From ef1cbd56efdb654b60967c9fbc21e254c3ff1352 Mon Sep 17 00:00:00 2001 From: Gopi Katwala Date: Fri, 7 Jun 2019 21:31:04 -0400 Subject: [PATCH] Session login and logout fixes --- AstuteSystem/sql/astute.sql | 23 +++++---- .../src/main/java/com/astute/dao/DAO.java | 4 ++ .../src/main/java/com/astute/dao/SqlDAO.java | 46 ++++++++++++++++++ .../com/astute/resources/AuthResource.java | 7 +++ .../astute/resources/ChangeOrderResource.java | 10 ++-- .../resources/CustomerContactResource.java | 2 +- .../resources/InvoicePaymentResource.java | 14 ++++-- .../com/astute/resources/InvoiceResource.java | 47 ++++++++++++------- .../java/com/astute/resources/POResource.java | 36 +++++++++----- .../astute/resources/ServiceTypeResource.java | 14 +++--- .../java/com/astute/service/AuthService.java | 11 +++-- .../com/astute/service/CustomerService.java | 2 +- 12 files changed, 156 insertions(+), 60 deletions(-) diff --git a/AstuteSystem/sql/astute.sql b/AstuteSystem/sql/astute.sql index bd85c0b..02f6c85 100644 --- a/AstuteSystem/sql/astute.sql +++ b/AstuteSystem/sql/astute.sql @@ -12,12 +12,13 @@ /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; +-- Dumping structure for table astute.change_order -- Dumping database structure for astute DROP DATABASE IF EXISTS `astute`; CREATE DATABASE IF NOT EXISTS `astute` /*!40100 DEFAULT CHARACTER SET utf8 */; USE `astute`; +CREATE USER 'astute_user'@'localhost' IDENTIFIED BY 'password'; --- Dumping structure for table astute.change_order CREATE TABLE IF NOT EXISTS `change_order` ( `PO_num` varchar(20) NOT NULL, `change_order_num` int(20) NOT NULL, @@ -124,15 +125,15 @@ INSERT INTO `customer` (`customer_id`, `customer_name`, `bill_to_dept`, `add1`, /*!40000 ALTER TABLE `customer` ENABLE KEYS */; -- Dumping structure for table astute.customer_contact -CREATE TABLE IF NOT EXISTS `customer_contact` ( +CREATE TABLE `customer_contact` ( `customer_id` varchar(20) NOT NULL, `contact_id` int(11) NOT NULL, `name` varchar(100) NOT NULL, `title` varchar(50) NOT NULL, - `work_phone` int(10) DEFAULT NULL, + `work_phone` varchar(16) DEFAULT NULL, `work_phone_ext` int(10) DEFAULT NULL, - `mobile` int(10) DEFAULT NULL, - `fax` int(10) DEFAULT NULL, + `mobile` varchar(16) DEFAULT NULL, + `fax` varchar(16) DEFAULT NULL, `email` varchar(100) DEFAULT NULL, `address` varchar(500) DEFAULT NULL, PRIMARY KEY (`customer_id`,`contact_id`) @@ -141,8 +142,8 @@ CREATE TABLE IF NOT EXISTS `customer_contact` ( -- Dumping data for table astute.customer_contact: ~2 rows (approximately) /*!40000 ALTER TABLE `customer_contact` DISABLE KEYS */; INSERT INTO `customer_contact` (`customer_id`, `contact_id`, `name`, `title`, `work_phone`, `work_phone_ext`, `mobile`, `fax`, `email`, `address`) VALUES - ('MDOT', 1, 'John Shaw', 'Manager', 1231231233, 1233, 1232343455, 234123344, 'Test@Test.com', '123 Test Drive'), - ('MDOT', 2, 'John John', 'Manager', 1231231233, 1233, 1232343455, 234123344, 'Test@Test.com', '123 Test Drive'); + ('MDOT', 1, 'John Shaw', 'Manager', '1231231233', 1233, '1232343455', '234123344', 'Test@Test.com', '123 Test Drive'), + ('MDOT', 2, 'John John', 'Manager', '1231231233', 1233, '1232343455', '234123344', 'Test@Test.com', '123 Test Drive'); /*!40000 ALTER TABLE `customer_contact` ENABLE KEYS */; -- Dumping structure for function astute.delete_custmer @@ -613,11 +614,11 @@ INSERT INTO `service_type` (`service_type_id`, `desc`) VALUES /*!40000 ALTER TABLE `service_type` ENABLE KEYS */; -- Dumping structure for table astute.session -CREATE TABLE IF NOT EXISTS `session` ( +CREATE TABLE `session` ( `session_id` varchar(200) NOT NULL, `user_id` int(11) NOT NULL, - `session_start_date` date DEFAULT NULL, - `session_end_date` date DEFAULT NULL, + `session_start_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, + `session_end_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (`session_id`), KEY `fk_session_user_id` (`user_id`), CONSTRAINT `fk_session_user_id` FOREIGN KEY (`user_id`) REFERENCES `user` (`user_id`) @@ -760,3 +761,5 @@ INSERT INTO `user` (`user_id`, `username`, `password`, `first_name`, `middle_nam /*!40101 SET SQL_MODE=IFNULL(@OLD_SQL_MODE, '') */; /*!40014 SET FOREIGN_KEY_CHECKS=IF(@OLD_FOREIGN_KEY_CHECKS IS NULL, 1, @OLD_FOREIGN_KEY_CHECKS) */; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; + +GRANT ALL PRIVILEGES ON *.* TO 'astute_user'@'localhost' IDENTIFIED BY 'password'; diff --git a/AstuteSystem/src/main/java/com/astute/dao/DAO.java b/AstuteSystem/src/main/java/com/astute/dao/DAO.java index 45f270c..afbf5b3 100644 --- a/AstuteSystem/src/main/java/com/astute/dao/DAO.java +++ b/AstuteSystem/src/main/java/com/astute/dao/DAO.java @@ -165,6 +165,8 @@ public abstract class DAO { public abstract ResultSet executeQuery(String sessionId, String sql) throws AstuteException ; + public abstract Integer authenticateSession(String sessionId) throws AstuteException; + public abstract User getUser(String username) throws AstuteException ; public abstract void createSession(int userId, String sessionId) throws AstuteException; @@ -175,6 +177,8 @@ public abstract class DAO { public abstract User login(String username, String password) throws AstuteException; + public abstract void logout(String sessionId) throws AstuteException; + public abstract List getChangeOrders(String poNum) throws AstuteException; public abstract void updateChangeOrder(String poNum, int changeOrderNum, double changeOrderAmt, Date changeOrderDate, String description) throws AstuteException; diff --git a/AstuteSystem/src/main/java/com/astute/dao/SqlDAO.java b/AstuteSystem/src/main/java/com/astute/dao/SqlDAO.java index 53f8124..2cd27b2 100644 --- a/AstuteSystem/src/main/java/com/astute/dao/SqlDAO.java +++ b/AstuteSystem/src/main/java/com/astute/dao/SqlDAO.java @@ -16,6 +16,7 @@ import java.util.List; import java.util.UUID; import java.text.SimpleDateFormat; +import static com.astute.exceptions.AstuteException.AUTH_ERROR; import static com.astute.exceptions.AstuteException.DB_ERROR; public class SqlDAO extends DAO { @@ -977,6 +978,39 @@ public class SqlDAO extends DAO { } } + public Integer authenticateSession(String sessionId) throws AstuteException { + String sql = "select user_id, TIME_TO_SEC(CURRENT_TIMESTAMP()) - TIME_TO_SEC(session_end_date) from session where session_id='" + sessionId + "'"; + System.out.println(sql); + int userId; + + try { + Statement stmt = conn.createStatement(); + ResultSet resultSet = stmt.executeQuery(sql); + Integer timeLapse; + java.util.Date utilDate = new java.util.Date(); + java.sql.Timestamp currentTime = new java.sql.Timestamp(utilDate.getTime()); + if (resultSet.next()) { + userId = resultSet.getInt(1); + timeLapse = resultSet.getInt(2); + if (timeLapse > 1200) { + logout(sessionId); + throw new AstuteException(AUTH_ERROR, "Session expred. Please login again!"); + } + } else { + return null; + } + sql = "update session set session_end_date = current_timestamp() where session_id='" + sessionId + "'"; + stmt = conn.createStatement(); + stmt.executeUpdate(sql); + + return userId; + } catch (SQLException e) { + e.printStackTrace(); + throw new AstuteException(DB_ERROR, e.getMessage()); + } + } + + public User getUser(String username) throws AstuteException { String sql = "select user_id, username, password, CONCAT(first_name, ' ', last_name) as name from user where username='" + username + "'"; @@ -1227,6 +1261,18 @@ public class SqlDAO extends DAO { } } + public void logout(String sessionId) throws AstuteException{ + try { + Statement stmt = conn.createStatement(); + String sql = "DELETE FROM SESSION WHERE SESSION_ID = '" + sessionId + "'"; + stmt.executeUpdate(sql); + + } catch (SQLException e) { + e.printStackTrace(); + throw new AstuteException(DB_ERROR,e.getMessage()); + } + } + private String generatePasswordHash(String password) throws InvalidKeySpecException, NoSuchAlgorithmException { int iterations = 100; char[] chars = password.toCharArray(); diff --git a/AstuteSystem/src/main/java/com/astute/resources/AuthResource.java b/AstuteSystem/src/main/java/com/astute/resources/AuthResource.java index 83d9604..61880db 100644 --- a/AstuteSystem/src/main/java/com/astute/resources/AuthResource.java +++ b/AstuteSystem/src/main/java/com/astute/resources/AuthResource.java @@ -6,6 +6,7 @@ import com.astute.requests.LoginRequest; import com.astute.response.ApiResponse; import com.astute.service.AuthService; +import javax.ws.rs.*; import javax.ws.rs.Consumes; import javax.ws.rs.POST; import javax.ws.rs.Path; @@ -33,4 +34,10 @@ public class AuthResource { return new ApiResponse(ApiResponse.ACCESS_DENIED).toResponse(); } } + @Path("/logout") + @POST + public Response logout(@QueryParam("sessionId") String sessionId) throws AstuteException { + service.logout(sessionId); + return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); + } } \ No newline at end of file diff --git a/AstuteSystem/src/main/java/com/astute/resources/ChangeOrderResource.java b/AstuteSystem/src/main/java/com/astute/resources/ChangeOrderResource.java index c480a1b..5f8b85a 100644 --- a/AstuteSystem/src/main/java/com/astute/resources/ChangeOrderResource.java +++ b/AstuteSystem/src/main/java/com/astute/resources/ChangeOrderResource.java @@ -24,23 +24,25 @@ public class ChangeOrderResource { } @GET - public Response getChangeOrders(@QueryParam("poNum") String poNum, @QueryParam("sessionId") String sessionId) + public Response getChangeOrders(@QueryParam("sessionId") String sessionId, @QueryParam("poNum") String poNum) throws AstuteException { - authService.getUser(sessionId); + authService.authenticateSession(sessionId); return new ApiResponse(service.getChangeOrders(poNum)).toResponse(); } @Path("/{PONum}/{changeOrderNum}") @PUT - public Response updateChangeOrder(ChangeOrderRequest request, @PathParam("PONum") String PONum, @PathParam("changeOrderNum") int changeOrderNum) + public Response updateChangeOrder(@QueryParam("sessionId") String sessionId, ChangeOrderRequest request, @PathParam("PONum") String PONum, @PathParam("changeOrderNum") int changeOrderNum) throws AstuteException { + authService.authenticateSession(sessionId); service.updateChangeOrder(PONum,changeOrderNum, request.getChangeOrderAmt(), request.getChangeOrderDate(), request.getDescription()); return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); } @POST - public Response createChangeOrder(ChangeOrderRequest request) + public Response createChangeOrder(@QueryParam("sessionId") String sessionId, ChangeOrderRequest request) throws AstuteException { + authService.authenticateSession(sessionId); return new ApiResponse(service.createChangeOrder(request.getPoNum(), request.getChangeOrderNum(), request.getChangeOrderAmt(), request.getChangeOrderDate(), request.getDescription())).toResponse(); } diff --git a/AstuteSystem/src/main/java/com/astute/resources/CustomerContactResource.java b/AstuteSystem/src/main/java/com/astute/resources/CustomerContactResource.java index 79faca4..ab63219 100644 --- a/AstuteSystem/src/main/java/com/astute/resources/CustomerContactResource.java +++ b/AstuteSystem/src/main/java/com/astute/resources/CustomerContactResource.java @@ -32,7 +32,7 @@ public class CustomerContactResource { return new ApiResponse(service.getCustomerContacts(customerId)).toResponse(); } - @Path("/{customerId}/{contactId}") + @Path("/{customerId}") @PUT public Response updateCustomerContact(@PathParam("customerId") String customerId, CustomerContactRequest request) throws AstuteException { diff --git a/AstuteSystem/src/main/java/com/astute/resources/InvoicePaymentResource.java b/AstuteSystem/src/main/java/com/astute/resources/InvoicePaymentResource.java index 4373ae1..73887c4 100644 --- a/AstuteSystem/src/main/java/com/astute/resources/InvoicePaymentResource.java +++ b/AstuteSystem/src/main/java/com/astute/resources/InvoicePaymentResource.java @@ -3,6 +3,7 @@ package com.astute.resources; import com.astute.exceptions.AstuteException; import com.astute.requests.InvoicePaymentRequest; import com.astute.response.ApiResponse; +import com.astute.service.AuthService; import com.astute.service.InvoicePaymentService; import javax.ws.rs.*; @@ -18,21 +19,24 @@ import java.text.SimpleDateFormat; public class InvoicePaymentResource { private com.astute.service.InvoicePaymentService service = new InvoicePaymentService(); + private com.astute.service.AuthService authService = new AuthService(); public InvoicePaymentResource() { } @GET - public Response getInvoicePayments(@QueryParam("invoiceNum") String invoiceNum) + public Response getInvoicePayments(@QueryParam("sessionId") String sessionId, @QueryParam("invoiceNum") String invoiceNum) throws AstuteException { + authService.authenticateSession(sessionId); return new ApiResponse(service.getInvoicePayments(invoiceNum)).toResponse(); } @Path("/{invoiceNum}/{invoicePaymentId}") @PUT - public Response updateInvoicePayment(InvoicePaymentRequest request, @PathParam("invoiceNum") String invoiceNum, @PathParam("invoicePaymentId") int invoicePaymentId, @PathParam("checkTransactionNo")String checkTransactionNo) + public Response updateInvoicePayment(@QueryParam("sessionId") String sessionId, InvoicePaymentRequest request, @PathParam("invoiceNum") String invoiceNum, @PathParam("invoicePaymentId") int invoicePaymentId, @PathParam("checkTransactionNo")String checkTransactionNo) throws AstuteException, ParseException { + authService.authenticateSession(sessionId); String dateStr = request.getPaymentDate(); SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd"); Date date = new java.sql.Date(df.parse(dateStr).getTime()); @@ -41,8 +45,9 @@ public class InvoicePaymentResource { } @POST - public Response createInvoicePayment(InvoicePaymentRequest request) + public Response createInvoicePayment(@QueryParam("sessionId") String sessionId, InvoicePaymentRequest request) throws AstuteException, ParseException { + authService.authenticateSession(sessionId); String dateStr = request.getPaymentDate(); SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd"); Date date = new java.sql.Date(df.parse(dateStr).getTime()); @@ -52,7 +57,8 @@ public class InvoicePaymentResource { @GET @Path("/paymentTypes") - public Response getInvoicePaymentTypes() throws AstuteException { + public Response getInvoicePaymentTypes(@QueryParam("sessionId") String sessionId) throws AstuteException { + authService.authenticateSession(sessionId); return new ApiResponse(service.getPaymentTypes()).toResponse(); } diff --git a/AstuteSystem/src/main/java/com/astute/resources/InvoiceResource.java b/AstuteSystem/src/main/java/com/astute/resources/InvoiceResource.java index a92de46..97066ee 100644 --- a/AstuteSystem/src/main/java/com/astute/resources/InvoiceResource.java +++ b/AstuteSystem/src/main/java/com/astute/resources/InvoiceResource.java @@ -5,6 +5,7 @@ import com.astute.exceptions.DatabaseException; import com.astute.requests.InvoiceDetailRequest; import com.astute.requests.InvoiceMasterRequest; import com.astute.response.ApiResponse; +import com.astute.service.AuthService; import com.astute.service.InvoiceService; import javax.ws.rs.*; @@ -21,36 +22,39 @@ import java.text.SimpleDateFormat; public class InvoiceResource { private com.astute.service.InvoiceService service = new InvoiceService(); + private com.astute.service.AuthService authService = new AuthService(); public InvoiceResource() { } @GET - public Response getInvoiceMaster(@QueryParam("invoiceNumber") String invoiceNumber, @QueryParam("pmtStatus") int pmtStatus) + public Response getInvoiceMaster(@QueryParam("sessionId") String sessionId, @QueryParam("invoiceNumber") String invoiceNumber, @QueryParam("pmtStatus") int pmtStatus) throws AstuteException { + authService.authenticateSession(sessionId); return new ApiResponse(service.getInvoiceMaster(invoiceNumber, pmtStatus)).toResponse(); } @Path("/paymentStatuses") @GET - public Response getPaymentStatuses() throws AstuteException { - + public Response getPaymentStatuses(@QueryParam("sessionId") String sessionId) throws AstuteException { + authService.authenticateSession(sessionId); return new ApiResponse(service.getPaymentStatuses()).toResponse(); } @Path("/detail") @GET - public Response getInvoiceDetail(@QueryParam("invoiceNumber") String invoiceNumber, @QueryParam("lineItemNo") int lineItemNo) + public Response getInvoiceDetail(@QueryParam("sessionId") String sessionId, @QueryParam("invoiceNumber") String invoiceNumber, @QueryParam("lineItemNo") int lineItemNo) throws AstuteException { - + authService.authenticateSession(sessionId); return new ApiResponse(service.getInvoiceDetail(invoiceNumber,lineItemNo)).toResponse(); } @Path("/{InvoiceNum}") @PUT - public Response updateInvoiceMaster(@PathParam("InvoiceNum") String InvoiceNum, InvoiceMasterRequest request) + public Response updateInvoiceMaster(@QueryParam("sessionId") String sessionId, @PathParam("InvoiceNum") String InvoiceNum, InvoiceMasterRequest request) throws AstuteException, ParseException { + authService.authenticateSession(sessionId); service.updateInvoiceMaster(InvoiceNum, request.getInvoiceDate(), request.getPoNum(), request.getPmtStatus(), request.getBillAmt(), request.getSpecialNotes(), request.getCertification(), request.getInvoiceStatus()); return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); @@ -58,33 +62,37 @@ public class InvoiceResource { @Path("/{InvoiceNum}/delete") @PUT - public Response deleteInvoice(@PathParam("InvoiceNum") String InvoiceNum) + public Response deleteInvoice(@QueryParam("sessionId") String sessionId, @PathParam("InvoiceNum") String InvoiceNum) throws AstuteException { + authService.authenticateSession(sessionId); service.deleteInvoice(InvoiceNum); return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); } @Path("/detail/{InvoiceNum}/{lineItemNum}") @PUT - public Response updateInvoiceDetail(@PathParam("InvoiceNum") String InvoiceNum, @PathParam("lineItemNum") int lineItemNum, InvoiceDetailRequest request) + public Response updateInvoiceDetail(@QueryParam("sessionId") String sessionId, @PathParam("InvoiceNum") String InvoiceNum, @PathParam("lineItemNum") int lineItemNum, InvoiceDetailRequest request) throws AstuteException { + authService.authenticateSession(sessionId); service.updateInvoiceDetail(InvoiceNum, lineItemNum, request.getPoLineItemNum(), request.getServiceTypeId(), request.getDesc(), request.getQty(), request.getFee(), request.getFeeTypeId()); return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); } @POST - public Response createInvoiceMaster(InvoiceMasterRequest request) + public Response createInvoiceMaster(@QueryParam("sessionId") String sessionId, InvoiceMasterRequest request) throws AstuteException, ParseException { + authService.authenticateSession(sessionId); service.createInvoiceMaster(request.getInvoiceNumber(), request.getInvoiceDate(), request.getPoNum(), request.getPmtStatus(), request.getBillAmt(), request.getSpecialNotes(), request.getCertification(), request.getInvoiceStatus()); return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); } @Path("/detail") @POST - public Response createInvoiceDetail(InvoiceDetailRequest request) + public Response createInvoiceDetail(@QueryParam("sessionId") String sessionId, InvoiceDetailRequest request) throws AstuteException { + authService.authenticateSession(sessionId); service.createInvoiceDetail(request.getInvoiceNum(), request.getLineItemNum(), request.getPoLineItemNum(), request.getServiceTypeId(), request.getDesc(), request.getQty(), request.getFee(), request.getFeeTypeId()); return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); @@ -92,41 +100,46 @@ public class InvoiceResource { @Path("/generatedInvoice/{InvoiceNum}") @GET - public Response getGeneratedInvoice(@PathParam("InvoiceNum") String InvoiceNum) throws AstuteException { - + public Response getGeneratedInvoice(@QueryParam("sessionId") String sessionId, @PathParam("InvoiceNum") String InvoiceNum) throws AstuteException { + authService.authenticateSession(sessionId); return new ApiResponse(service.getGeneratedInvoice(InvoiceNum)).toResponse(); } @Path("/generateInvoiceNumber/{PONum}") @GET - public Response generateInvoiceNumber(@PathParam("PONum") String PONum) throws AstuteException { + public Response generateInvoiceNumber(@QueryParam("sessionId") String sessionId, @PathParam("PONum") String PONum) throws AstuteException { + authService.authenticateSession(sessionId); return new ApiResponse(service.generateInvoiceNumber(PONum)).toResponse(); } @Path("/{InvoiceNumber}/submit") @PUT - public Response submitInvoice(@PathParam("InvoiceNumber") String InvoiceNumber) throws AstuteException { + public Response submitInvoice(@QueryParam("sessionId") String sessionId, @PathParam("InvoiceNumber") String InvoiceNumber) throws AstuteException { + authService.authenticateSession(sessionId); service.submitInvoice(InvoiceNumber); return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); } @Path("/{InvoiceNumber}/void") @PUT - public Response voidInvoice(@PathParam("InvoiceNumber") String InvoiceNumber) throws AstuteException { + public Response voidInvoice(@QueryParam("sessionId") String sessionId, @PathParam("InvoiceNumber") String InvoiceNumber) throws AstuteException { + authService.authenticateSession(sessionId); service.voidInvoice(InvoiceNumber); return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); } @Path("/{InvoiceNumber}/duplicate") @PUT - public Response duplicateInvoice(@PathParam("InvoiceNumber") String InvoiceNumber) throws AstuteException { + public Response duplicateInvoice(@QueryParam("sessionId") String sessionId, @PathParam("InvoiceNumber") String InvoiceNumber) throws AstuteException { + authService.authenticateSession(sessionId); return new ApiResponse(service.dupliateInvoice(InvoiceNumber)).toResponse(); } @Path("/submitted") @GET - public Response getSubmittedInvoiceNumbers() throws AstuteException { + public Response getSubmittedInvoiceNumbers(@QueryParam("sessionId") String sessionId) throws AstuteException { System.out.println("In getSubmittedInvoiceNumbers"); + authService.authenticateSession(sessionId); return new ApiResponse(service.getSubmittedInvoiceNumbers()).toResponse(); } diff --git a/AstuteSystem/src/main/java/com/astute/resources/POResource.java b/AstuteSystem/src/main/java/com/astute/resources/POResource.java index 614618e..dd6a2b9 100644 --- a/AstuteSystem/src/main/java/com/astute/resources/POResource.java +++ b/AstuteSystem/src/main/java/com/astute/resources/POResource.java @@ -4,6 +4,7 @@ import com.astute.exceptions.AstuteException; import com.astute.requests.PODetailRequest; import com.astute.requests.POMasterRequest; import com.astute.response.ApiResponse; +import com.astute.service.AuthService; import com.astute.service.POService; import javax.ws.rs.*; @@ -19,56 +20,62 @@ import java.text.SimpleDateFormat; public class POResource { private POService POService = new POService(); + private AuthService authService = new AuthService(); - public POResource() { - } + public POResource() { } @GET - public Response getPOMaster( - @QueryParam("PONum") String PONum, + public Response getPOMaster(@QueryParam("sessionId") String sessionId, + @QueryParam("PONum") String PONum, @QueryParam("ContractNum") String contractNum, @QueryParam("PODate") String PODate, String astuteProjectNumber) throws AstuteException, ParseException { - return new ApiResponse(POService.getPOMaster(PONum, contractNum, PODate, astuteProjectNumber)).toResponse(); + authService.authenticateSession(sessionId); + return new ApiResponse(POService.getPOMaster(PONum, contractNum, PODate, astuteProjectNumber)).toResponse(); } @Path("/detail") @GET - public Response getPODetail(@QueryParam("PONum") String PONum, @QueryParam("lineItemNo") int lineItemNo) + public Response getPODetail(@QueryParam("sessionId") String sessionId, @QueryParam("PONum") String PONum, @QueryParam("lineItemNo") int lineItemNo) throws AstuteException { + authService.authenticateSession(sessionId); return new ApiResponse(POService.getPODetail(PONum, lineItemNo)).toResponse(); } @Path("/{PONum}") @PUT - public Response updatePOMaster(@PathParam("PONum") String PONum, POMasterRequest request) + public Response updatePOMaster(@QueryParam("sessionId") String sessionId, @PathParam("PONum") String PONum, POMasterRequest request) throws AstuteException, ParseException { System.out.println("PODate in Resource is "+ request.getPODate()); + authService.authenticateSession(sessionId); POService.updatePOMaster(PONum, request.getContractNum(), request.getPODate(), request.getContractAmt(), request.getAstuteProjectNumber(), request.getTitle(), request.getNotes()); return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); } @Path("/detail/{PONum}/{lineItemNo}") @PUT - public Response updatePODetail(@PathParam("PONum") String PONum, @PathParam("lineItemNo") int lineItemNo, PODetailRequest request) + public Response updatePODetail(@QueryParam("sessionId") String sessionId, @PathParam("PONum") String PONum, @PathParam("lineItemNo") int lineItemNo, PODetailRequest request) throws AstuteException { + authService.authenticateSession(sessionId); POService.updatePODetail(PONum, lineItemNo, request.getServiceDesc(), request.getFeeTypeId(), request.getQty(), request.getFee(), request.getServiceTypeId(), request.getRemainingQuantity()); return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); } @POST - public Response createPOMaster(POMasterRequest request) + public Response createPOMaster(@QueryParam("sessionId") String sessionId, POMasterRequest request) throws AstuteException, ParseException { + authService.authenticateSession(sessionId); POService.createPOMaster(request.getPoNum(), request.getContractNum(), request.getPODate(), request.getContractAmt(), request.getCustomerId(), request.getAstuteProjectNumber(),request.getTitle(), request.getNotes()); return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); } @Path("/detail") @POST - public Response createPODetail(PODetailRequest request) + public Response createPODetail(@QueryParam("sessionId") String sessionId, PODetailRequest request) throws AstuteException { + authService.authenticateSession(sessionId); POService.createPODetail(request.getPoNum(), request.getLineItemNo(), request.getServiceDesc(), request.getFeeTypeId(), request.getQty(), request.getFee(), request.getServiceTypeId(), request.getRemainingQuantity()); return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); @@ -77,7 +84,8 @@ public class POResource { // Finalize @Path("/{PONum}/finalize") @PUT - public Response finalizePO(@PathParam("PONum") String PONum) throws AstuteException { + public Response finalizePO(@QueryParam("sessionId") String sessionId, @PathParam("PONum") String PONum) throws AstuteException { + authService.authenticateSession(sessionId); POService.finalizePO(PONum); return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); } @@ -85,7 +93,8 @@ public class POResource { // delete @Path("/{PONum}/delete") @PUT - public Response deletePO(@PathParam("PONum") String PONum) throws AstuteException { + public Response deletePO(@QueryParam("sessionId") String sessionId, @PathParam("PONum") String PONum) throws AstuteException { + authService.authenticateSession(sessionId); POService.deletePO(PONum); return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); } @@ -93,7 +102,8 @@ public class POResource { // Misc @Path("/serviceTypes") @GET - public Response getServiceTypes() throws AstuteException { + public Response getServiceTypes(@QueryParam("sessionId") String sessionId) throws AstuteException { + authService.authenticateSession(sessionId); return new ApiResponse(POService.getServiceTypes()).toResponse(); } diff --git a/AstuteSystem/src/main/java/com/astute/resources/ServiceTypeResource.java b/AstuteSystem/src/main/java/com/astute/resources/ServiceTypeResource.java index 20a96e1..976c88e 100644 --- a/AstuteSystem/src/main/java/com/astute/resources/ServiceTypeResource.java +++ b/AstuteSystem/src/main/java/com/astute/resources/ServiceTypeResource.java @@ -25,35 +25,37 @@ public class ServiceTypeResource { } @GET - public Response getServiceTypes() + public Response getServiceTypes(@QueryParam("sessionId") String sessionId) throws AstuteException { - // TODO , @QueryParam("sessionId") String sessionId -// authService.getUser(sessionId); + authService.authenticateSession(sessionId); return new ApiResponse(service.getServiceTypes()).toResponse(); } @Path("/{serviceTypeId}") @PUT - public Response updateServiceType(@PathParam("serviceTypeId") int serviceTypeId, @QueryParam("serviceTypeDesc") String serviceTypeDesc) + public Response updateServiceType(@QueryParam("sessionId") String sessionId, @PathParam("serviceTypeId") int serviceTypeId, @QueryParam("serviceTypeDesc") String serviceTypeDesc) throws AstuteException { System.out.println("in updateServiceType()"); + authService.authenticateSession(sessionId); service.updateServiceType(serviceTypeId, serviceTypeDesc); return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); } @Path("/delete/{serviceTypeId}") @PUT - public Response deleteServiceType(@PathParam("serviceTypeId") int serviceTypeId) + public Response deleteServiceType(@QueryParam("sessionId") String sessionId, @PathParam("serviceTypeId") int serviceTypeId) throws AstuteException { System.out.println("in deleteServiceType()"); + authService.authenticateSession(sessionId); service.deleteServiceType(serviceTypeId); return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); } @POST - public Response createServiceType(ServiceTypeRequest request) + public Response createServiceType(@QueryParam("sessionId") String sessionId, ServiceTypeRequest request) throws AstuteException { System.out.println("in AstuteSyste createServiceType()"); + authService.authenticateSession(sessionId); service.createServiceType(request.getServiceTypeDesc()); return new ApiResponse(ApiResponse.UPDATE_ACCESS_SUCESS).toResponse(); } diff --git a/AstuteSystem/src/main/java/com/astute/service/AuthService.java b/AstuteSystem/src/main/java/com/astute/service/AuthService.java index 4aa3e8c..56b62cc 100644 --- a/AstuteSystem/src/main/java/com/astute/service/AuthService.java +++ b/AstuteSystem/src/main/java/com/astute/service/AuthService.java @@ -19,12 +19,15 @@ public class AuthService extends Service{ return getDao().login(username,password); } - public String getUser(String sessionId) throws AstuteException { - User user = getDao().getUser(sessionId); - if (user == null) { + public Integer authenticateSession(String sessionId) throws AstuteException { + Integer userId = getDao().authenticateSession(sessionId); + if (userId == null) { throw new AstuteException(AUTH_ERROR, "Authentication Error. Please login first!"); } - return user.getUsername(); + return userId; } + public void logout(String sessionId) throws AstuteException { + getDao().logout(sessionId); + } } diff --git a/AstuteSystem/src/main/java/com/astute/service/CustomerService.java b/AstuteSystem/src/main/java/com/astute/service/CustomerService.java index fb07cf9..0a275a8 100644 --- a/AstuteSystem/src/main/java/com/astute/service/CustomerService.java +++ b/AstuteSystem/src/main/java/com/astute/service/CustomerService.java @@ -13,7 +13,7 @@ public class CustomerService extends Service{ super(); } - public List getCustomers(String sessionId, String customerId) + public List getCustomers(String customerId) throws AstuteException { return getDao().getCustomers(customerId);