From 876a09bc85446758f175e57f6bb8b324ccc585f6 Mon Sep 17 00:00:00 2001 From: Nathan Cannon Date: Fri, 21 Sep 2018 12:51:13 +0100 Subject: [PATCH] Added basic authentication for some resources. --- backend/configuration.yml | 4 +++- .../Observations/ObservationsApplication.java | 12 ++++++++++ .../ObservationsConfiguration.java | 10 ++++++++ .../auth/SimpleAuthenticator.java | 23 +++++++++++++++++++ .../uk/co/neviyn/Observations/core/User.java | 16 +++++++++++++ .../Observations/resources/SiteResource.java | 4 +++- .../Observations/resources/TutorResource.java | 4 +++- 7 files changed, 70 insertions(+), 3 deletions(-) create mode 100644 backend/src/main/java/uk/co/neviyn/Observations/auth/SimpleAuthenticator.java create mode 100644 backend/src/main/java/uk/co/neviyn/Observations/core/User.java diff --git a/backend/configuration.yml b/backend/configuration.yml index 88f044a..95f962e 100644 --- a/backend/configuration.yml +++ b/backend/configuration.yml @@ -11,4 +11,6 @@ database: hibernate.hbm2ddl.auto: create server: - rootPath: /api/ \ No newline at end of file + rootPath: /api/ + +adminPassword: "testPassword" \ No newline at end of file diff --git a/backend/src/main/java/uk/co/neviyn/Observations/ObservationsApplication.java b/backend/src/main/java/uk/co/neviyn/Observations/ObservationsApplication.java index f0dd893..e095006 100644 --- a/backend/src/main/java/uk/co/neviyn/Observations/ObservationsApplication.java +++ b/backend/src/main/java/uk/co/neviyn/Observations/ObservationsApplication.java @@ -2,14 +2,19 @@ package uk.co.neviyn.Observations; import io.dropwizard.Application; import io.dropwizard.assets.AssetsBundle; +import io.dropwizard.auth.AuthDynamicFeature; +import io.dropwizard.auth.AuthValueFactoryProvider; +import io.dropwizard.auth.basic.BasicCredentialAuthFilter; import io.dropwizard.db.DataSourceFactory; import io.dropwizard.hibernate.HibernateBundle; import io.dropwizard.jersey.setup.JerseyEnvironment; import io.dropwizard.setup.Bootstrap; import io.dropwizard.setup.Environment; +import uk.co.neviyn.Observations.auth.SimpleAuthenticator; import uk.co.neviyn.Observations.core.Observation; import uk.co.neviyn.Observations.core.Site; import uk.co.neviyn.Observations.core.Tutor; +import uk.co.neviyn.Observations.core.User; import uk.co.neviyn.Observations.dao.ObservationDao; import uk.co.neviyn.Observations.dao.SiteDao; import uk.co.neviyn.Observations.dao.TutorDao; @@ -45,6 +50,13 @@ public class ObservationsApplication extends Application() + .setAuthenticator(new SimpleAuthenticator(observationsConfiguration.getAdminPassword())) + .setRealm("SECURITY") + .buildAuthFilter() + )); + jersey.register(new AuthValueFactoryProvider.Binder<>(User.class)); TutorDao tutorDao = new TutorDao(hibernate.getSessionFactory()); SiteDao siteDao = new SiteDao(hibernate.getSessionFactory()); ObservationDao observationDao = new ObservationDao(hibernate.getSessionFactory()); diff --git a/backend/src/main/java/uk/co/neviyn/Observations/ObservationsConfiguration.java b/backend/src/main/java/uk/co/neviyn/Observations/ObservationsConfiguration.java index 28783bf..60d11df 100644 --- a/backend/src/main/java/uk/co/neviyn/Observations/ObservationsConfiguration.java +++ b/backend/src/main/java/uk/co/neviyn/Observations/ObservationsConfiguration.java @@ -3,6 +3,7 @@ package uk.co.neviyn.Observations; import com.fasterxml.jackson.annotation.JsonProperty; import io.dropwizard.Configuration; import io.dropwizard.db.DataSourceFactory; + import javax.validation.Valid; import javax.validation.constraints.NotNull; @@ -11,6 +12,10 @@ public class ObservationsConfiguration extends Configuration { @NotNull private DataSourceFactory database = new DataSourceFactory(); + @Valid + @NotNull + private String adminPassword; + @JsonProperty("database") public void setDataSourceFactory(DataSourceFactory factory) { this.database = factory; @@ -21,4 +26,9 @@ public class ObservationsConfiguration extends Configuration { return database; } + @JsonProperty("adminPassword") + public String getAdminPassword() { + return adminPassword; + } + } diff --git a/backend/src/main/java/uk/co/neviyn/Observations/auth/SimpleAuthenticator.java b/backend/src/main/java/uk/co/neviyn/Observations/auth/SimpleAuthenticator.java new file mode 100644 index 0000000..2157cd5 --- /dev/null +++ b/backend/src/main/java/uk/co/neviyn/Observations/auth/SimpleAuthenticator.java @@ -0,0 +1,23 @@ +package uk.co.neviyn.Observations.auth; + +import io.dropwizard.auth.AuthenticationException; +import io.dropwizard.auth.Authenticator; +import io.dropwizard.auth.basic.BasicCredentials; +import lombok.AllArgsConstructor; +import uk.co.neviyn.Observations.core.User; + +import java.util.Optional; + +@AllArgsConstructor +public class SimpleAuthenticator implements Authenticator { + + private final String adminPassword; + + @Override + public Optional authenticate(BasicCredentials credentials) throws AuthenticationException { + if (adminPassword.equals(credentials.getPassword())) { + return Optional.of(new User(credentials.getUsername())); + } + return Optional.empty(); + } +} \ No newline at end of file diff --git a/backend/src/main/java/uk/co/neviyn/Observations/core/User.java b/backend/src/main/java/uk/co/neviyn/Observations/core/User.java new file mode 100644 index 0000000..8e9fd5d --- /dev/null +++ b/backend/src/main/java/uk/co/neviyn/Observations/core/User.java @@ -0,0 +1,16 @@ +package uk.co.neviyn.Observations.core; + +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.NoArgsConstructor; + +import java.security.Principal; + +@Data +@AllArgsConstructor +@NoArgsConstructor +public class User implements Principal { + + private String name; + +} diff --git a/backend/src/main/java/uk/co/neviyn/Observations/resources/SiteResource.java b/backend/src/main/java/uk/co/neviyn/Observations/resources/SiteResource.java index 61da092..5495fa2 100644 --- a/backend/src/main/java/uk/co/neviyn/Observations/resources/SiteResource.java +++ b/backend/src/main/java/uk/co/neviyn/Observations/resources/SiteResource.java @@ -1,10 +1,12 @@ package uk.co.neviyn.Observations.resources; +import io.dropwizard.auth.Auth; import io.dropwizard.hibernate.UnitOfWork; import lombok.RequiredArgsConstructor; import uk.co.neviyn.Observations.api.SelectOption; import uk.co.neviyn.Observations.core.Site; import uk.co.neviyn.Observations.core.Tutor; +import uk.co.neviyn.Observations.core.User; import uk.co.neviyn.Observations.dao.SiteDao; import javax.ws.rs.*; @@ -22,7 +24,7 @@ public class SiteResource { @POST @UnitOfWork - public Site add(String name) { + public Site add(@Auth User user, String name) { return dao.persist(new Site(name)); } diff --git a/backend/src/main/java/uk/co/neviyn/Observations/resources/TutorResource.java b/backend/src/main/java/uk/co/neviyn/Observations/resources/TutorResource.java index 6f051f4..05bdb16 100644 --- a/backend/src/main/java/uk/co/neviyn/Observations/resources/TutorResource.java +++ b/backend/src/main/java/uk/co/neviyn/Observations/resources/TutorResource.java @@ -1,11 +1,13 @@ package uk.co.neviyn.Observations.resources; import com.fasterxml.jackson.annotation.JsonProperty; +import io.dropwizard.auth.Auth; import io.dropwizard.hibernate.UnitOfWork; import lombok.AllArgsConstructor; import lombok.RequiredArgsConstructor; import uk.co.neviyn.Observations.core.Site; import uk.co.neviyn.Observations.core.Tutor; +import uk.co.neviyn.Observations.core.User; import uk.co.neviyn.Observations.dao.SiteDao; import uk.co.neviyn.Observations.dao.TutorDao; @@ -24,7 +26,7 @@ public class TutorResource { @POST @UnitOfWork - public Tutor add(NewTutor newTutor) { + public Tutor add(@Auth User user, NewTutor newTutor) { final Site site = siteDao.get(newTutor.siteId); final Tutor tutor = Tutor.builder().name(newTutor.name).site(site).build(); return dao.persist(tutor);