Package org.minijax.security

Class Security<T extends SecurityUser>

java.lang.Object
org.minijax.security.Security<T>
All Implemented Interfaces:
jakarta.ws.rs.core.SecurityContext
@Provider
@RequestScoped
public class Security<T extends SecurityUser>
extends java.lang.Object
implements jakarta.ws.rs.core.SecurityContext
The Security class manages logging in and out of the application. There should be a new unique Security instance for each request. It wraps the User DAO to retrieve users. It uses BCrypt to check passwords.

  • Field Summary

    Fields
    Modifier and Type Field Description
    static java.lang.String COOKIE_NAME  
    static int MINIMUM_PASSWORD_LENGTH  

    Fields inherited from interface jakarta.ws.rs.core.SecurityContext

    BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

  • Constructor Summary

    Constructors
    Constructor Description
    Security​(SecurityDao dao, jakarta.ws.rs.core.Configuration configuration, java.lang.String authorization, java.lang.String cookie)  

  • Method Summary

    Modifier and Type Method Description
    ChangePasswordResult changePassword​(java.lang.String oldPassword, java.lang.String newPassword, java.lang.String confirmNewPassword)
    Changes the current user's password.
    java.lang.String forgotPassword​(SecurityUser user)
    Handles a request for "Forgot Password".
    java.lang.String getAuthenticationScheme()  
    java.lang.String getSessionToken()
    Returns the session token.
    java.lang.Class<SecurityUser> getUserClass()  
    T getUserPrincipal()
    Returns the currently logged in user for this HTTP request.
    boolean isLoggedIn()
    Returns true if a user is logged in for this HTTP request.
    boolean isSecure()  
    boolean isUserInRole​(java.lang.String role)  
    LoginResult login​(java.lang.String email, java.lang.String password)
    Logs in the user with email address and password.
    jakarta.ws.rs.core.NewCookie loginAs​(SecurityUser candidate)
    Logs in as another user.
    jakarta.ws.rs.core.NewCookie logout()
    Logs out the user.
    void requireLogin()
    Requires that the user is logged in.
    ResetPasswordResult resetPassword​(java.lang.String resetId, java.lang.String newPassword, java.lang.String confirmNewPassword)
    Handles a request for "Reset Password".

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

  • Constructor Details

    • Security

      @Inject public Security​(SecurityDao dao, @Context jakarta.ws.rs.core.Configuration configuration, @HeaderParam("Authorization") java.lang.String authorization, @CookieParam("a") java.lang.String cookie)

  • Method Details

    • getUserClass

      public java.lang.Class<SecurityUser> getUserClass()

    • getUserPrincipal

      public T getUserPrincipal()
      Returns the currently logged in user for this HTTP request. Returns null if not logged in.
      Specified by:
      getUserPrincipal in interface jakarta.ws.rs.core.SecurityContext
      Returns:
      the currently logged in user.

    • isLoggedIn

      public boolean isLoggedIn()
      Returns true if a user is logged in for this HTTP request.
      Returns:
      true if user is logged in; false otherwise.

    • requireLogin

      public void requireLogin()
      Requires that the user is logged in.

    • getSessionToken

      public java.lang.String getSessionToken()
      Returns the session token.
      Returns:
      The session token.

    • login

      public LoginResult login​(java.lang.String email, java.lang.String password)
      Logs in the user with email address and password. Returns the user on success.
      Parameters:
      email - The user's email address.
      password - The user's plain text password.
      Returns:
      the user details.

    • loginAs

      public jakarta.ws.rs.core.NewCookie loginAs​(SecurityUser candidate)
      Logs in as another user.
      Parameters:
      candidate - The candidate user account.
      Returns:
      The login cookie.

    • logout

      public jakarta.ws.rs.core.NewCookie logout()
      Logs out the user.

    • changePassword

      public ChangePasswordResult changePassword​(java.lang.String oldPassword, java.lang.String newPassword, java.lang.String confirmNewPassword)
      Changes the current user's password.
      Parameters:
      oldPassword - The old password.
      newPassword - The new password.
      confirmNewPassword - The confirmed new password.
      Returns:
      The change password result.

    • forgotPassword

      public java.lang.String forgotPassword​(SecurityUser user)
      Handles a request for "Forgot Password". See this stackoverflow article for the general design: http://stackoverflow.com/a/1102817/2051724
      Parameters:
      user - The user.
      Returns:
      The reset code to be sent to the user.

    • resetPassword

      public ResetPasswordResult resetPassword​(java.lang.String resetId, java.lang.String newPassword, java.lang.String confirmNewPassword)
      Handles a request for "Reset Password". See this stackoverflow article for the general design: http://stackoverflow.com/a/1102817/2051724
      Parameters:
      resetId - The reset ID.
      newPassword - The new password.
      confirmNewPassword - The confirmed new password.
      Returns:
      The reset password result with optional cookie.

    • isUserInRole

      public boolean isUserInRole​(java.lang.String role)
      Specified by:
      isUserInRole in interface jakarta.ws.rs.core.SecurityContext

    • isSecure

      public boolean isSecure()
      Specified by:
      isSecure in interface jakarta.ws.rs.core.SecurityContext

    • getAuthenticationScheme

      public java.lang.String getAuthenticationScheme()
      Specified by:
      getAuthenticationScheme in interface jakarta.ws.rs.core.SecurityContext