SecuritySample.java

/*
 * Copyright 2012 Artur Keska.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.jaxygen.netserviceapisample.business;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.servlet.http.HttpSession;
import org.jaxygen.annotations.NetAPI;
import org.jaxygen.annotations.SessionContext;
import org.jaxygen.annotations.Status;
import org.jaxygen.netserviceapisample.SampleClassRegistry;
import org.jaxygen.netserviceapisample.business.dto.LoginRequestDTO;
import org.jaxygen.security.SecurityProfile;
import org.jaxygen.security.annotations.LoginMethod;
import org.jaxygen.security.annotations.LogoutMethod;
import org.jaxygen.security.annotations.Secured;
import org.jaxygen.security.annotations.SecurityContext;
import org.jaxygen.security.basic.BasicSecurityProviderFactory;
import org.jaxygen.security.basic.annotations.UserProfile;

/**Class demonstrates session and security handing 
 * in NetAPI framework.
 *
 * @author artur
 */

public class SecuritySample {
 @SessionContext
 private HttpSession session;
 
 @SecurityContext
 private SecurityProfile sp;
 
 static List<LoginRequestDTO> list = Collections.synchronizedList(new ArrayList<LoginRequestDTO>());
 
 List<LoginRequestDTO> getLoggedInUsersList() { 
  return list;
 }
 
 @LoginMethod
 @NetAPI(description="Login to the session. Login as admin, user to attend to admin or user security group. Use any other name in order to attend to guests group",
         status= Status.ReleaseCandidate,
         version="1.0")
 public SecurityProfile login(LoginRequestDTO request) {
  SecurityProfile profile;
  session.setAttribute("loggedInUser", request.getUserName());
  getLoggedInUsersList().add(request);
  
  // select security profiule depending on logged in user
  if ("admin".equals(request.getUserName())) {
   profile = new BasicSecurityProviderFactory(new SampleClassRegistry(), "admin", "user").getProvider();
  } else if ("user".equals(request.getUserName())) {
   profile = new BasicSecurityProviderFactory(new SampleClassRegistry(), "user").getProvider();
  } else {
   profile = new BasicSecurityProviderFactory(new SampleClassRegistry(), "guest").getProvider();
  }
  return profile;
 }
 
 @LogoutMethod
 @NetAPI(description="Release user context from session",
         status= Status.ReleaseCandidate,
         version="1.0")
 public boolean logout() {
  session.setAttribute("loggedInUser", null);
  return true;
 }
 
 @NetAPI(description="Shows who was logged in. Method is available for admin user only. Please login using admin as user before accessing this method",
         status= Status.ReleaseCandidate,
         version="1.0")
 @Secured()
 @UserProfile(name="admin")
 public List<LoginRequestDTO> whoWasLoggedIn() {
  return list;
 }
 
 @NetAPI(description="Methods return the currently logged in user name",
         status= Status.ReleaseCandidate,
         version="1.0")
 @Secured()
 @UserProfile(name="user")
 public String whoAmI() {
  return (String) session.getAttribute("loggedInUser");
 }
 
 @NetAPI(description="Method returns user security profiles",
         status= Status.ReleaseCandidate,
         version="1.0")
 @Secured()
 public String[] getMyProfile() {
  return sp.getUserGroups();
 }
}