Java tutorial
/* * Copyright 2014 TWO SIGMA OPEN SOURCE, LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.twosigma.beaker.core.rest; import com.google.inject.Inject; import com.twosigma.beaker.core.module.config.BeakerConfig; import java.io.IOException; import java.net.URI; import java.net.UnknownHostException; import javax.ws.rs.Path; import javax.ws.rs.POST; import javax.ws.rs.Produces; import javax.ws.rs.FormParam; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.NewCookie; import javax.ws.rs.core.Response; import org.apache.commons.codec.digest.DigestUtils; /** * Allow users to login by setting a cookie. */ @Path("login") public class LoginRest { private BeakerConfig config; @Inject private LoginRest(BeakerConfig bkConfig) { this.config = bkConfig; } /* As it stands there is no need to hash the password because it is never saved. But we are planning on adding an option to read the hash from a config file (github Issue #319), this code is really a start on the implementation of that. */ private String hash(String password) { return DigestUtils.sha512Hex(password + config.getPasswordSalt()); } @POST @Path("login") @Produces(MediaType.TEXT_HTML) public Response login(@FormParam("password") String password, @FormParam("origin") String origin) throws UnknownHostException { String cookie = config.getAuthCookie(); if (password != null && origin != null && hash(password).equals(config.getPasswordHash())) { return Response.seeOther(URI.create(origin + "/beaker/")) .cookie(new NewCookie("BeakerAuth", cookie, "/", null, null, NewCookie.DEFAULT_MAX_AGE, true)) .build(); } // bad password, try again return Response.seeOther(URI.create(origin + "/login/login.html")).build(); } }