com.twosigma.beaker.core.rest.LoginRest.java Source code

Java tutorial

  1. HOME
  2. Java
  3. com.twosigma.beaker.core.rest.LoginRest.java

Introduction

Here is the source code for com.twosigma.beaker.core.rest.LoginRest.java

Source

/*
 *  Copyright 2014 TWO SIGMA OPEN SOURCE, LLC
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *         http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package com.twosigma.beaker.core.rest;

import com.google.inject.Inject;
import com.twosigma.beaker.core.module.config.BeakerConfig;
import java.io.IOException;
import java.net.URI;
import java.net.UnknownHostException;
import javax.ws.rs.Path;
import javax.ws.rs.POST;
import javax.ws.rs.Produces;
import javax.ws.rs.FormParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import org.apache.commons.codec.digest.DigestUtils;

/**
 * Allow users to login by setting a cookie.
 */
@Path("login")
public class LoginRest {

    private BeakerConfig config;

    @Inject
    private LoginRest(BeakerConfig bkConfig) {
        this.config = bkConfig;
    }

    /* As it stands there is no need to hash the password because it is
       never saved.  But we are planning on adding an option to read the
       hash from a config file (github Issue #319), this code is really
       a start on the implementation of that. */
    private String hash(String password) {
        return DigestUtils.sha512Hex(password + config.getPasswordSalt());
    }

    @POST
    @Path("login")
    @Produces(MediaType.TEXT_HTML)
    public Response login(@FormParam("password") String password, @FormParam("origin") String origin)
            throws UnknownHostException {
        String cookie = config.getAuthCookie();
        if (password != null && origin != null && hash(password).equals(config.getPasswordHash())) {
            return Response.seeOther(URI.create(origin + "/beaker/"))
                    .cookie(new NewCookie("BeakerAuth", cookie, "/", null, null, NewCookie.DEFAULT_MAX_AGE, true))
                    .build();
        }
        // bad password, try again
        return Response.seeOther(URI.create(origin + "/login/login.html")).build();
    }
}