XpNq2uCV

· 9 years ago · Sep 30, 2016, 08:06 AM
1package rs.ac.uns.ftn.eo.tim5.security;
2
3import java.util.Date;
4import javax.servlet.ServletException;
5
6import org.springframework.beans.factory.annotation.Autowired;
7import org.springframework.http.HttpStatus;
8import org.springframework.http.ResponseEntity;
9import org.springframework.web.bind.annotation.RequestBody;
10import org.springframework.web.bind.annotation.RequestHeader;
11import org.springframework.web.bind.annotation.RequestMapping;
12import org.springframework.web.bind.annotation.RequestMethod;
13import org.springframework.web.bind.annotation.RestController;
14
15
16import io.jsonwebtoken.Claims;
17import io.jsonwebtoken.Jwts;
18import io.jsonwebtoken.SignatureAlgorithm;
19import rs.ac.uns.ftn.eo.tim5.model.Lecturer;
20import rs.ac.uns.ftn.eo.tim5.model.Student;
21import rs.ac.uns.ftn.eo.tim5.model.User;
22import rs.ac.uns.ftn.eo.tim5.service.LecturerService;
23import rs.ac.uns.ftn.eo.tim5.service.StudentService;
24import rs.ac.uns.ftn.eo.tim5.service.UserService;
25import rs.ac.uns.ftn.eo.tim5.web.dto.UserDTO;
26
27@RestController
28public class LoginController {
29
30	
31	@Autowired
32	private UserService userService;
33	
34	@Autowired
35	private LecturerService lecturerService;
36	
37	@Autowired
38	private StudentService studentService;
39	
40	@RequestMapping(value = "/login", method = RequestMethod.POST)
41	public ResponseEntity<LoginResponse> login(@RequestBody User userRequest) throws ServletException {
42
43		/*
44		 * metoda za logovanje
45		 * proveravam usera
46		 * ako ne postoji vracam na server poruku
47		 * ako postoji kreiram token i u njega stavljam role i username
48		 * vracam token
49		 * secretkey sluzi za sifrovanje tokena
50		 */
51		
52		User user = userService.findByUsernameAndPasswordAndActive(userRequest.getUserName(), userRequest.getPassword(),true);
53		if (userRequest.getUserName() == null || user == null) {
54			return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
55			/*throw new ServletException("Invalid login");*/
56		}
57		 String role=null;
58		 Integer id = null;
59		if(user.getStudent()!=null){
60			role="student";
61			id = user.getStudent().getId();
62		}else if(user.getLecturer()!=null){
63			role="lecturer";
64			id = user.getLecturer().getId();
65		}else{
66		//za testiranje
67			id=user.getId();
68			role="admin";
69		}
70		/*return new LoginResponse(Jwts.builder().setSubject(user.getUserName()).claim("roles", role)
71				.setIssuedAt(new Date()).signWith(SignatureAlgorithm.HS256, "secretkey").compact());*/
72		return new ResponseEntity<>(new LoginResponse(Jwts.builder().setSubject(user.getUserName()+"."+id.toString()).claim("roles", role)
73				.setIssuedAt(new Date()).signWith(SignatureAlgorithm.HS256, "secretkey").compact()), HttpStatus.OK);
74	
75	}
76
77	@RequestMapping(value = "/role", method = RequestMethod.GET)
78	public ResponseEntity<UserDTO> users(@RequestHeader("Authorization") String authHeader) {
79		/*
80		 * nakon sto je user ulogovan pozivm metodu u javascriptu koja se opbraca ovoj metodi
81		 * ova metoda vraca role i na osnovu toga saljem usera na odredjenu stranu admina na admin.html ...
82		 */
83		
84
85		if (authHeader == null || !authHeader.startsWith("Bearer ")) {
86			return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
87		} else {
88			String token = authHeader.substring(7); // The part after "Bearer "
89			try{
90				final Claims claims = Jwts.parser().setSigningKey("secretkey").parseClaimsJws(token).getBody();
91				String role = (String) claims.get("roles");
92				String userInfoStr = (String) claims.get("sub");
93				String[]userInfo = userInfoStr.split("\\.");
94				Integer id = Integer.parseInt(userInfo[1]);
95				UserDTO userDto = new UserDTO();
96				//U zavisnosti koja je rola trazim podatke u razlicitim tabelama
97				if(role.equals("admin")){
98					User user = userService.findOne(id);
99					if(user == null){
100						return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
101					}
102					userDto.setFirstName(user.getFirstName());
103					userDto.setLastName(user.getLastName());
104				}else if(role.equals("lecturer")){
105					Lecturer l = lecturerService.findOne(id);
106					if(l == null){
107						return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
108					}
109					userDto.setFirstName(l.getFirstName());
110					userDto.setLastName(l.getLastName());
111				}else{
112					Student s = studentService.findOne(id);
113					if(s== null){
114						return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
115					}
116					userDto.setFirstName(s.getFirstName());
117					userDto.setLastName(s.getLastName());
118				}
119				userDto.setId(id);
120				userDto.setRole(role);
121				return new ResponseEntity<>(userDto, HttpStatus.OK);
122			}catch(Exception e){
123				return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
124			}
125		}
126
127	}
128
129	@SuppressWarnings("unused")
130	private static class LoginResponse {
131		public String token;
132
133		public LoginResponse(final String token) {
134			this.token = token;
135		}
136	}
137
138}