AuthenticationResource.java example

Explorer
streamreduce-core-master
/*
 * Copyright 2012 Nodeable Inc
 *
 *    Licensed under the Apache License, Version 2.0 (the "License");
 *    you may not use this file except in compliance with the License.
 *    You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *
 *    Unless required by applicable law or agreed to in writing, software
 *    distributed under the License is distributed on an "AS IS" BASIS,
 *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *    See the License for the specific language governing permissions and
 *    limitations under the License.
 */

package com.streamreduce.rest.resource.authentication;


import com.streamreduce.Constants;
import com.streamreduce.ValidationException;
import com.streamreduce.core.model.APIAuthenticationToken;
import com.streamreduce.core.service.exception.UserNotFoundException;
import com.streamreduce.rest.resource.AbstractResource;

import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.core.Response;

import org.springframework.stereotype.Component;

@Component
@Path("authentication/login")
public class AuthenticationResource extends AbstractResource {

    /**
     * Used to generate a Nodeable authentication token. All public API requests are made using the token generated here.
     * <p/>
     * The initial request for a token arrives via BASIC authentication and is handled by the Apache Shiro filter (clear text username and password).
     * <p/>
     * At this point we know who they are and they they are auth'd, we just have to create the custom token and return it to them.
     *
     * @return a valid http status code, and the X-Auth-Token in the header on success
     * @resource.representation.204 if the operation was a success
     * @resource.representation.404 returned if the user is not found
     * @resource.representation.500 returned if invalid params are provided
     */
    @POST
    public Response login() {

        APIAuthenticationToken apiToken;
        try {
            apiToken = applicationManager.getSecurityService().issueAuthenticationToken(applicationManager.getSecurityService().getCurrentUser());
        } catch (UserNotFoundException e) {
            return error(e.getMessage(), Response.status(Response.Status.NOT_FOUND));
        } catch (ValidationException e) {
            return error(e.getMessage(), Response.status(Response.Status.BAD_REQUEST));
        }

        // return the token as a custom header value
        return Response.ok()
                .header(Constants.NODEABLE_AUTH_TOKEN, apiToken.getToken())
                .status(Response.Status.NO_CONTENT)
                .build();
    }


}