)	Handles a request for "Reset Password".

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

MINIMUM_PASSWORD_LENGTH

public static final int MINIMUM_PASSWORD_LENGTH

See Also:

Constant Field Values

COOKIE_NAME

public static final String COOKIE_NAME

See Also:

Constant Field Values

Constructor Detail

Security

@Inject
public Security(SecurityDao dao,
                @Context
                jakarta.ws.rs.core.Configuration configuration,
                @HeaderParam("Authorization")
                String authorization,
                @CookieParam("a")
                String cookie)

Method Detail

getUserClass

public Class<SecurityUser> getUserClass()

getUserPrincipal

public T getUserPrincipal()

Returns the currently logged in user for this HTTP request. Returns null if not logged in.

Specified by:

getUserPrincipal in interface jakarta.ws.rs.core.SecurityContext

Returns:

the currently logged in user.

isLoggedIn

public boolean isLoggedIn()

Returns true if a user is logged in for this HTTP request.

Returns:

true if user is logged in; false otherwise.

requireLogin

public void requireLogin()

Requires that the user is logged in.

getSessionToken

public String getSessionToken()

Returns the session token.

Returns:

The session token.

login

public LoginResult login(String email,
                         String password)

Logs in the user with email address and password. Returns the user on success.

Parameters:

email - The user's email address.

password - The user's plain text password.

Returns:

the user details.

loginAs

public jakarta.ws.rs.core.NewCookie loginAs(SecurityUser candidate)

Logs in as another user.

Parameters:

candidate - The candidate user account.

Returns:

The login cookie.

logout

public jakarta.ws.rs.core.NewCookie logout()

Logs out the user.

changePassword

public ChangePasswordResult changePassword(String oldPassword,
                                           String newPassword,
                                           String confirmNewPassword)

Changes the current user's password.

Parameters:

oldPassword - The old password.

newPassword - The new password.

confirmNewPassword - The confirmed new password.

Returns:

The change password result.

forgotPassword

public String forgotPassword(SecurityUser user)

Handles a request for "Forgot Password". See this stackoverflow article for the general design: http://stackoverflow.com/a/1102817/2051724

Parameters:

user - The user.

Returns:

The reset code to be sent to the user.

resetPassword

public ResetPasswordResult resetPassword(String resetId,
                                         String newPassword,
                                         String confirmNewPassword)

Handles a request for "Reset Password". See this stackoverflow article for the general design: http://stackoverflow.com/a/1102817/2051724

Parameters:

resetId - The reset ID.

newPassword - The new password.

confirmNewPassword - The confirmed new password.

Returns:

The reset password result with optional cookie.

isUserInRole

public boolean isUserInRole(String role)

Specified by:

isUserInRole in interface jakarta.ws.rs.core.SecurityContext

isSecure

public boolean isSecure()

Specified by:

isSecure in interface jakarta.ws.rs.core.SecurityContext

getAuthenticationScheme

public String getAuthenticationScheme()

Specified by:

getAuthenticationScheme in interface jakarta.ws.rs.core.SecurityContext