aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/org/traccar/helper/Authorization.java6
-rw-r--r--src/org/traccar/web/BaseServlet.java68
2 files changed, 59 insertions, 15 deletions
diff --git a/src/org/traccar/helper/Authorization.java b/src/org/traccar/helper/Authorization.java
index fc34687cd..d0877630d 100644
--- a/src/org/traccar/helper/Authorization.java
+++ b/src/org/traccar/helper/Authorization.java
@@ -28,13 +28,13 @@ public final class Authorization {
private Authorization() {
}
- public static final String HEADER = "Authorization";
- public static final String SCHEME = "Basic";
- public static final String REGEX = SCHEME + " ";
+ public static final String AUTHORIAZTION_SCHEME_VALUE = "Basic";
+ public static final String REGEX = AUTHORIAZTION_SCHEME_VALUE + " ";
public static final String REPLACEMENT = "";
public static final String TOKENIZER = ":";
public static final String USERNAME = "username";
public static final String PASSWORD = "password";
+ public static final String WWW_AUTHENTICATE_VALUE = "Basic realm=\"api\"";
public static Map<String, String> parse(String authorization) {
Map<String, String> authMap = new HashMap<>();
diff --git a/src/org/traccar/web/BaseServlet.java b/src/org/traccar/web/BaseServlet.java
index 039e3a1f4..54cd10ad8 100644
--- a/src/org/traccar/web/BaseServlet.java
+++ b/src/org/traccar/web/BaseServlet.java
@@ -20,6 +20,7 @@ import org.traccar.helper.Log;
import java.io.IOException;
import java.io.Writer;
import java.security.AccessControlException;
+import java.util.Collection;
import java.util.Map;
import javax.json.Json;
import javax.json.JsonObjectBuilder;
@@ -28,6 +29,8 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.jboss.netty.handler.codec.http.HttpHeaders;
+import org.jboss.netty.util.CharsetUtil;
import org.traccar.Context;
import org.traccar.helper.Authorization;
import org.traccar.model.User;
@@ -35,25 +38,34 @@ import org.traccar.model.User;
public abstract class BaseServlet extends HttpServlet {
public static final String USER_KEY = "user";
+ public static final String ALLOW_ORIGIN_VALUE = "*";
+ public static final String ALLOW_HEADERS_VALUE = "Origin, X-Requested-With, Content-Type, Accept";
+ public static final String ALLOW_METHODS_VALUE = "GET, POST, PUT, DELETE";
+ public static final String APPLICATION_JSON = "application/json";
+ public static final String GET = "GET";
+ public static final String POST = "POST";
+ public static final String PUT = "PUT";
+ public static final String DELETE = "DELETE";
@Override
protected final void service(
HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
-
- String command = req.getPathInfo();
- if (command == null) {
- command = "";
- }
try {
- resp.setContentType("application/json");
- resp.setCharacterEncoding("UTF-8");
- resp.setHeader("Access-Control-Allow-Origin", "*");
- resp.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
- resp.setHeader("Access-Control-Allow-Methods", "GET, POST");
- if (!handle(command, req, resp)) {
+ resp.setContentType(APPLICATION_JSON);
+ resp.setCharacterEncoding(CharsetUtil.UTF_8.name());
+ resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_ORIGIN, ALLOW_ORIGIN_VALUE);
+ resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_HEADERS, ALLOW_HEADERS_VALUE);
+ resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_METHODS, ALLOW_METHODS_VALUE);
+ if (!handle(getCommand(req), req, resp)) {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
}
} catch (Exception error) {
+ if (error instanceof AccessControlException) {
+ resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ resp.addHeader(HttpHeaders.Names.WWW_AUTHENTICATE, Authorization.WWW_AUTHENTICATE_VALUE);
+ } else if (error instanceof SecurityException) {
+ resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
+ }
sendResponse(resp.getWriter(), error);
}
}
@@ -62,7 +74,7 @@ public abstract class BaseServlet extends HttpServlet {
String command, HttpServletRequest req, HttpServletResponse resp) throws Exception;
public long getUserId(HttpServletRequest req) throws Exception {
- String authorization = req.getHeader(Authorization.HEADER);
+ String authorization = req.getHeader(HttpHeaders.Names.AUTHORIZATION);
if (authorization != null && !authorization.isEmpty()) {
Map<String, String> authMap = Authorization.parse(authorization);
String username = authMap.get(Authorization.USERNAME);
@@ -92,6 +104,16 @@ public abstract class BaseServlet extends HttpServlet {
writer.write(result.build().toString());
}
+ public void sendResponse(HttpServletResponse resp, Collection collection) throws IOException {
+ if (collection.isEmpty()) {
+ resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
+ }
+ JsonObjectBuilder result = Json.createObjectBuilder();
+ result.add("success", true);
+ result.add("data", JsonConverter.arrayToJson(collection));
+ resp.getWriter().write(result.build().toString());
+ }
+
public void sendResponse(Writer writer, Exception error) throws IOException {
JsonObjectBuilder result = Json.createObjectBuilder();
result.add("success", false);
@@ -99,4 +121,26 @@ public abstract class BaseServlet extends HttpServlet {
writer.write(result.build().toString());
}
+ private String getCommand(HttpServletRequest req) {
+ String command = req.getPathInfo();
+ if (command == null) {
+ switch (req.getMethod()) {
+ case GET:
+ command = "/get";
+ break;
+ case POST:
+ command = "/add";
+ break;
+ case PUT:
+ command = "/update";
+ break;
+ case DELETE:
+ command = "/remove";
+ break;
+ default:
+ command = "";
+ }
+ }
+ return command;
+ }
}