Added basic authentication for some resources.

backend/configuration.yml

@@ -12,3 +12,5 @@ database:
 
 server:
   rootPath: /api/
+
+adminPassword: "testPassword"

backend/src/main/java/uk/co/neviyn/Observations/ObservationsApplication.java

@@ -2,14 +2,19 @@ package uk.co.neviyn.Observations;
 
 import io.dropwizard.Application;
 import io.dropwizard.assets.AssetsBundle;
+import io.dropwizard.auth.AuthDynamicFeature;
+import io.dropwizard.auth.AuthValueFactoryProvider;
+import io.dropwizard.auth.basic.BasicCredentialAuthFilter;
 import io.dropwizard.db.DataSourceFactory;
 import io.dropwizard.hibernate.HibernateBundle;
 import io.dropwizard.jersey.setup.JerseyEnvironment;
 import io.dropwizard.setup.Bootstrap;
 import io.dropwizard.setup.Environment;
+import uk.co.neviyn.Observations.auth.SimpleAuthenticator;
 import uk.co.neviyn.Observations.core.Observation;
 import uk.co.neviyn.Observations.core.Site;
 import uk.co.neviyn.Observations.core.Tutor;
+import uk.co.neviyn.Observations.core.User;
 import uk.co.neviyn.Observations.dao.ObservationDao;
 import uk.co.neviyn.Observations.dao.SiteDao;
 import uk.co.neviyn.Observations.dao.TutorDao;
@@ -45,6 +50,13 @@ public class ObservationsApplication extends Application<ObservationsConfigurati
   @Override
   public void run(ObservationsConfiguration observationsConfiguration, Environment environment) {
     final JerseyEnvironment jersey = environment.jersey();
+    jersey.register(new AuthDynamicFeature(
+        new BasicCredentialAuthFilter.Builder<User>()
+            .setAuthenticator(new SimpleAuthenticator(observationsConfiguration.getAdminPassword()))
+            .setRealm("SECURITY")
+            .buildAuthFilter()
+    ));
+    jersey.register(new AuthValueFactoryProvider.Binder<>(User.class));
     TutorDao tutorDao = new TutorDao(hibernate.getSessionFactory());
     SiteDao siteDao = new SiteDao(hibernate.getSessionFactory());
     ObservationDao observationDao = new ObservationDao(hibernate.getSessionFactory());

backend/src/main/java/uk/co/neviyn/Observations/ObservationsConfiguration.java

@@ -3,6 +3,7 @@ package uk.co.neviyn.Observations;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import io.dropwizard.Configuration;
 import io.dropwizard.db.DataSourceFactory;
+
 import javax.validation.Valid;
 import javax.validation.constraints.NotNull;
 
@@ -11,6 +12,10 @@ public class ObservationsConfiguration extends Configuration {
   @NotNull
   private DataSourceFactory database = new DataSourceFactory();
 
+  @Valid
+  @NotNull
+  private String adminPassword;
+
   @JsonProperty("database")
   public void setDataSourceFactory(DataSourceFactory factory) {
     this.database = factory;
@@ -21,4 +26,9 @@ public class ObservationsConfiguration extends Configuration {
     return database;
   }
 
+  @JsonProperty("adminPassword")
+  public String getAdminPassword() {
+    return adminPassword;
+  }
+
 }

backend/src/main/java/uk/co/neviyn/Observations/auth/SimpleAuthenticator.java

@@ -0,0 +1,23 @@
+package uk.co.neviyn.Observations.auth;
+
+import io.dropwizard.auth.AuthenticationException;
+import io.dropwizard.auth.Authenticator;
+import io.dropwizard.auth.basic.BasicCredentials;
+import lombok.AllArgsConstructor;
+import uk.co.neviyn.Observations.core.User;
+
+import java.util.Optional;
+
+@AllArgsConstructor
+public class SimpleAuthenticator implements Authenticator<BasicCredentials, User> {
+
+  private final String adminPassword;
+
+  @Override
+  public Optional<User> authenticate(BasicCredentials credentials) throws AuthenticationException {
+    if (adminPassword.equals(credentials.getPassword())) {
+      return Optional.of(new User(credentials.getUsername()));
+    }
+    return Optional.empty();
+  }
+}

backend/src/main/java/uk/co/neviyn/Observations/core/User.java

@@ -0,0 +1,16 @@
+package uk.co.neviyn.Observations.core;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.security.Principal;
+
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+public class User implements Principal {
+
+  private String name;
+
+}

backend/src/main/java/uk/co/neviyn/Observations/resources/SiteResource.java

@@ -1,10 +1,12 @@
 package uk.co.neviyn.Observations.resources;
 
+import io.dropwizard.auth.Auth;
 import io.dropwizard.hibernate.UnitOfWork;
 import lombok.RequiredArgsConstructor;
 import uk.co.neviyn.Observations.api.SelectOption;
 import uk.co.neviyn.Observations.core.Site;
 import uk.co.neviyn.Observations.core.Tutor;
+import uk.co.neviyn.Observations.core.User;
 import uk.co.neviyn.Observations.dao.SiteDao;
 
 import javax.ws.rs.*;
@@ -22,7 +24,7 @@ public class SiteResource {
 
   @POST
   @UnitOfWork
-  public Site add(String name) {
+  public Site add(@Auth User user, String name) {
     return dao.persist(new Site(name));
   }
 

backend/src/main/java/uk/co/neviyn/Observations/resources/TutorResource.java

@@ -1,11 +1,13 @@
 package uk.co.neviyn.Observations.resources;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
+import io.dropwizard.auth.Auth;
 import io.dropwizard.hibernate.UnitOfWork;
 import lombok.AllArgsConstructor;
 import lombok.RequiredArgsConstructor;
 import uk.co.neviyn.Observations.core.Site;
 import uk.co.neviyn.Observations.core.Tutor;
+import uk.co.neviyn.Observations.core.User;
 import uk.co.neviyn.Observations.dao.SiteDao;
 import uk.co.neviyn.Observations.dao.TutorDao;
 
@@ -24,7 +26,7 @@ public class TutorResource {
 
   @POST
   @UnitOfWork
-  public Tutor add(NewTutor newTutor) {
+  public Tutor add(@Auth User user, NewTutor newTutor) {
     final Site site = siteDao.get(newTutor.siteId);
     final Tutor tutor = Tutor.builder().name(newTutor.name).site(site).build();
     return dao.persist(tutor);