Authentication resource accepts GET and POST

seedstack · Jul 27, 2017 · f7b2318 · f7b2318
1 parent 926aefd
commit f7b2318
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 5 deletions.
diff --git a/pom.xml b/pom.xml
@@ -24,6 +24,7 @@
     <properties>
         <poms.version>3.1.0-SNAPSHOT</poms.version>
         <seed.version>3.3.0-SNAPSHOT</seed.version>
+        <jjwt.version>0.7.0</jjwt.version>
 
         <compatibility.skip>true</compatibility.skip>
 
@@ -78,6 +79,11 @@
             <artifactId>seed-web-security</artifactId>
             <version>${seed.version}</version>
         </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt</artifactId>
+            <version>${jjwt.version}</version>
+        </dependency>
         <dependency>
             <groupId>javax.ws.rs</groupId>
             <artifactId>javax.ws.rs-api</artifactId>

diff --git a/src/main/java/org/seedstack/web/internal/security/AuthenticationResource.java b/src/main/java/org/seedstack/web/internal/security/AuthenticationResource.java
@@ -13,6 +13,7 @@
 import javax.inject.Inject;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
+import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.core.Response;
 
@@ -22,18 +23,24 @@ public class AuthenticationResource {
     private SecuritySupport securitySupport;
 
     @GET
-    public Response authenticate() {
+    public Response authenticateGet() {
         if (!securitySupport.isAuthenticated()) {
-            return Response.status(Response.Status.FORBIDDEN).build();
+            return Response.status(Response.Status.UNAUTHORIZED).build();
         }
+        return Response.status(Response.Status.NO_CONTENT).build();
+    }
 
+    @POST
+    public Response authenticatePost() {
+        if (!securitySupport.isAuthenticated()) {
+            return Response.status(Response.Status.UNAUTHORIZED).build();
+        }
         return Response.status(Response.Status.NO_CONTENT).build();
     }
 
     @DELETE
     public Response deauthenticate() {
         securitySupport.logout();
-
         return Response.status(Response.Status.NO_CONTENT).build();
     }
 }
diff --git a/src/main/java/org/seedstack/web/internal/security/AuthorizationsResource.java b/src/main/java/org/seedstack/web/internal/security/AuthorizationsResource.java
@@ -35,7 +35,7 @@ public class AuthorizationsResource {
     @Produces(MediaType.APPLICATION_JSON)
     public Response getAuthenticatedSubjectAuthorizations() {
         if (!securitySupport.isAuthenticated()) {
-            return Response.status(Response.Status.FORBIDDEN).build();
+            return Response.status(Response.Status.UNAUTHORIZED).build();
         }
 
         // Principals
@@ -61,9 +61,9 @@ public Response getAuthenticatedSubjectAuthorizations() {
             roleRepresentation.setAttributes(roleAttributes);
             roleRepresentations.add(roleRepresentation);
         }
+
         // Individual permissions
         List<String[]> individualPermissions = new ArrayList<>();
-
         AuthorizationsRepresentation authorizationsRepresentation = new AuthorizationsRepresentation();
         authorizationsRepresentation.setId(securitySupport.getSimplePrincipalByName(Principals.IDENTITY).getValue());
         authorizationsRepresentation.setType("user");