diff options
Diffstat (limited to 'src/org')
-rw-r--r-- | src/org/traccar/helper/Authorization.java | 6 | ||||
-rw-r--r-- | src/org/traccar/web/BaseServlet.java | 68 |
2 files changed, 59 insertions, 15 deletions
diff --git a/src/org/traccar/helper/Authorization.java b/src/org/traccar/helper/Authorization.java index fc34687cd..d0877630d 100644 --- a/src/org/traccar/helper/Authorization.java +++ b/src/org/traccar/helper/Authorization.java @@ -28,13 +28,13 @@ public final class Authorization { private Authorization() { } - public static final String HEADER = "Authorization"; - public static final String SCHEME = "Basic"; - public static final String REGEX = SCHEME + " "; + public static final String AUTHORIAZTION_SCHEME_VALUE = "Basic"; + public static final String REGEX = AUTHORIAZTION_SCHEME_VALUE + " "; public static final String REPLACEMENT = ""; public static final String TOKENIZER = ":"; public static final String USERNAME = "username"; public static final String PASSWORD = "password"; + public static final String WWW_AUTHENTICATE_VALUE = "Basic realm=\"api\""; public static Map<String, String> parse(String authorization) { Map<String, String> authMap = new HashMap<>(); diff --git a/src/org/traccar/web/BaseServlet.java b/src/org/traccar/web/BaseServlet.java index 039e3a1f4..54cd10ad8 100644 --- a/src/org/traccar/web/BaseServlet.java +++ b/src/org/traccar/web/BaseServlet.java @@ -20,6 +20,7 @@ import org.traccar.helper.Log; import java.io.IOException; import java.io.Writer; import java.security.AccessControlException; +import java.util.Collection; import java.util.Map; import javax.json.Json; import javax.json.JsonObjectBuilder; @@ -28,6 +29,8 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.jboss.netty.handler.codec.http.HttpHeaders; +import org.jboss.netty.util.CharsetUtil; import org.traccar.Context; import org.traccar.helper.Authorization; import org.traccar.model.User; @@ -35,25 +38,34 @@ import org.traccar.model.User; public abstract class BaseServlet extends HttpServlet { public static final String USER_KEY = "user"; + public static final String ALLOW_ORIGIN_VALUE = "*"; + public static final String ALLOW_HEADERS_VALUE = "Origin, X-Requested-With, Content-Type, Accept"; + public static final String ALLOW_METHODS_VALUE = "GET, POST, PUT, DELETE"; + public static final String APPLICATION_JSON = "application/json"; + public static final String GET = "GET"; + public static final String POST = "POST"; + public static final String PUT = "PUT"; + public static final String DELETE = "DELETE"; @Override protected final void service( HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - - String command = req.getPathInfo(); - if (command == null) { - command = ""; - } try { - resp.setContentType("application/json"); - resp.setCharacterEncoding("UTF-8"); - resp.setHeader("Access-Control-Allow-Origin", "*"); - resp.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); - resp.setHeader("Access-Control-Allow-Methods", "GET, POST"); - if (!handle(command, req, resp)) { + resp.setContentType(APPLICATION_JSON); + resp.setCharacterEncoding(CharsetUtil.UTF_8.name()); + resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_ORIGIN, ALLOW_ORIGIN_VALUE); + resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_HEADERS, ALLOW_HEADERS_VALUE); + resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_METHODS, ALLOW_METHODS_VALUE); + if (!handle(getCommand(req), req, resp)) { resp.sendError(HttpServletResponse.SC_BAD_REQUEST); } } catch (Exception error) { + if (error instanceof AccessControlException) { + resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + resp.addHeader(HttpHeaders.Names.WWW_AUTHENTICATE, Authorization.WWW_AUTHENTICATE_VALUE); + } else if (error instanceof SecurityException) { + resp.setStatus(HttpServletResponse.SC_FORBIDDEN); + } sendResponse(resp.getWriter(), error); } } @@ -62,7 +74,7 @@ public abstract class BaseServlet extends HttpServlet { String command, HttpServletRequest req, HttpServletResponse resp) throws Exception; public long getUserId(HttpServletRequest req) throws Exception { - String authorization = req.getHeader(Authorization.HEADER); + String authorization = req.getHeader(HttpHeaders.Names.AUTHORIZATION); if (authorization != null && !authorization.isEmpty()) { Map<String, String> authMap = Authorization.parse(authorization); String username = authMap.get(Authorization.USERNAME); @@ -92,6 +104,16 @@ public abstract class BaseServlet extends HttpServlet { writer.write(result.build().toString()); } + public void sendResponse(HttpServletResponse resp, Collection collection) throws IOException { + if (collection.isEmpty()) { + resp.setStatus(HttpServletResponse.SC_NOT_FOUND); + } + JsonObjectBuilder result = Json.createObjectBuilder(); + result.add("success", true); + result.add("data", JsonConverter.arrayToJson(collection)); + resp.getWriter().write(result.build().toString()); + } + public void sendResponse(Writer writer, Exception error) throws IOException { JsonObjectBuilder result = Json.createObjectBuilder(); result.add("success", false); @@ -99,4 +121,26 @@ public abstract class BaseServlet extends HttpServlet { writer.write(result.build().toString()); } + private String getCommand(HttpServletRequest req) { + String command = req.getPathInfo(); + if (command == null) { + switch (req.getMethod()) { + case GET: + command = "/get"; + break; + case POST: + command = "/add"; + break; + case PUT: + command = "/update"; + break; + case DELETE: + command = "/remove"; + break; + default: + command = ""; + } + } + return command; + } } |