Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- LoginController :
- //package controller;
- import java.security.Key;
- import java.util.Date;
- import java.util.concurrent.TimeUnit;
- import javax.crypto.spec.SecretKeySpec;
- import javax.ws.rs.Consumes;
- import javax.ws.rs.FormParam;
- import javax.ws.rs.POST;
- import javax.ws.rs.Path;
- import javax.ws.rs.Produces;
- import javax.ws.rs.core.MediaType;
- import javax.ws.rs.core.Response;
- import javax.ws.rs.core.Response.Status;
- import javax.xml.bind.DatatypeConverter;
- import org.hibernate.SessionFactory;
- import dao.UtilisateurDAO;
- import io.jsonwebtoken.JwtBuilder;
- import io.jsonwebtoken.Jwts;
- import model.Utilisateur;
- @Path("/login")
- public class LoginController {
- SessionFactory sessionFactory = SessionConfig.getSessionFactory();
- UtilisateurDAO uDAO = new UtilisateurDAO(sessionFactory);
- String key = "pyviJ5z14Lcvb0qG6jcnmA==";
- @POST
- @Produces(MediaType.APPLICATION_JSON)
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- public Response login(@FormParam("username") String username, @FormParam("password") String password)
- //throws JsonGenerationException, JsonMappingException, IOException {
- {
- if (username == null) {
- return Response.status(
- Status.PRECONDITION_FAILED.getStatusCode())
- .build();
- }
- if (password == null) {
- return Response.status(
- Status.PRECONDITION_FAILED.getStatusCode())
- .build();
- }
- Utilisateur user = uDAO.getUserAuthenticated(username,password);
- if (user == null) {
- return Response.status(Status.FORBIDDEN.getStatusCode())
- .build();
- }
- String token = createJWT(user.getId()+"","http://vm-11.iutrs.unistra.fr:8080/TrocTonSavoir/api/",user.getPseudo(),TimeUnit.DAYS.toMillis(365));
- return Response.status(200).entity(token).build();
- }
- private String createJWT(String id, String issuer, String subject, long ttlMillis) {
- //The JWT signature algorithm we will be using to sign the token
- io.jsonwebtoken.SignatureAlgorithm signatureAlgorithm = io.jsonwebtoken.SignatureAlgorithm.HS256;
- long nowMillis = System.currentTimeMillis();
- Date now = new Date(nowMillis);
- //We will sign our JWT with our ApiKey secret
- byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(key);
- Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
- //Let's set the JWT Claims
- JwtBuilder builder = Jwts.builder().setId(id)
- .setIssuedAt(now)
- .setSubject(subject)
- .setIssuer(issuer)
- .signWith(signatureAlgorithm, signingKey);
- //if it has been specified, let's add the expiration
- if (ttlMillis >= 0) {
- long expMillis = nowMillis + ttlMillis;
- Date exp = new Date(expMillis);
- builder.setExpiration(exp);
- }
- //Builds the JWT and serializes it to a compact, URL-safe string
- return builder.compact();
- }
- // @POST
- // @Path("/logout")
- // @Produces(MediaType.APPLICATION_JSON)
- // public Login logout(Login login){
- // login.setSuccess(false);
- // login.setUname("");
- // return login;
- // }
- }
- LoginFilter :
- import java.io.IOException;
- import java.util.Enumeration;
- import java.util.logging.Level;
- import java.util.logging.Logger;
- import javax.servlet.Filter;
- import javax.servlet.FilterChain;
- import javax.servlet.FilterConfig;
- import javax.servlet.ServletException;
- import javax.servlet.ServletRequest;
- import javax.servlet.ServletResponse;
- import javax.servlet.annotation.WebFilter;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- import javax.ws.rs.core.HttpHeaders;
- import javax.xml.bind.DatatypeConverter;
- import io.jsonwebtoken.Claims;
- import io.jsonwebtoken.Jwts;
- public class LoginFilter implements Filter {
- String key = "pyviJ5z14Lcvb0qG6jcnmA==";
- /**
- * Default constructor.
- */
- public LoginFilter() {
- // TODO Auto-generated constructor stub
- }
- /**
- * @see Filter#destroy()
- */
- public void destroy() {
- // TODO Auto-generated method stub
- }
- /**
- * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
- */
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
- // Get the HTTP Authorization header from the request
- // TODO Auto-generated method stub
- HttpServletRequest httpRequest = (HttpServletRequest) request;
- HttpServletResponse res = (HttpServletResponse) response;
- Logger LOGGER = Logger.getLogger( LoginFilter.class.getName() );
- String path = httpRequest.getRequestURI();
- // if (path.equals("/TrocTonSavoir/api/login")) {
- chain.doFilter(httpRequest, res);
- // }
- // else {
- // Enumeration<String> headerNames = httpRequest.getHeaderNames();
- // boolean error = false;
- // boolean trouve = false;
- // if (headerNames != null) {
- // while (headerNames.hasMoreElements() && !trouve) {
- // String headerName = headerNames.nextElement();
- // String header = httpRequest.getHeader(headerName);
- // if(headerName.equals("bearer")){
- // String token = httpRequest.getHeader(headerName);
- // Claims claims = null;
- // try{
- // //This line will throw an exception if it is not a signed JWS (as expected)
- // claims = Jwts.parser()
- // .setSigningKey(DatatypeConverter.parseBase64Binary(key))
- // .parseClaimsJws(token).getBody();
- // }
- // catch(Exception e){
- // error = true;
- // }
- // if(null != claims){
- // trouve = true;
- // }
- // }
- // }
- // if(error){
- // res.sendError(403,"Please login before going anywhere else!");
- // }
- // else if(trouve){
- // chain.doFilter(httpRequest, res);
- // }
- // else{
- // res.sendError(403,"Please login before going anywhere else!");
- // }
- // }
- // else{
- // res.sendError(403,"Please login before going anywhere else!");
- // }
- // }
- }
- /**
- * @see Filter#init(FilterConfig)
- */
- public void init(FilterConfig fConfig) throws ServletException {
- // TODO Auto-generated method stub
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement