AuthenticationResource.java

/**
 * Copyright 2017 Linagora, Université Joseph Fourier, Floralis
 *
 * The present code is developed in the scope of the joint LINAGORA -
 * Université Joseph Fourier - Floralis research program and is designated
 * as a "Result" pursuant to the terms and conditions of the LINAGORA
 * - Université Joseph Fourier - Floralis research program. Each copyright
 * holder of Results enumerated here above fully & independently holds complete
 * ownership of the complete Intellectual Property rights applicable to the whole
 * of said Results, and may freely exploit it in any manner which does not infringe
 * the moral rights of the other copyright holders.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package net.roboconf.dm.rest.services.internal.resources.impl;

import java.util.logging.Logger;

import javax.ws.rs.Path;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;

import net.roboconf.dm.rest.commons.UrlConstants;
import net.roboconf.dm.rest.commons.security.AuthenticationManager;
import net.roboconf.dm.rest.services.internal.resources.IAuthenticationResource;

/**
 * @author Vincent Zurczak - Linagora
 */
@Path( IAuthenticationResource.PATH )
public class AuthenticationResource implements IAuthenticationResource {

	private final Logger logger = Logger.getLogger( getClass().getName());
	private AuthenticationManager authenticationManager;


	@Override
	public Response login( String username, String password ) {
		this.logger.fine( "Authenticating user " + username + "..." );

		String sessionId;
		Response response;
		if( this.authenticationManager == null ) {
			response = Response.status( Status.INTERNAL_SERVER_ERROR ).entity( "No authentication manager was available." ).build();
			this.logger.fine( "No authentication manager was available. User was " + username );

		} else if(( sessionId = this.authenticationManager.login( username, password )) == null ) {
			response = Response.status( Status.FORBIDDEN ).entity( "Authentication failed." ).build();
			this.logger.fine( "Authentication failed. User was " + username );

		} else {
			Cookie cookie = new Cookie( UrlConstants.SESSION_ID, sessionId, "/", null );
			response = Response.ok().cookie( new NewCookie( cookie )).build();
			this.logger.fine( "Authentication succeeded. User was " + username );
		}

		// NewCookie's implementation uses NewCookie.DEFAULT_MAX_AGE as the default
		// validity for a cookie, which means it is valid until the browser is closed.
		// That's fine for us. In addition, we maintain a validity period on the server, in memory.
		// This last one is managed by the authentication manager, itself bound to a REALM.

		return response;
	}


	@Override
	public Response logout( String sessionId ) {

		this.logger.fine( "Terminating session " + sessionId + "..." );
		if( this.authenticationManager != null )
			this.authenticationManager.logout( sessionId );

		return Response.ok().build();
	}


	/**
	 * @param authenticationManager the authenticationManager to set
	 */
	public void setAuthenticationManager( AuthenticationManager authenticationManager ) {
		this.authenticationManager = authenticationManager;
	}
}