-
-
Notifications
You must be signed in to change notification settings - Fork 0
authentication
The simpleREST has is own User to Authenticate, just to take the pain away from you. But you have to extend it and do the Authentication.
Lets build a User Object with a DB User authentication.
public class RestUser extends BasicUser implements BasicAuthUser,JwtAuthUser{
private DBUser dbuser;
// Authentication Basic (Username, Password)
@Override
public void setAuth(Request request,String name, String password) {
dbuser=Database.getInstance().getUserDao().login(name, password);
setAuthenticated(dbuser!=null);
}
// Authentication via JWT
@Override
public void setJwtAuth(Request request,String Id, String issuer, String Subject) {
dbuser=Database.getInstance().getUserDao().queryForId(Integer.parseInt(Id));
setAuthenticated(dbuser!=null);
}
}Not all two versions are needed. Just decide by yourselve what you need. You can extends the User Object with many needed functions because you will get this RestUser Object in the endpoint call.
Now we need to tell simpleREST to use this User Class:
RestSecurity.setUserClass(RestUser.class);Done!
How to tell if a Path or Endpoint is Protected?
Just add a new AuthRestPath or make a RestEndpoint implements AuthenticatedRestEndpoint. Done!
Otherways you can override the 'checkPath' function in the RestPath and check for yourselve.
Now get the Authenticated User in the Endpoint
RestUser restUser=(RestUser)conversion.getRequest().getUser();On Authenticaten send a JWT Back for further conversions
conversion.getResponse().setData(
RestSecurity.JWS_BUILD(""+restUser.getUser().getId(), restUser.getUser().getName(), "user", null)
);