ofbiz-rest-impl/src/main/java/org/apache/ofbiz/ws/rs/resources/AuthenticationResource.java - ofbiz-plugins - Git at Google

 /*******************************************************************************
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  *******************************************************************************/
 package org.apache.ofbiz.ws.rs.resources;

 import java.util.Map;

 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.HeaderParam;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.ext.Provider;

 import org.apache.ofbiz.base.util.UtilMisc;
 import org.apache.ofbiz.entity.GenericValue;
 import org.apache.ofbiz.entity.util.EntityUtilProperties;
 import org.apache.ofbiz.webapp.control.JWTManager;
 import org.apache.ofbiz.ws.rs.security.AuthToken;
 import org.apache.ofbiz.ws.rs.util.RestApiUtil;

 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.enums.ParameterIn;
 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;


 @Path("/auth")
 @Provider
 @Tag(name = "Authentication Token Generating Resource", description = "Intended to provide generation of authentication tokens.")
 public class AuthenticationResource extends OFBizResource {

     @Context
     private HttpServletRequest httpRequest;

     @Context
     private HttpServletResponse httpResponse;

     /**
      */
     @POST
     @Produces(MediaType.APPLICATION_JSON)
     @Path("/token")
     @AuthToken
     @Operation(security = @SecurityRequirement(name = "basicAuth"),
             operationId = "getAuthToken", description = "Generates JWT token for subsequent API calles.")
     public Response getAuthToken(@Parameter(in = ParameterIn.HEADER, name = "Authorization",
             description = "Authorization header using Basic Authentication", example = HttpHeaders.AUTHORIZATION + ": Basic YWRtaW46b2ZiaXo=")
             @HeaderParam(HttpHeaders.AUTHORIZATION) String creds) {
         httpRequest.setAttribute("delegator", getDelegator());
         httpRequest.setAttribute("dispatcher", getDispatcher());
         GenericValue userLogin = (GenericValue) httpRequest.getAttribute("userLogin");
         //TODO : Move this into an OFBiz service. All such implementations should be inside an OFBiz service.
         String jwtToken = JWTManager.createJwt(getDelegator(), UtilMisc.toMap("userLoginId", userLogin.getString("userLoginId")));
         Map<String, Object> tokenPayload = UtilMisc.toMap("access_token", jwtToken, "expires_in",
                 EntityUtilProperties.getPropertyValue("security", "security.jwt.token.expireTime", "1800", getDelegator()), "token_type", "Bearer");
         return RestApiUtil.success("Token granted.", tokenPayload);
     }

 }
	/*******************************************************************************
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*******************************************************************************/
	package org.apache.ofbiz.ws.rs.resources;

	import java.util.Map;

	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;
	import javax.ws.rs.HeaderParam;
	import javax.ws.rs.POST;
	import javax.ws.rs.Path;
	import javax.ws.rs.Produces;
	import javax.ws.rs.core.Context;
	import javax.ws.rs.core.HttpHeaders;
	import javax.ws.rs.core.MediaType;
	import javax.ws.rs.core.Response;
	import javax.ws.rs.ext.Provider;

	import org.apache.ofbiz.base.util.UtilMisc;
	import org.apache.ofbiz.entity.GenericValue;
	import org.apache.ofbiz.entity.util.EntityUtilProperties;
	import org.apache.ofbiz.webapp.control.JWTManager;
	import org.apache.ofbiz.ws.rs.security.AuthToken;
	import org.apache.ofbiz.ws.rs.util.RestApiUtil;

	import io.swagger.v3.oas.annotations.Operation;
	import io.swagger.v3.oas.annotations.Parameter;
	import io.swagger.v3.oas.annotations.enums.ParameterIn;
	import io.swagger.v3.oas.annotations.security.SecurityRequirement;
	import io.swagger.v3.oas.annotations.tags.Tag;


	@Path("/auth")
	@Provider
	@Tag(name = "Authentication Token Generating Resource", description = "Intended to provide generation of authentication tokens.")
	public class AuthenticationResource extends OFBizResource {

	@Context
	private HttpServletRequest httpRequest;

	@Context
	private HttpServletResponse httpResponse;

	/**
	*/
	@POST
	@Produces(MediaType.APPLICATION_JSON)
	@Path("/token")
	@AuthToken
	@Operation(security = @SecurityRequirement(name = "basicAuth"),
	operationId = "getAuthToken", description = "Generates JWT token for subsequent API calles.")
	public Response getAuthToken(@Parameter(in = ParameterIn.HEADER, name = "Authorization",
	description = "Authorization header using Basic Authentication", example = HttpHeaders.AUTHORIZATION + ": Basic YWRtaW46b2ZiaXo=")
	@HeaderParam(HttpHeaders.AUTHORIZATION) String creds) {
	httpRequest.setAttribute("delegator", getDelegator());
	httpRequest.setAttribute("dispatcher", getDispatcher());
	GenericValue userLogin = (GenericValue) httpRequest.getAttribute("userLogin");
	//TODO : Move this into an OFBiz service. All such implementations should be inside an OFBiz service.
	String jwtToken = JWTManager.createJwt(getDelegator(), UtilMisc.toMap("userLoginId", userLogin.getString("userLoginId")));
	Map<String, Object> tokenPayload = UtilMisc.toMap("access_token", jwtToken, "expires_in",
	EntityUtilProperties.getPropertyValue("security", "security.jwt.token.expireTime", "1800", getDelegator()), "token_type", "Bearer");
	return RestApiUtil.success("Token granted.", tokenPayload);
	}

	}