From c57bd2d472467b1b3a45aee1b97c9a0aeef5958a Mon Sep 17 00:00:00 2001 From: Rafael Guterres Date: Fri, 27 Nov 2015 03:32:59 -0200 Subject: Initial implementation of new api with jax-rs. Revert servlets to old api and remove plurals. Fix findbugs for header origin. --- src/org/traccar/api/ApplicationRole.java | 25 +++++ src/org/traccar/api/AuthorizationBasic.java | 98 +++++++++++++++++ src/org/traccar/api/BaseResource.java | 99 +++++++++++++++++ src/org/traccar/api/CORSResponseFilter.java | 54 ++++++++++ src/org/traccar/api/ResponseBuilder.java | 129 +++++++++++++++++++++++ src/org/traccar/api/SecurityContextApi.java | 55 ++++++++++ src/org/traccar/api/SecurityRequestFilter.java | 82 ++++++++++++++ src/org/traccar/api/UserPrincipal.java | 74 +++++++++++++ src/org/traccar/api/resource/DeviceResource.java | 77 ++++++++++++++ src/org/traccar/api/resource/UserResource.java | 77 ++++++++++++++ 10 files changed, 770 insertions(+) create mode 100644 src/org/traccar/api/ApplicationRole.java create mode 100644 src/org/traccar/api/AuthorizationBasic.java create mode 100644 src/org/traccar/api/BaseResource.java create mode 100644 src/org/traccar/api/CORSResponseFilter.java create mode 100644 src/org/traccar/api/ResponseBuilder.java create mode 100644 src/org/traccar/api/SecurityContextApi.java create mode 100644 src/org/traccar/api/SecurityRequestFilter.java create mode 100644 src/org/traccar/api/UserPrincipal.java create mode 100644 src/org/traccar/api/resource/DeviceResource.java create mode 100644 src/org/traccar/api/resource/UserResource.java (limited to 'src/org/traccar/api') diff --git a/src/org/traccar/api/ApplicationRole.java b/src/org/traccar/api/ApplicationRole.java new file mode 100644 index 000000000..4da5f6708 --- /dev/null +++ b/src/org/traccar/api/ApplicationRole.java @@ -0,0 +1,25 @@ +/* + * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api; + +public final class ApplicationRole { + + public static final String USER = "USER"; + public static final String ADMIN = "ADMIN"; + + private ApplicationRole() { + } +} diff --git a/src/org/traccar/api/AuthorizationBasic.java b/src/org/traccar/api/AuthorizationBasic.java new file mode 100644 index 000000000..807320940 --- /dev/null +++ b/src/org/traccar/api/AuthorizationBasic.java @@ -0,0 +1,98 @@ +/* + * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api; + +import java.sql.SQLException; +import java.util.List; +import java.util.Set; +import java.util.StringTokenizer; +import java.util.TreeSet; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.core.MultivaluedMap; +import org.jboss.netty.buffer.ChannelBuffer; +import org.jboss.netty.buffer.ChannelBuffers; +import org.jboss.netty.handler.codec.base64.Base64; +import org.jboss.netty.util.CharsetUtil; +import org.traccar.Context; +import org.traccar.model.User; + +public final class AuthorizationBasic { + + private AuthorizationBasic() { + } + + public static final String AUTHORIZATION_HEADER = "Authorization"; + public static final String AUTHORIZATION_SCHEME_VALUE = "Basic"; + public static final String REGEX = AUTHORIZATION_SCHEME_VALUE + " "; + public static final String REPLACEMENT = ""; + public static final String TOKENIZER = ":"; + public static final String USERNAME = "username"; + public static final String PASSWORD = "password"; + public static final String WWW_AUTHENTICATE_VALUE = "Basic realm=\"api\""; + + public static UserPrincipal getUserPrincipal(ContainerRequestContext requestContext) { + final MultivaluedMap headers = requestContext.getHeaders(); + final List authorization = headers.get(AUTHORIZATION_HEADER); + if (authorization == null || authorization.isEmpty()) { + return null; + } + final String encodedUsernameAndPassword = authorization.get(0).replaceFirst(REGEX, REPLACEMENT); + ChannelBuffer buffer = ChannelBuffers.copiedBuffer(encodedUsernameAndPassword, CharsetUtil.UTF_8); + String usernameAndPassword = Base64.decode(buffer).toString(CharsetUtil.UTF_8); + final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, TOKENIZER); + String username = tokenizer.nextToken(); + String password = tokenizer.nextToken(); + Set roles = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); + UserPrincipal userPrincipal = new UserPrincipal(username, password, roles); + return userPrincipal; + } + + public static boolean isAuthenticatedUser(UserPrincipal userPrincipal) { + if (userPrincipal.getName() != null && userPrincipal.getPassword() != null) { + User user; + try { + user = Context.getDataManager().login(userPrincipal.getName(), userPrincipal.getPassword()); + } catch (SQLException e) { + return false; + } + if (user != null) { + userPrincipal.setId(user.getId()); + /* + for (Role role : user.getRoles()) { + userPrincipal.getRoles().add(role.getName()); + } + */ + + //Temporary solution + userPrincipal.getRoles().add(ApplicationRole.USER); + if (user.getAdmin()) { + userPrincipal.getRoles().add(ApplicationRole.ADMIN); + } + return true; + } + } + return false; + } + + public static boolean isAuthorizedUser(UserPrincipal userPrincipal, Set roles) { + for (String role : roles) { + if (userPrincipal.getRoles().contains(role)) { + return true; + } + } + return false; + } +} diff --git a/src/org/traccar/api/BaseResource.java b/src/org/traccar/api/BaseResource.java new file mode 100644 index 000000000..54d606ab6 --- /dev/null +++ b/src/org/traccar/api/BaseResource.java @@ -0,0 +1,99 @@ +/* + * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api; + +import java.sql.SQLException; +import java.util.Collection; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.SecurityContext; +import org.traccar.Context; +import org.traccar.helper.Clazz; + +public class BaseResource { + + private final Class clazz = Clazz.getGenericArgumentType(getClass()); + + @javax.ws.rs.core.Context + private SecurityContext securityContext; + + public Collection getEntities() { + Collection collection; + try { + collection = Context.getDataManager().get(clazz); + } catch (SQLException e) { + throw new WebApplicationException(ResponseBuilder.badRequest(e)); + } + if (collection == null || collection.isEmpty()) { + throw new WebApplicationException(ResponseBuilder.notFound()); + } else { + return collection; + } + } + + public T getEntity(I id) { + validateSecurityContext(ApplicationRole.USER, id); + T entity = Clazz.newInstance(clazz); + try { + Clazz.setId(entity, id); + entity = Context.getDataManager().get(entity); + } catch (Exception e) { + throw new WebApplicationException(ResponseBuilder.badRequest(e)); + } + if (entity == null) { + throw new WebApplicationException(ResponseBuilder.notFound()); + } else { + return entity; + } + } + + public Response postEntity(T entity) { + try { + Context.getDataManager().add(entity); + return ResponseBuilder.ok(entity); + } catch (Exception e) { + return ResponseBuilder.badRequest(e); + } + } + + public Response putEntity(I id, T entity) { + try { + Clazz.setId(entity, id); + Context.getDataManager().update(entity); + return ResponseBuilder.ok(entity); + } catch (Exception e) { + return ResponseBuilder.badRequest(e); + } + } + + public Response deleteEntity(I id) { + try { + T entity = Clazz.newInstance(clazz); + Clazz.setId(entity, id); + Context.getDataManager().remove(entity); + return ResponseBuilder.deleted(); + } catch (Exception e) { + return ResponseBuilder.badRequest(e); + } + } + + private void validateSecurityContext(String role, I id) { + UserPrincipal userPrincipal = (UserPrincipal) securityContext.getUserPrincipal(); + if (!securityContext.isUserInRole(role) && !userPrincipal.getId().equals(id)) { + throw new WebApplicationException(ResponseBuilder.forbidden()); + } + } +} diff --git a/src/org/traccar/api/CORSResponseFilter.java b/src/org/traccar/api/CORSResponseFilter.java new file mode 100644 index 000000000..039a749c4 --- /dev/null +++ b/src/org/traccar/api/CORSResponseFilter.java @@ -0,0 +1,54 @@ +/* + * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api; + +import java.io.IOException; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerResponseContext; +import javax.ws.rs.container.ContainerResponseFilter; +import javax.ws.rs.ext.Provider; + +@Provider +public class CORSResponseFilter implements ContainerResponseFilter { + + public static final String ACCESS_CONTROL_ALLOW_ORIGIN_KEY = "Access-Control-Allow-Origin"; + public static final String ACCESS_CONTROL_ALLOW_ORIGIN_VALUE = "*"; + + public static final String ACCESS_CONTROL_ALLOW_HEADERS_KEY = "Access-Control-Allow-Headers"; + public static final String ACCESS_CONTROL_ALLOW_HEADERS_VALUE = "origin, content-type, accept, authorization"; + + public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS_KEY = "Access-Control-Allow-Credentials"; + public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS_VALUE = "true"; + + public static final String ACCESS_CONTROL_ALLOW_METHODS_KEY = "Access-Control-Allow-Methods"; + public static final String ACCESS_CONTROL_ALLOW_METHODS_VALUE = "GET, POST, PUT, DELETE"; + + @Override + public void filter(ContainerRequestContext request, ContainerResponseContext response) throws IOException { + if (!response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN_KEY)) { + response.getHeaders().add(ACCESS_CONTROL_ALLOW_ORIGIN_KEY, ACCESS_CONTROL_ALLOW_ORIGIN_VALUE); + } + if (!response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_HEADERS_KEY)) { + response.getHeaders().add(ACCESS_CONTROL_ALLOW_HEADERS_KEY, ACCESS_CONTROL_ALLOW_HEADERS_VALUE); + } + if (!response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_CREDENTIALS_KEY)) { + response.getHeaders().add(ACCESS_CONTROL_ALLOW_CREDENTIALS_KEY, ACCESS_CONTROL_ALLOW_CREDENTIALS_VALUE); + } + if (!response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_METHODS_KEY)) { + response.getHeaders().add(ACCESS_CONTROL_ALLOW_METHODS_KEY, ACCESS_CONTROL_ALLOW_METHODS_VALUE); + } + } +} diff --git a/src/org/traccar/api/ResponseBuilder.java b/src/org/traccar/api/ResponseBuilder.java new file mode 100644 index 000000000..195cb1923 --- /dev/null +++ b/src/org/traccar/api/ResponseBuilder.java @@ -0,0 +1,129 @@ +/* + * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api; + +import java.io.Serializable; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.Collection; +import java.util.HashMap; +import java.util.Map; +import java.util.logging.Logger; +import javax.ws.rs.core.Response; + +public final class ResponseBuilder implements Serializable { + + private static final long serialVersionUID = -2348334499023022836L; + + private static final String WWW_AUTHENTICATE = "WWW-Authenticate"; + private static final String BASIC_REALM = "Basic realm=\"api\""; + private static final String ERROR = "error"; + + private ResponseBuilder() { + } + + public static Response ok() { + return Response.status(Response.Status.OK).build(); + } + + public static Response ok(T entity) { + return Response.status(Response.Status.OK).entity(entity).build(); + } + + public static Response ok(Collection entities) { + return Response.ok(entities).build(); + } + + public static Response created() { + return Response.status(Response.Status.CREATED).build(); + } + + public static Response created(T entity) { + return Response.status(Response.Status.CREATED).entity(entity).build(); + } + + public static Response accepted() { + return Response.status(Response.Status.ACCEPTED).build(); + } + + public static Response accepted(T entity) { + return Response.status(Response.Status.ACCEPTED).entity(entity).build(); + } + + public static Response deleted() { + return Response.status(Response.Status.NO_CONTENT).build(); + } + + public static Response notModified() { + return Response.status(Response.Status.NOT_MODIFIED).build(); + } + + public static Response badRequest() { + return Response.status(Response.Status.BAD_REQUEST).build(); + } + + public static Response badRequest(Exception e) { + return Response.status(Response.Status.BAD_REQUEST).entity(getError(e)).build(); + } + + public static Response unauthorized() { + return Response.status(Response.Status.UNAUTHORIZED).header(WWW_AUTHENTICATE, BASIC_REALM).build(); + } + + public static Response forbidden() { + return Response.status(Response.Status.FORBIDDEN).entity(getError(Response.Status.FORBIDDEN.name())).build(); + } + + public static Response notFound() { + return Response.status(Response.Status.NOT_FOUND).build(); + } + + public static Response timeout() { + return Response.status(Response.Status.REQUEST_TIMEOUT).build(); + } + + public static Response conflict() { + return Response.status(Response.Status.CONFLICT).build(); + } + + public static Response conflict(Exception e) { + return Response.status(Response.Status.CONFLICT).entity(getError(e)).build(); + } + + public static Response notImplemented() { + return Response.status(Response.Status.NOT_IMPLEMENTED).build(); + } + + public static Response redirect(String uri) { + try { + return Response.seeOther(new URI(uri)).build(); + } catch (URISyntaxException e) { + Logger.getAnonymousLogger().warning(e.getMessage()); + return null; + } + } + + private static Map getError(Exception e) { + return getError(e.getMessage()); + } + + private static Map getError(String message) { + Map error = new HashMap<>(); + error.put(ERROR, message); + return error; + } + +} diff --git a/src/org/traccar/api/SecurityContextApi.java b/src/org/traccar/api/SecurityContextApi.java new file mode 100644 index 000000000..df10340c5 --- /dev/null +++ b/src/org/traccar/api/SecurityContextApi.java @@ -0,0 +1,55 @@ +/* + * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api; + +import java.security.Principal; +import javax.ws.rs.core.SecurityContext; + +public class SecurityContextApi implements SecurityContext { + + private static final String AUTHENTICATION_SCHEME = "BASIC"; + private static final boolean IS_SECURE = true; + + private Principal userPrincipal; + + public SecurityContextApi(Principal userPrincipal) { + this.userPrincipal = userPrincipal; + } + + public SecurityContextApi() { + } + + @Override + public Principal getUserPrincipal() { + return userPrincipal; + } + + @Override + public boolean isUserInRole(String role) { + UserPrincipal user = (UserPrincipal) userPrincipal; + return user.getRoles().contains(role); + } + + @Override + public boolean isSecure() { + return IS_SECURE; + } + + @Override + public String getAuthenticationScheme() { + return AUTHENTICATION_SCHEME; + } +} diff --git a/src/org/traccar/api/SecurityRequestFilter.java b/src/org/traccar/api/SecurityRequestFilter.java new file mode 100644 index 000000000..9d59cdc01 --- /dev/null +++ b/src/org/traccar/api/SecurityRequestFilter.java @@ -0,0 +1,82 @@ +/* + * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api; + +import java.lang.reflect.Method; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; +import javax.annotation.security.DenyAll; +import javax.annotation.security.PermitAll; +import javax.annotation.security.RolesAllowed; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.container.ResourceInfo; +import javax.ws.rs.ext.Provider; + +@Provider +public class SecurityRequestFilter implements ContainerRequestFilter { + + @javax.ws.rs.core.Context + private ResourceInfo resourceInfo; + + @Override + public void filter(ContainerRequestContext requestContext) { + Method method = resourceInfo.getResourceMethod(); + + //@PermitAll + if (method.isAnnotationPresent(PermitAll.class)) { + return; + } + + //@DenyAll + if (method.isAnnotationPresent(DenyAll.class)) { + requestContext.abortWith(ResponseBuilder.forbidden()); + return; + } + + //AuthorizationBasic + UserPrincipal userPrincipal = AuthorizationBasic.getUserPrincipal(requestContext); + if (userPrincipal == null + || userPrincipal.getName() == null + || userPrincipal.getPassword() == null + || !isAuthenticatedUser(userPrincipal)) { + requestContext.abortWith(ResponseBuilder.unauthorized()); + return; + } + + //@RolesAllowed + if (method.isAnnotationPresent(RolesAllowed.class)) { + RolesAllowed rolesAnnotation = method.getAnnotation(RolesAllowed.class); + Set roles = new HashSet<>(Arrays.asList(rolesAnnotation.value())); + if (!isAuthorizedUser(userPrincipal, roles)) { + requestContext.abortWith(ResponseBuilder.forbidden()); + return; + } + } + + //SecurityContext + requestContext.setSecurityContext(new SecurityContextApi(userPrincipal)); + } + + private boolean isAuthenticatedUser(UserPrincipal principal) { + return AuthorizationBasic.isAuthenticatedUser(principal); + } + + private boolean isAuthorizedUser(UserPrincipal userPrincipal, Set roles) { + return AuthorizationBasic.isAuthorizedUser(userPrincipal, roles); + } +} diff --git a/src/org/traccar/api/UserPrincipal.java b/src/org/traccar/api/UserPrincipal.java new file mode 100644 index 000000000..387b7627c --- /dev/null +++ b/src/org/traccar/api/UserPrincipal.java @@ -0,0 +1,74 @@ +/* + * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api; + +import java.security.Principal; +import java.util.Set; + +public class UserPrincipal implements Principal { + + private Long id; + private String username; + private String password; + private Set roles; + + public UserPrincipal(String username, String password, Set roles) { + this.username = username; + this.password = password; + this.roles = roles; + } + + public UserPrincipal(String username, Set roles) { + this.username = username; + this.roles = roles; + } + + public UserPrincipal(String username) { + this.username = username; + } + + public UserPrincipal() { + } + + public Long getId() { + return id; + } + + public void setId(Long id) { + this.id = id; + } + + @Override + public String getName() { + return username; + } + + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + + public Set getRoles() { + return roles; + } + + public void setRoles(Set roles) { + this.roles = roles; + } +} diff --git a/src/org/traccar/api/resource/DeviceResource.java b/src/org/traccar/api/resource/DeviceResource.java new file mode 100644 index 000000000..4152bcf81 --- /dev/null +++ b/src/org/traccar/api/resource/DeviceResource.java @@ -0,0 +1,77 @@ +/* + * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api.resource; + +import org.traccar.api.BaseResource; +import java.util.Collection; +import javax.annotation.security.RolesAllowed; +import javax.ws.rs.Consumes; +import javax.ws.rs.DELETE; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import org.traccar.api.ApplicationRole; +import org.traccar.model.Device; + +@Path("devices") +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +public class DeviceResource extends BaseResource { + + @GET + @RolesAllowed(ApplicationRole.ADMIN) + @Override + public Collection getEntities() { + return super.getEntities(); + } + + @GET + @Path("{id}") + @RolesAllowed({ApplicationRole.ADMIN, ApplicationRole.USER}) + @Override + public Device getEntity(@PathParam("id") Long id) { + return super.getEntity(id); + } + + @POST + @RolesAllowed({ApplicationRole.ADMIN, ApplicationRole.USER}) + @Override + public Response postEntity(Device entity) { + return super.postEntity(entity); + } + + @PUT + @Path("{id}") + @RolesAllowed({ApplicationRole.ADMIN, ApplicationRole.USER}) + @Override + public Response putEntity(@PathParam("id") Long id, Device entity) { + return super.putEntity(id, entity); + } + + @DELETE + @Path("{id}") + @RolesAllowed({ApplicationRole.ADMIN, ApplicationRole.USER}) + @Override + public Response deleteEntity(@PathParam("id") Long id) { + return super.deleteEntity(id); + } + +} diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java new file mode 100644 index 000000000..da615e052 --- /dev/null +++ b/src/org/traccar/api/resource/UserResource.java @@ -0,0 +1,77 @@ +/* + * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api.resource; + +import java.util.Collection; +import javax.annotation.security.RolesAllowed; +import javax.ws.rs.Consumes; +import javax.ws.rs.DELETE; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import org.traccar.api.ApplicationRole; +import org.traccar.api.BaseResource; +import org.traccar.model.User; + +@Path("users") +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +public class UserResource extends BaseResource { + + @GET + @RolesAllowed(ApplicationRole.ADMIN) + @Override + public Collection getEntities() { + return super.getEntities(); + } + + @GET + @Path("{id}") + @RolesAllowed({ApplicationRole.ADMIN, ApplicationRole.USER}) + @Override + public User getEntity(@PathParam("id") Long id) { + return super.getEntity(id); + } + + @POST + @RolesAllowed({ApplicationRole.ADMIN, ApplicationRole.USER}) + @Override + public Response postEntity(User entity) { + return super.postEntity(entity); + } + + @PUT + @Path("{id}") + @RolesAllowed({ApplicationRole.ADMIN, ApplicationRole.USER}) + @Override + public Response putEntity(@PathParam("id") Long id, User entity) { + return super.putEntity(id, entity); + } + + @DELETE + @Path("{id}") + @RolesAllowed({ApplicationRole.ADMIN, ApplicationRole.USER}) + @Override + public Response deleteEntity(@PathParam("id") Long id) { + return super.deleteEntity(id); + } + +} -- cgit v1.2.3