From 5ce7da6bf709f009720ab860cc2c59d5096ce694 Mon Sep 17 00:00:00 2001
From: Cleverson Sacramento <cleverson.sacramento@gmail.com>
Date: Fri, 6 Jun 2014 09:25:26 -0300
Subject: [PATCH] Implementação da autenticação no arquétipo html+rest

---
 archetype/html-rest/src/main/resources/archetype-resources/src/main/java/entity/Bookmark.java                         |  6 ++++--
 archetype/html-rest/src/main/resources/archetype-resources/src/main/java/rest/BookmarkREST.java                       |  6 +++++-
 archetype/html-rest/src/main/resources/archetype-resources/src/main/java/security/SimpleAuthenticator.java            | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 archetype/html-rest/src/main/resources/archetype-resources/src/main/resources/ValidationMessages.properties           |  1 +
 impl/core/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/PaginationContextImpl.java                 |  8 ++++++--
 impl/core/src/test/java/pagination/PaginationContextBasicTest.java                                                    |  8 +++++---
 impl/core/src/test/java/pagination/PaginationContextCache.java                                                        |  6 +++---
 impl/core/src/test/java/pagination/PaginationContextNullTest.java                                                     |  6 +++---
 impl/extension/jsf/src/main/java/br/gov/frameworkdemoiselle/util/Locales.java                                         |  4 ++++
 impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/SessionNotPermittedListener.java | 19 +++++++++++++++++++
 impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/BasicAuthFilter.java                             | 27 ++++++++++++++-------------
 impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/ServletFilter.java                               |  8 ++++++++
 impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/ServletListener.java                             |  5 ++++-
 impl/extension/servlet/src/main/resources/META-INF/web-fragment.xml                                                   |  2 ++
 impl/extension/servlet/src/test/java/producer/request/HelperServlet.java                                              |  1 -
 15 files changed, 138 insertions(+), 29 deletions(-)
 create mode 100644 archetype/html-rest/src/main/resources/archetype-resources/src/main/java/security/SimpleAuthenticator.java
 create mode 100644 impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/SessionNotPermittedListener.java

diff --git a/archetype/html-rest/src/main/resources/archetype-resources/src/main/java/entity/Bookmark.java b/archetype/html-rest/src/main/resources/archetype-resources/src/main/java/entity/Bookmark.java
index e078fe2..49904c9 100644
--- a/archetype/html-rest/src/main/resources/archetype-resources/src/main/java/entity/Bookmark.java
+++ b/archetype/html-rest/src/main/resources/archetype-resources/src/main/java/entity/Bookmark.java
@@ -9,6 +9,7 @@ import javax.persistence.GeneratedValue;
 import javax.persistence.Id;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Pattern;
+import javax.validation.constraints.Size;
 
 @Entity
 public class Bookmark implements Serializable {
@@ -23,14 +24,15 @@ public class Bookmark implements Serializable {
 	private Long id;
 
 	@NotNull
+	@Size(min = 1, message = "{required.field}")
 	private String description;
 
 	@NotNull
-	@Pattern(regexp = "^([a-zA-Z]+://)?(\\w+\\.\\w+)(.+)?$", message = "{invalid.url}")
+	@Size(min = 1, message = "{required.field}")
+	@Pattern(regexp = "^|([a-zA-Z]+://)(\\w+\\.\\w+)(.+)?$", message = "{invalid.url}")
 	private String link;
 
 	public Bookmark() {
-		super();
 	}
 
 	public Bookmark(String description, String link) {
diff --git a/archetype/html-rest/src/main/resources/archetype-resources/src/main/java/rest/BookmarkREST.java b/archetype/html-rest/src/main/resources/archetype-resources/src/main/java/rest/BookmarkREST.java
index a8e0c86..b32bac7 100644
--- a/archetype/html-rest/src/main/resources/archetype-resources/src/main/java/rest/BookmarkREST.java
+++ b/archetype/html-rest/src/main/resources/archetype-resources/src/main/java/rest/BookmarkREST.java
@@ -20,6 +20,7 @@ import ${package}.business.BookmarkBC;
 import ${package}.entity.Bookmark;
 import br.gov.frameworkdemoiselle.BadRequestException;
 import br.gov.frameworkdemoiselle.NotFoundException;
+import br.gov.frameworkdemoiselle.security.LoggedIn;
 import br.gov.frameworkdemoiselle.transaction.Transactional;
 import br.gov.frameworkdemoiselle.util.ValidatePayload;
 
@@ -49,6 +50,7 @@ public class BookmarkREST {
 	}
 
 	@POST
+	@LoggedIn
 	@Transactional
 	@ValidatePayload
 	@Produces("text/plain")
@@ -63,6 +65,7 @@ public class BookmarkREST {
 	}
 
 	@PUT
+	@LoggedIn
 	@Path("{id}")
 	@Transactional
 	@ValidatePayload
@@ -77,6 +80,7 @@ public class BookmarkREST {
 	}
 
 	@DELETE
+	@LoggedIn
 	@Path("{id}")
 	@Transactional
 	public void delete(@PathParam("id") Long id) {
@@ -84,7 +88,7 @@ public class BookmarkREST {
 		bc.delete(id);
 	}
 
-	private void checkId(Bookmark entity) throws BadRequestException {
+	private void checkId(Bookmark entity) {
 		if (entity.getId() != null) {
 			throw new BadRequestException();
 		}
diff --git a/archetype/html-rest/src/main/resources/archetype-resources/src/main/java/security/SimpleAuthenticator.java b/archetype/html-rest/src/main/resources/archetype-resources/src/main/java/security/SimpleAuthenticator.java
new file mode 100644
index 0000000..f3f4982
--- /dev/null
+++ b/archetype/html-rest/src/main/resources/archetype-resources/src/main/java/security/SimpleAuthenticator.java
@@ -0,0 +1,60 @@
+package ${package}.security;
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
+
+import br.gov.frameworkdemoiselle.security.Authenticator;
+import br.gov.frameworkdemoiselle.security.Credentials;
+import br.gov.frameworkdemoiselle.security.InvalidCredentialsException;
+import br.gov.frameworkdemoiselle.security.User;
+
+@RequestScoped
+public class SimpleAuthenticator implements Authenticator {
+
+	private static final long serialVersionUID = 1L;
+
+	@Inject
+	private Credentials credentials;
+
+	private User user;
+
+	@Override
+	public void authenticate() throws Exception {
+		if (credentials.getUsername().equalsIgnoreCase("admin") && credentials.getPassword().equalsIgnoreCase("admin")) {
+			this.user = createUser();
+		} else {
+			throw new InvalidCredentialsException("usuário ou senha inválidos");
+		}
+	}
+
+	private User createUser() {
+		return new User() {
+
+			private static final long serialVersionUID = 1L;
+
+			@Override
+			public String getId() {
+				return credentials.getUsername();
+			}
+
+			@Override
+			public void setAttribute(Object key, Object value) {
+			}
+
+			@Override
+			public Object getAttribute(Object key) {
+				return null;
+			}
+		};
+	}
+
+	@Override
+	public void unauthenticate() throws Exception {
+		this.user = null;
+	}
+
+	@Override
+	public User getUser() {
+		return this.user;
+	}
+}
diff --git a/archetype/html-rest/src/main/resources/archetype-resources/src/main/resources/ValidationMessages.properties b/archetype/html-rest/src/main/resources/archetype-resources/src/main/resources/ValidationMessages.properties
index 6c4ab0b..f59930a 100644
--- a/archetype/html-rest/src/main/resources/archetype-resources/src/main/resources/ValidationMessages.properties
+++ b/archetype/html-rest/src/main/resources/archetype-resources/src/main/resources/ValidationMessages.properties
@@ -1 +1,2 @@
+required.field=campo obrigat\u00F3rio
 invalid.url=formato inv\u00E1lido
diff --git a/impl/core/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/PaginationContextImpl.java b/impl/core/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/PaginationContextImpl.java
index 9ca5a46..13e3bfd 100644
--- a/impl/core/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/PaginationContextImpl.java
+++ b/impl/core/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/PaginationContextImpl.java
@@ -40,7 +40,7 @@ import java.io.Serializable;
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.enterprise.context.SessionScoped;
+import javax.enterprise.context.RequestScoped;
 
 import br.gov.frameworkdemoiselle.internal.configuration.PaginationConfig;
 import br.gov.frameworkdemoiselle.pagination.Pagination;
@@ -54,7 +54,7 @@ import br.gov.frameworkdemoiselle.util.Beans;
  * @author SERPRO
  * @see PaginationContext
  */
-@SessionScoped
+@RequestScoped
 public class PaginationContextImpl implements Serializable, PaginationContext {
 
 	private static final long serialVersionUID = 1L;
@@ -63,6 +63,10 @@ public class PaginationContextImpl implements Serializable, PaginationContext {
 
 	private final Map<Class<?>, Pagination> cache = new HashMap<Class<?>, Pagination>();
 
+	public PaginationContextImpl() {
+		System.out.println();
+	}
+
 	public Pagination getPagination(final Class<?> clazz) {
 		return this.getPagination(clazz, false);
 	}
diff --git a/impl/core/src/test/java/pagination/PaginationContextBasicTest.java b/impl/core/src/test/java/pagination/PaginationContextBasicTest.java
index 5019ed9..5497dcd 100644
--- a/impl/core/src/test/java/pagination/PaginationContextBasicTest.java
+++ b/impl/core/src/test/java/pagination/PaginationContextBasicTest.java
@@ -50,7 +50,7 @@ import org.junit.runner.RunWith;
 
 import test.Tests;
 import transaction.defaultstrategy.TransactionDefaultTest;
-import br.gov.frameworkdemoiselle.context.SessionContext;
+import br.gov.frameworkdemoiselle.context.RequestContext;
 import br.gov.frameworkdemoiselle.internal.configuration.PaginationConfig;
 import br.gov.frameworkdemoiselle.pagination.Pagination;
 import br.gov.frameworkdemoiselle.pagination.PaginationContext;
@@ -95,14 +95,16 @@ public class PaginationContextBasicTest {
 
 	@Before
 	public void activeContext() {
-		SessionContext context = Beans.getReference(SessionContext.class);
+		// SessionContext context = Beans.getReference(SessionContext.class);
+		RequestContext context = Beans.getReference(RequestContext.class);
 		context.activate();
 		pagination = paginationContext.getPagination(DummyEntity.class, true);
 	}
 
 	@After
 	public void deactiveContext() {
-		SessionContext context = Beans.getReference(SessionContext.class);
+		// SessionContext context = Beans.getReference(SessionContext.class);
+		RequestContext context = Beans.getReference(RequestContext.class);
 		context.deactivate();
 	}
 
diff --git a/impl/core/src/test/java/pagination/PaginationContextCache.java b/impl/core/src/test/java/pagination/PaginationContextCache.java
index efd78a5..4a91647 100644
--- a/impl/core/src/test/java/pagination/PaginationContextCache.java
+++ b/impl/core/src/test/java/pagination/PaginationContextCache.java
@@ -50,7 +50,7 @@ import org.junit.runner.RunWith;
 
 import test.Tests;
 import transaction.defaultstrategy.TransactionDefaultTest;
-import br.gov.frameworkdemoiselle.context.SessionContext;
+import br.gov.frameworkdemoiselle.context.RequestContext;
 import br.gov.frameworkdemoiselle.pagination.Pagination;
 import br.gov.frameworkdemoiselle.pagination.PaginationContext;
 import br.gov.frameworkdemoiselle.util.Beans;
@@ -73,13 +73,13 @@ public class PaginationContextCache {
 
 	@Before
 	public void activeContext() {
-		SessionContext context = Beans.getReference(SessionContext.class);
+		RequestContext context = Beans.getReference(RequestContext.class);
 		context.activate();
 	}
 
 	@After
 	public void deactiveContext() {
-		SessionContext context = Beans.getReference(SessionContext.class);
+		RequestContext context = Beans.getReference(RequestContext.class);
 		context.deactivate();
 	}
 	
diff --git a/impl/core/src/test/java/pagination/PaginationContextNullTest.java b/impl/core/src/test/java/pagination/PaginationContextNullTest.java
index 345bbaf..d69b56e 100644
--- a/impl/core/src/test/java/pagination/PaginationContextNullTest.java
+++ b/impl/core/src/test/java/pagination/PaginationContextNullTest.java
@@ -50,7 +50,7 @@ import org.junit.runner.RunWith;
 
 import test.Tests;
 import transaction.defaultstrategy.TransactionDefaultTest;
-import br.gov.frameworkdemoiselle.context.SessionContext;
+import br.gov.frameworkdemoiselle.context.RequestContext;
 import br.gov.frameworkdemoiselle.pagination.Pagination;
 import br.gov.frameworkdemoiselle.pagination.PaginationContext;
 import br.gov.frameworkdemoiselle.util.Beans;
@@ -71,13 +71,13 @@ public class PaginationContextNullTest {
 
 	@Before
 	public void activeContext() {
-		SessionContext context = Beans.getReference(SessionContext.class);
+		RequestContext context = Beans.getReference(RequestContext.class);
 		context.activate();
 	}
 
 	@After
 	public void deactiveContext() {
-		SessionContext context = Beans.getReference(SessionContext.class);
+		RequestContext context = Beans.getReference(RequestContext.class);
 		context.deactivate();
 	}
 	
diff --git a/impl/extension/jsf/src/main/java/br/gov/frameworkdemoiselle/util/Locales.java b/impl/extension/jsf/src/main/java/br/gov/frameworkdemoiselle/util/Locales.java
index ee353ba..1810a24 100644
--- a/impl/extension/jsf/src/main/java/br/gov/frameworkdemoiselle/util/Locales.java
+++ b/impl/extension/jsf/src/main/java/br/gov/frameworkdemoiselle/util/Locales.java
@@ -59,6 +59,10 @@ public class Locales implements Serializable {
 	private static final Locale PT_BR = new Locale("pt", "BR");
 	
 	private Locale locale = Locale.getDefault();
+	
+	public Locales() {
+		System.out.println();
+	}
 
 	@Inject
 	private FacesContext facesContext;
diff --git a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/SessionNotPermittedListener.java b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/SessionNotPermittedListener.java
new file mode 100644
index 0000000..c488384
--- /dev/null
+++ b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/SessionNotPermittedListener.java
@@ -0,0 +1,19 @@
+package br.gov.frameworkdemoiselle.internal.implementation;
+
+import javax.servlet.annotation.WebListener;
+import javax.servlet.http.HttpSessionEvent;
+import javax.servlet.http.HttpSessionListener;
+
+@WebListener
+public class SessionNotPermittedListener implements HttpSessionListener {
+
+	@Override
+	public void sessionCreated(HttpSessionEvent event) {
+		event.getSession().invalidate();
+		throw new IllegalStateException("Session use is not permitted.");
+	}
+
+	@Override
+	public void sessionDestroyed(HttpSessionEvent event) {
+	}
+}
diff --git a/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/BasicAuthFilter.java b/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/BasicAuthFilter.java
index 0aa7ad3..338747b 100644
--- a/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/BasicAuthFilter.java
+++ b/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/BasicAuthFilter.java
@@ -67,8 +67,17 @@ public class BasicAuthFilter implements Filter {
 	@Override
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
 			ServletException {
+		if (request instanceof HttpServletRequest && ((HttpServletRequest) request).getUserPrincipal() == null) {
+			tryLogin((HttpServletRequest) request, (HttpServletResponse) response, chain);
+		} else {
+			chain.doFilter(request, response);
+		}
+	}
+
+	private void tryLogin(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
 		try {
-			boolean isLoggedIn = performLogin(getAuthHeader(request), (HttpServletRequest) request);
+			boolean isLoggedIn = performLogin(getAuthHeader(request), request);
 
 			chain.doFilter(request, response);
 
@@ -77,7 +86,7 @@ public class BasicAuthFilter implements Filter {
 			}
 
 		} catch (InvalidCredentialsException cause) {
-			setUnauthorizedStatus((HttpServletResponse) response, cause);
+			setUnauthorizedStatus(response, cause);
 		}
 	}
 
@@ -112,17 +121,9 @@ public class BasicAuthFilter implements Filter {
 		response.getWriter().close();
 	}
 
-	private String getAuthHeader(ServletRequest request) {
-		String result = null;
-
-		if (request instanceof HttpServletRequest) {
-			HttpServletRequest httpRequest = ((HttpServletRequest) request);
-
-			result = httpRequest.getHeader("Authorization");
-			result = (result == null ? httpRequest.getHeader("authorization") : result);
-		}
-
-		return result;
+	private String getAuthHeader(HttpServletRequest request) {
+		String result = request.getHeader("Authorization");
+		return (result == null ? request.getHeader("authorization") : result);
 	}
 
 	private static String[] getCredentials(String header) throws InvalidCredentialsException {
diff --git a/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/ServletFilter.java b/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/ServletFilter.java
index 187ba15..613e251 100644
--- a/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/ServletFilter.java
+++ b/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/ServletFilter.java
@@ -66,6 +66,14 @@ public class ServletFilter implements Filter {
 			ServletException {
 		setDelegate(request, response);
 		chain.doFilter(request, response);
+
+		// if (request instanceof HttpServletRequest) {
+		// Object attribute = ((HttpServletRequest) request).getAttribute("x");
+		// ((HttpServletResponse) response).setHeader("Set-Cookie", "");
+		// ((HttpServletResponse) response).setHeader("XXXX", "CCCC");
+		// response.getWriter().flush();
+		// response.getWriter().close();
+		// }
 	}
 
 	private void setDelegate(ServletRequest request, ServletResponse response) {
diff --git a/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/ServletListener.java b/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/ServletListener.java
index d115439..93d6e31 100644
--- a/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/ServletListener.java
+++ b/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/ServletListener.java
@@ -37,6 +37,8 @@
 package br.gov.frameworkdemoiselle.util;
 
 import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+import javax.servlet.annotation.WebListener;
 
 import br.gov.frameworkdemoiselle.lifecycle.AfterShutdownProccess;
 import br.gov.frameworkdemoiselle.lifecycle.AfterStartupProccess;
@@ -47,7 +49,8 @@ import br.gov.frameworkdemoiselle.lifecycle.AfterStartupProccess;
  * 
  * @author SERPRO
  */
-public class ServletListener implements javax.servlet.ServletContextListener {
+@WebListener
+public class ServletListener implements ServletContextListener {
 
 	@Override
 	public void contextInitialized(ServletContextEvent event) {
diff --git a/impl/extension/servlet/src/main/resources/META-INF/web-fragment.xml b/impl/extension/servlet/src/main/resources/META-INF/web-fragment.xml
index 60a3eea..a6aa45c 100644
--- a/impl/extension/servlet/src/main/resources/META-INF/web-fragment.xml
+++ b/impl/extension/servlet/src/main/resources/META-INF/web-fragment.xml
@@ -52,6 +52,8 @@
 		<url-pattern>/*</url-pattern>
 	</filter-mapping>
 
+	<!--
+	-->
 	<filter>
 		<filter-name>Demoiselle BasicAuth Filter</filter-name>
 		<filter-class>br.gov.frameworkdemoiselle.util.BasicAuthFilter</filter-class>
diff --git a/impl/extension/servlet/src/test/java/producer/request/HelperServlet.java b/impl/extension/servlet/src/test/java/producer/request/HelperServlet.java
index a54672d..222377e 100644
--- a/impl/extension/servlet/src/test/java/producer/request/HelperServlet.java
+++ b/impl/extension/servlet/src/test/java/producer/request/HelperServlet.java
@@ -18,7 +18,6 @@ public class HelperServlet extends HttpServlet {
 
 	@Override
 	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-
 		HttpServletRequest httpRequest = Beans.getReference(HttpServletRequest.class);
 
 		if (httpRequest != null) {
--
libgit2 0.21.2