Implementação da autenticação no arquétipo html+rest

Cleverson Sacramento
1 parent 595dd074
Showing 15 changed files with 138 additions and 29 deletions Show diff stats
archetype/html-rest/src/main/resources/archetype-resources/src/main/java/entity/Bookmark.java
archetype/html-rest/src/main/resources/archetype-resources/src/main/java/rest/BookmarkREST.java
archetype/html-rest/src/main/resources/archetype-resources/src/main/java/security/SimpleAuthenticator.java
archetype/html-rest/src/main/resources/archetype-resources/src/main/resources/ValidationMessages.properties
impl/core/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/PaginationContextImpl.java
impl/core/src/test/java/pagination/PaginationContextBasicTest.java
impl/core/src/test/java/pagination/PaginationContextCache.java
impl/core/src/test/java/pagination/PaginationContextNullTest.java
impl/extension/jsf/src/main/java/br/gov/frameworkdemoiselle/util/Locales.java
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/SessionNotPermittedListener.java
impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/BasicAuthFilter.java
impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/ServletFilter.java
impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/ServletListener.java
impl/extension/servlet/src/main/resources/META-INF/web-fragment.xml
impl/extension/servlet/src/test/java/producer/request/HelperServlet.java
@@ -9,6 +9,7 @@ import javax.persistence.GeneratedValue;
 import javax.persistence.Id;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Pattern;
+import javax.validation.constraints.Size;
 @Entity
 public class Bookmark implements Serializable {
@@ -23,14 +24,15 @@ public class Bookmark implements Serializable {
 	private Long id;
 	@NotNull
+	@Size(min = 1, message = "{required.field}")
 	private String description;
 	@NotNull
-	@Pattern(regexp = "^([a-zA-Z]+://)?(\\w+\\.\\w+)(.+)?$", message = "{invalid.url}")
+	@Size(min = 1, message = "{required.field}")
+	@Pattern(regexp = "^|([a-zA-Z]+://)(\\w+\\.\\w+)(.+)?$", message = "{invalid.url}")
 	private String link;
 	public Bookmark() {
-		super();
 	}
 	public Bookmark(String description, String link) {
@@ -20,6 +20,7 @@ import ${package}.business.BookmarkBC;
 import ${package}.entity.Bookmark;
 import br.gov.frameworkdemoiselle.BadRequestException;
 import br.gov.frameworkdemoiselle.NotFoundException;
+import br.gov.frameworkdemoiselle.security.LoggedIn;
 import br.gov.frameworkdemoiselle.transaction.Transactional;
 import br.gov.frameworkdemoiselle.util.ValidatePayload;
@@ -49,6 +50,7 @@ public class BookmarkREST {
 	}
 	@POST
+	@LoggedIn
 	@Transactional
 	@ValidatePayload
 	@Produces("text/plain")
@@ -63,6 +65,7 @@ public class BookmarkREST {
 	}
 	@PUT
+	@LoggedIn
 	@Path("{id}")
 	@Transactional
 	@ValidatePayload
@@ -77,6 +80,7 @@ public class BookmarkREST {
 	}
 	@DELETE
+	@LoggedIn
 	@Path("{id}")
 	@Transactional
 	public void delete(@PathParam("id") Long id) {
@@ -84,7 +88,7 @@ public class BookmarkREST {
 		bc.delete(id);
 	}
-	private void checkId(Bookmark entity) throws BadRequestException {
+	private void checkId(Bookmark entity) {
 		if (entity.getId() != null) {
 			throw new BadRequestException();
 		}
@@ -0,0 +1,60 @@
+package ${package}.security;
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
+
+import br.gov.frameworkdemoiselle.security.Authenticator;
+import br.gov.frameworkdemoiselle.security.Credentials;
+import br.gov.frameworkdemoiselle.security.InvalidCredentialsException;
+import br.gov.frameworkdemoiselle.security.User;
+
+@RequestScoped
+public class SimpleAuthenticator implements Authenticator {
+
+	private static final long serialVersionUID = 1L;
+
+	@Inject
+	private Credentials credentials;
+
+	private User user;
+
+	@Override
+	public void authenticate() throws Exception {
+		if (credentials.getUsername().equalsIgnoreCase("admin") && credentials.getPassword().equalsIgnoreCase("admin")) {
+			this.user = createUser();
+		} else {
+			throw new InvalidCredentialsException("usuário ou senha inválidos");
+		}
+	}
+
+	private User createUser() {
+		return new User() {
+
+			private static final long serialVersionUID = 1L;
+
+			@Override
+			public String getId() {
+				return credentials.getUsername();
+			}
+
+			@Override
+			public void setAttribute(Object key, Object value) {
+			}
+
+			@Override
+			public Object getAttribute(Object key) {
+				return null;
+			}
+		};
+	}
+
+	@Override
+	public void unauthenticate() throws Exception {
+		this.user = null;
+	}
+
+	@Override
+	public User getUser() {
+		return this.user;
+	}
+}
+required.field=campo obrigat\u00F3rio
 invalid.url=formato inv\u00E1lido
@@ -40,7 +40,7 @@ import java.io.Serializable;
 import java.util.HashMap;
 import java.util.Map;
-import javax.enterprise.context.SessionScoped;
+import javax.enterprise.context.RequestScoped;
 import br.gov.frameworkdemoiselle.internal.configuration.PaginationConfig;
 import br.gov.frameworkdemoiselle.pagination.Pagination;
@@ -54,7 +54,7 @@ import br.gov.frameworkdemoiselle.util.Beans;
  * @author SERPRO
  * @see PaginationContext
  */
-@SessionScoped
+@RequestScoped
 public class PaginationContextImpl implements Serializable, PaginationContext {
 	private static final long serialVersionUID = 1L;
@@ -63,6 +63,10 @@ public class PaginationContextImpl implements Serializable, PaginationContext {
 	private final Map<Class<?>, Pagination> cache = new HashMap<Class<?>, Pagination>();
+	public PaginationContextImpl() {
+		System.out.println();
+	}
+
 	public Pagination getPagination(final Class<?> clazz) {
 		return this.getPagination(clazz, false);
 	}
@@ -50,7 +50,7 @@ import org.junit.runner.RunWith;
 import test.Tests;
 import transaction.defaultstrategy.TransactionDefaultTest;
-import br.gov.frameworkdemoiselle.context.SessionContext;
+import br.gov.frameworkdemoiselle.context.RequestContext;
 import br.gov.frameworkdemoiselle.internal.configuration.PaginationConfig;
 import br.gov.frameworkdemoiselle.pagination.Pagination;
 import br.gov.frameworkdemoiselle.pagination.PaginationContext;
@@ -95,14 +95,16 @@ public class PaginationContextBasicTest {
 	@Before
 	public void activeContext() {
-		SessionContext context = Beans.getReference(SessionContext.class);
+		// SessionContext context = Beans.getReference(SessionContext.class);
+		RequestContext context = Beans.getReference(RequestContext.class);
 		context.activate();
 		pagination = paginationContext.getPagination(DummyEntity.class, true);
 	}
 	@After
 	public void deactiveContext() {
-		SessionContext context = Beans.getReference(SessionContext.class);
+		// SessionContext context = Beans.getReference(SessionContext.class);
+		RequestContext context = Beans.getReference(RequestContext.class);
 		context.deactivate();
 	}
@@ -50,7 +50,7 @@ import org.junit.runner.RunWith;
 import test.Tests;
 import transaction.defaultstrategy.TransactionDefaultTest;
-import br.gov.frameworkdemoiselle.context.SessionContext;
+import br.gov.frameworkdemoiselle.context.RequestContext;
 import br.gov.frameworkdemoiselle.pagination.Pagination;
 import br.gov.frameworkdemoiselle.pagination.PaginationContext;
 import br.gov.frameworkdemoiselle.util.Beans;
@@ -73,13 +73,13 @@ public class PaginationContextCache {
 	@Before
 	public void activeContext() {
-		SessionContext context = Beans.getReference(SessionContext.class);
+		RequestContext context = Beans.getReference(RequestContext.class);
 		context.activate();
 	}
 	@After
 	public void deactiveContext() {
-		SessionContext context = Beans.getReference(SessionContext.class);
+		RequestContext context = Beans.getReference(RequestContext.class);
 		context.deactivate();
 	}
@@ -50,7 +50,7 @@ import org.junit.runner.RunWith;
 import test.Tests;
 import transaction.defaultstrategy.TransactionDefaultTest;
-import br.gov.frameworkdemoiselle.context.SessionContext;
+import br.gov.frameworkdemoiselle.context.RequestContext;
 import br.gov.frameworkdemoiselle.pagination.Pagination;
 import br.gov.frameworkdemoiselle.pagination.PaginationContext;
 import br.gov.frameworkdemoiselle.util.Beans;
@@ -71,13 +71,13 @@ public class PaginationContextNullTest {
 	@Before
 	public void activeContext() {
-		SessionContext context = Beans.getReference(SessionContext.class);
+		RequestContext context = Beans.getReference(RequestContext.class);
 		context.activate();
 	}
 	@After
 	public void deactiveContext() {
-		SessionContext context = Beans.getReference(SessionContext.class);
+		RequestContext context = Beans.getReference(RequestContext.class);
 		context.deactivate();
 	}
@@ -59,6 +59,10 @@ public class Locales implements Serializable {
 	private static final Locale PT_BR = new Locale("pt", "BR");
 	private Locale locale = Locale.getDefault();
+	
+	public Locales() {
+		System.out.println();
+	}
 	@Inject
 	private FacesContext facesContext;
@@ -0,0 +1,19 @@
+package br.gov.frameworkdemoiselle.internal.implementation;
+
+import javax.servlet.annotation.WebListener;
+import javax.servlet.http.HttpSessionEvent;
+import javax.servlet.http.HttpSessionListener;
+
+@WebListener
+public class SessionNotPermittedListener implements HttpSessionListener {
+
+	@Override
+	public void sessionCreated(HttpSessionEvent event) {
+		event.getSession().invalidate();
+		throw new IllegalStateException("Session use is not permitted.");
+	}
+
+	@Override
+	public void sessionDestroyed(HttpSessionEvent event) {
+	}
+}
@@ -67,8 +67,17 @@ public class BasicAuthFilter implements Filter {
 	@Override
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
 			ServletException {
+		if (request instanceof HttpServletRequest && ((HttpServletRequest) request).getUserPrincipal() == null) {
+			tryLogin((HttpServletRequest) request, (HttpServletResponse) response, chain);
+		} else {
+			chain.doFilter(request, response);
+		}
+	}
+
+	private void tryLogin(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
 		try {
-			boolean isLoggedIn = performLogin(getAuthHeader(request), (HttpServletRequest) request);
+			boolean isLoggedIn = performLogin(getAuthHeader(request), request);
 			chain.doFilter(request, response);
@@ -77,7 +86,7 @@ public class BasicAuthFilter implements Filter {
 			}
 		} catch (InvalidCredentialsException cause) {
-			setUnauthorizedStatus((HttpServletResponse) response, cause);
+			setUnauthorizedStatus(response, cause);
 		}
 	}
@@ -112,17 +121,9 @@ public class BasicAuthFilter implements Filter {
 		response.getWriter().close();
 	}
-	private String getAuthHeader(ServletRequest request) {
-		String result = null;
-
-		if (request instanceof HttpServletRequest) {
-			HttpServletRequest httpRequest = ((HttpServletRequest) request);
-
-			result = httpRequest.getHeader("Authorization");
-			result = (result == null ? httpRequest.getHeader("authorization") : result);
-		}
-
-		return result;
+	private String getAuthHeader(HttpServletRequest request) {
+		String result = request.getHeader("Authorization");
+		return (result == null ? request.getHeader("authorization") : result);
 	}
 	private static String[] getCredentials(String header) throws InvalidCredentialsException {
@@ -66,6 +66,14 @@ public class ServletFilter implements Filter {
 			ServletException {
 		setDelegate(request, response);
 		chain.doFilter(request, response);
+
+		// if (request instanceof HttpServletRequest) {
+		// Object attribute = ((HttpServletRequest) request).getAttribute("x");
+		// ((HttpServletResponse) response).setHeader("Set-Cookie", "");
+		// ((HttpServletResponse) response).setHeader("XXXX", "CCCC");
+		// response.getWriter().flush();
+		// response.getWriter().close();
+		// }
 	}
 	private void setDelegate(ServletRequest request, ServletResponse response) {
@@ -37,6 +37,8 @@
 package br.gov.frameworkdemoiselle.util;
 import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+import javax.servlet.annotation.WebListener;
 import br.gov.frameworkdemoiselle.lifecycle.AfterShutdownProccess;
 import br.gov.frameworkdemoiselle.lifecycle.AfterStartupProccess;
@@ -47,7 +49,8 @@ import br.gov.frameworkdemoiselle.lifecycle.AfterStartupProccess;
  * 
  * @author SERPRO
  */
-public class ServletListener implements javax.servlet.ServletContextListener {
+@WebListener
+public class ServletListener implements ServletContextListener {
 	@Override
 	public void contextInitialized(ServletContextEvent event) {
@@ -52,6 +52,8 @@
 		<url-pattern>/*</url-pattern>
 	</filter-mapping>
+	<!--
+	-->
 	<filter>
 		<filter-name>Demoiselle BasicAuth Filter</filter-name>
 		<filter-class>br.gov.frameworkdemoiselle.util.BasicAuthFilter</filter-class>
@@ -18,7 +18,6 @@ public class HelperServlet extends HttpServlet {
 	@Override
 	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-
 		HttpServletRequest httpRequest = Beans.getReference(HttpServletRequest.class);
 		if (httpRequest != null) {
@@ -0,0 +1,60 @@		@@ -0,0 +1,60 @@
	1	+package ${package}.security;
	2	+
	3	+import javax.enterprise.context.RequestScoped;
	4	+import javax.inject.Inject;
	5	+
	6	+import br.gov.frameworkdemoiselle.security.Authenticator;
	7	+import br.gov.frameworkdemoiselle.security.Credentials;
	8	+import br.gov.frameworkdemoiselle.security.InvalidCredentialsException;
	9	+import br.gov.frameworkdemoiselle.security.User;
	10	+
	11	+@RequestScoped
	12	+public class SimpleAuthenticator implements Authenticator {
	13	+
	14	+ private static final long serialVersionUID = 1L;
	15	+
	16	+ @Inject
	17	+ private Credentials credentials;
	18	+
	19	+ private User user;
	20	+
	21	+ @Override
	22	+ public void authenticate() throws Exception {
	23	+ if (credentials.getUsername().equalsIgnoreCase("admin") && credentials.getPassword().equalsIgnoreCase("admin")) {
	24	+ this.user = createUser();
	25	+ } else {
	26	+ throw new InvalidCredentialsException("usuário ou senha inválidos");
	27	+ }
	28	+ }
	29	+
	30	+ private User createUser() {
	31	+ return new User() {
	32	+
	33	+ private static final long serialVersionUID = 1L;
	34	+
	35	+ @Override
	36	+ public String getId() {
	37	+ return credentials.getUsername();
	38	+ }
	39	+
	40	+ @Override
	41	+ public void setAttribute(Object key, Object value) {
	42	+ }
	43	+
	44	+ @Override
	45	+ public Object getAttribute(Object key) {
	46	+ return null;
	47	+ }
	48	+ };
	49	+ }
	50	+
	51	+ @Override
	52	+ public void unauthenticate() throws Exception {
	53	+ this.user = null;
	54	+ }
	55	+
	56	+ @Override
	57	+ public User getUser() {
	58	+ return this.user;
	59	+ }
	60	+}
		1	+required.field=campo obrigat\u00F3rio
1	invalid.url=formato inv\u00E1lido	2	invalid.url=formato inv\u00E1lido
	@@ -50,7 +50,7 @@ import org.junit.runner.RunWith;		@@ -50,7 +50,7 @@ import org.junit.runner.RunWith;
50		50
51	import test.Tests;	51	import test.Tests;
52	import transaction.defaultstrategy.TransactionDefaultTest;	52	import transaction.defaultstrategy.TransactionDefaultTest;
53	-import br.gov.frameworkdemoiselle.context.SessionContext;	53	+import br.gov.frameworkdemoiselle.context.RequestContext;
54	import br.gov.frameworkdemoiselle.pagination.Pagination;	54	import br.gov.frameworkdemoiselle.pagination.Pagination;
55	import br.gov.frameworkdemoiselle.pagination.PaginationContext;	55	import br.gov.frameworkdemoiselle.pagination.PaginationContext;
56	import br.gov.frameworkdemoiselle.util.Beans;	56	import br.gov.frameworkdemoiselle.util.Beans;
	@@ -73,13 +73,13 @@ public class PaginationContextCache {		@@ -73,13 +73,13 @@ public class PaginationContextCache {
73		73
74	@Before	74	@Before
75	public void activeContext() {	75	public void activeContext() {
76	- SessionContext context = Beans.getReference(SessionContext.class);	76	+ RequestContext context = Beans.getReference(RequestContext.class);
77	context.activate();	77	context.activate();
78	}	78	}
79		79
80	@After	80	@After
81	public void deactiveContext() {	81	public void deactiveContext() {
82	- SessionContext context = Beans.getReference(SessionContext.class);	82	+ RequestContext context = Beans.getReference(RequestContext.class);
83	context.deactivate();	83	context.deactivate();
84	}	84	}
85		85
@@ -0,0 +1,19 @@		@@ -0,0 +1,19 @@
	1	+package br.gov.frameworkdemoiselle.internal.implementation;
	2	+
	3	+import javax.servlet.annotation.WebListener;
	4	+import javax.servlet.http.HttpSessionEvent;
	5	+import javax.servlet.http.HttpSessionListener;
	6	+
	7	+@WebListener
	8	+public class SessionNotPermittedListener implements HttpSessionListener {
	9	+
	10	+ @Override
	11	+ public void sessionCreated(HttpSessionEvent event) {
	12	+ event.getSession().invalidate();
	13	+ throw new IllegalStateException("Session use is not permitted.");
	14	+ }
	15	+
	16	+ @Override
	17	+ public void sessionDestroyed(HttpSessionEvent event) {
	18	+ }
	19	+}
	@@ -66,6 +66,14 @@ public class ServletFilter implements Filter {		@@ -66,6 +66,14 @@ public class ServletFilter implements Filter {
66	ServletException {	66	ServletException {
67	setDelegate(request, response);	67	setDelegate(request, response);
68	chain.doFilter(request, response);	68	chain.doFilter(request, response);
		69	+
		70	+ // if (request instanceof HttpServletRequest) {
		71	+ // Object attribute = ((HttpServletRequest) request).getAttribute("x");
		72	+ // ((HttpServletResponse) response).setHeader("Set-Cookie", "");
		73	+ // ((HttpServletResponse) response).setHeader("XXXX", "CCCC");
		74	+ // response.getWriter().flush();
		75	+ // response.getWriter().close();
		76	+ // }
69	}	77	}
70		78
71	private void setDelegate(ServletRequest request, ServletResponse response) {	79	private void setDelegate(ServletRequest request, ServletResponse response) {
	@@ -18,7 +18,6 @@ public class HelperServlet extends HttpServlet {		@@ -18,7 +18,6 @@ public class HelperServlet extends HttpServlet {
18		18
19	@Override	19	@Override
20	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {	20	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
21	-
22	HttpServletRequest httpRequest = Beans.getReference(HttpServletRequest.class);	21	HttpServletRequest httpRequest = Beans.getReference(HttpServletRequest.class);
23		22
24	if (httpRequest != null) {	23	if (httpRequest != null) {