add authsessions to be saved in sessionsGraph (new) and its corresponding tests

Author: alegrm

src/main/java/accounts/FrameworkUserManager.java

@@ -9,6 +9,8 @@
 import java.util.Iterator;
 import java.util.List;
 
+import javax.ws.rs.core.Cookie;
+
 import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.log4j.Logger;
 import org.codehaus.jackson.JsonNode;
@@ -651,8 +653,17 @@ public String getDescribedIn(String graph) throws Exception {
      * @return user profile object if token valid and null if the opposite
      * @throws Exception
      */
+
+    public UserProfile validate(Cookie userc, String token) throws Exception {
+        if (userc == null || token == null)
+            return null;
+        String userstr = URLDecoder.decode(userc.getValue(), "utf-8");
+        return validate(userstr, token);
+    }
+
     public UserProfile validate(String userc, String token) throws Exception {
         String userstr = URLDecoder.decode(userc, "utf-8");
+
         log.debug(" userstr: " + userstr + " token:" + token);
         Gson gson = new Gson();
         UserProfile user = gson.fromJson(userstr, UserProfile.class);

src/main/java/authentication/FrameworkConfiguration.java

@@ -50,6 +50,7 @@ public class FrameworkConfiguration {
     private String accountsGraph = "";
     private String settingsGraph = "";
     private String jobsGraph = "";
+    private String authSessionsGraph = "";
     private String initialSettingsGraph = "";
     private String groupsGraph = "";
     private String frameworkUri;
@@ -190,6 +191,8 @@ else if ("groups".equals(soln.get("label").asLiteral().getString()))
                     instance.setGroupsGraph(soln.get("name").toString());
                 else if ("jobs".equals(soln.get("label").asLiteral().getString()))
                     instance.setJobsGraph(soln.get("name").toString());
+                else if ("sessions".equals(soln.get("label").asLiteral().getString()))
+                    instance.setAuthSessionsGraph(soln.get("name").toString());
             }
             qexec.close();
         }
@@ -390,4 +393,12 @@ public void setJobsGraph(String jobsGraph) {
         this.jobsGraph = jobsGraph;
     }
 
+    public String getAuthSessionsGraph() {
+        return authSessionsGraph;
+    }
+
+    public void setAuthSessionsGraph(String authSessionsGraph) {
+        this.authSessionsGraph = authSessionsGraph;
+    }
+
 }

src/main/java/rest/AuthorizedSessions.java

@@ -7,23 +7,24 @@
 import java.io.OutputStreamWriter;
 import java.io.Writer;
 import java.util.ArrayList;
-import java.util.Hashtable;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map.Entry;
 import java.util.UUID;
 
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.ws.rs.CookieParam;
+import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Cookie;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.StreamingOutput;
@@ -41,12 +42,17 @@
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.message.BasicNameValuePair;
 import org.apache.log4j.Logger;
+import org.codehaus.jackson.JsonNode;
+import org.codehaus.jackson.map.ObjectMapper;
 
+import rdf.SecureRdfStoreManagerImpl;
 import util.ObjectPair;
 import accounts.FrameworkUserManager;
+import accounts.UserProfile;
 import authentication.FrameworkConfiguration;
 
 import com.google.gson.JsonObject;
+import com.ontos.ldiw.vocabulary.LDIWO;
 
 /**
  * 
@@ -59,17 +65,20 @@ public class AuthorizedSessions {
     private static final Logger log = Logger.getLogger(AuthorizedSessions.class);
 
     private FrameworkUserManager frameworkUserManager;
-    private ObjectPair<String, String> rdfStoreUser;
-    // TODO: the information of this map has to be stored in the user settings
-    // graph instead
-    public static Hashtable<String, String> map = new Hashtable<String, String>();
+    private String sessionsGraph;
     private String endpoint;
 
+    private SecureRdfStoreManagerImpl frameworkRdfStoreManager;
+
     public AuthorizedSessions(@Context ServletContext context) throws ServletException {
         try {
-            frameworkUserManager = FrameworkConfiguration.getInstance(context)
-                    .getFrameworkUserManager();
+            FrameworkConfiguration frameworkConfig = FrameworkConfiguration.getInstance(context);
+            frameworkUserManager = frameworkConfig.getFrameworkUserManager();
+            sessionsGraph = frameworkConfig.getAuthSessionsGraph();
             endpoint = FrameworkConfiguration.getInstance(context).getAuthSparqlEndpoint();
+            frameworkRdfStoreManager = new SecureRdfStoreManagerImpl(frameworkConfig
+                    .getAuthSparqlEndpoint(), frameworkConfig.getAuthSparqlUser(), frameworkConfig
+                    .getAuthSparqlPassword());
         } catch (FileNotFoundException e) {
             log.error(e);
             e.printStackTrace();
@@ -83,35 +92,47 @@ public AuthorizedSessions(@Context ServletContext context) throws ServletExcepti
 
     @PUT
     @Produces(MediaType.APPLICATION_JSON)
-    public Response create(@QueryParam("username") String username,
+    public Response create(@CookieParam(value = "user") Cookie userc,
             @CookieParam(value = "token") String token) {
 
         /*
          * authenticates the user, throw exception if failed
          */
-        log.debug("user:" + username + " token:" + token);
-        boolean checkToken = false;
+        UserProfile userProfile;
         try {
-            checkToken = frameworkUserManager.checkToken(username, token);
-            if (!checkToken)
-                return Response.status(Response.Status.UNAUTHORIZED).build();
-            rdfStoreUser = frameworkUserManager.getRdfStoreUser(username, token);
-
+            // authenticates the user, throw exception if fail
+            userProfile = frameworkUserManager.validate(userc, token);
+            if (userProfile == null)
+                return Response.status(Response.Status.UNAUTHORIZED).entity("Invalid credentials")
+                        .build();
+            log.info(" user: " + userProfile.getUsername());
         } catch (Exception e) {
             log.error(e);
             e.printStackTrace();
             return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage())
                     .build();
         }
         /*
-         * generates a session for the user
+         * generates a session for the user and stores it in the sessions graph
+         * <accountURI> LDIWO.sessionToken
+         * "1fe39ef0-6987-11e4-9803-0800200c9a66"^^xsd:string
          */
         String sessionToken = UUID.randomUUID().toString();
-        map.put(sessionToken, rdfStoreUser.getFirst() + ":" + rdfStoreUser.getSecond());
-        log.debug(map.toString());
+
+        String query = "INSERT INTO <" + sessionsGraph + "> { <" + userProfile.getAccountURI()
+                + ">   <" + LDIWO.sessionToken + "> \"" + sessionToken + "\"^^xsd:string . }";
+        log.debug(query);
+
+        try {
+            frameworkRdfStoreManager.execute(query, "json");
+        } catch (Exception e) {
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage())
+                    .build();
+        }
+
         JsonObject body = new JsonObject();
         body.addProperty("endpoint", "rest/session/" + sessionToken);
-        return Response.ok(body.toString(), MediaType.APPLICATION_JSON).build();
+        return Response.status(Response.Status.CREATED).entity(body.toString()).build();
     }
 
     @GET
@@ -127,18 +148,43 @@ public Response post(@PathParam("sessionToken") String sessionToken, @Context Ur
             throws Exception {
 
         log.info(sessionToken);
-        log.debug(AuthorizedSessions.map.toString());
+        String username = "";
+        /*
+         * retrieves form user that created that session and the rdfUser and
+         * paswword for that user
+         */
+        try {
+            String query = "SELECT ?user FROM <" + sessionsGraph + "> WHERE { ?user " + " <"
+                    + LDIWO.sessionToken + "> \"" + sessionToken + "\"^^xsd:string .}";
+            log.debug(query);
+
+            String result = frameworkRdfStoreManager.execute(query, "json");
+            log.debug(result);
+            ObjectMapper mapper = new ObjectMapper();
+            JsonNode rootNode = mapper.readTree(result);
+            Iterator<JsonNode> bindingsIter = rootNode.path("results").path("bindings")
+                    .getElements();
 
-        String userLogin = AuthorizedSessions.map.get(sessionToken);
-        log.debug(userLogin);
-        if (userLogin == null) {
-            return Response.status(Response.Status.UNAUTHORIZED).build();
+            if (bindingsIter.hasNext()) {
+                JsonNode bindingNode = bindingsIter.next();
+                username = bindingNode.get("user").path("value").getTextValue();
+            }
+
+        } catch (Exception e) {
+            log.error(e);
+            e.printStackTrace();
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage())
+                    .build();
         }
+        log.debug("user:" + username + "-");
+        if (username.equals(""))
+            return Response.status(Response.Status.NOT_FOUND).build();
+
+        ObjectPair<String, String> rdfStoreUser = frameworkUserManager.getRdfStoreUser(username);
 
         // create a context with credentials
-        String[] creds = userLogin.split(":");
-        UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(creds[0],
-                creds[1]);
+        UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(rdfStoreUser
+                .getFirst(), rdfStoreUser.getSecond());
         BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
         credsProvider.setCredentials(AuthScope.ANY, credentials);
         HttpClientContext context = HttpClientContext.create();
@@ -170,4 +216,41 @@ public void write(OutputStream os) throws IOException, WebApplicationException {
         return Response.ok(stream).build();
 
     }
+
+    @DELETE
+    @Path("{sessionToken}")
+    public Response delete(@PathParam("sessionToken") String sessionToken,
+            @CookieParam(value = "user") Cookie userc, @CookieParam(value = "token") String token) {
+
+        /*
+         * authenticates the user, throw exception if failed
+         */
+        UserProfile userProfile;
+        try {
+            // authenticates the user, throw exception if fail
+            userProfile = frameworkUserManager.validate(userc, token);
+            if (userProfile == null)
+                return Response.status(Response.Status.UNAUTHORIZED).entity("Invalid credentials")
+                        .build();
+            log.info(" user: " + userProfile.getUsername());
+        } catch (Exception e) {
+            log.error(e);
+            e.printStackTrace();
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage())
+                    .build();
+        }
+
+        String query = "DELETE FROM <http://generator.geoknow.eu/resource/sessionsGraph> {?s ?p ?o} "
+                + "WHERE { ?s ?p ?o . FILTER(str(?o) = \"" + sessionToken + "\") } ";
+        log.debug(query);
+
+        try {
+            log.info(frameworkRdfStoreManager.execute(query, "json"));
+        } catch (Exception e) {
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage())
+                    .build();
+        }
+
+        return Response.ok().build();
+    }
 }

src/main/java/setup/RDFStoreSetupManager.java

@@ -111,7 +111,7 @@ public void setUp(FrameworkConfiguration config, boolean reset) throws Exception
 
         log.info("System Initialization ");
 
-        // create user
+        // create framework RDF user
         userManager.createUser(config.getAuthSparqlUser(), config.getAuthSparqlPassword());
         userManager.setDefaultRdfPermissions(config.getAuthSparqlUser(), 3);
         userManager.grantRole(config.getAuthSparqlUser(), "SPARQL_UPDATE");
@@ -137,6 +137,7 @@ public void setUp(FrameworkConfiguration config, boolean reset) throws Exception
         frameworkRdfStoreManager.createGraph(config.getGroupsGraph());
         frameworkRdfStoreManager.createGraph(config.getInitialSettingsGraph());
         frameworkRdfStoreManager.createGraph(config.getJobsGraph());
+        frameworkRdfStoreManager.createGraph(config.getAuthSessionsGraph());
 
         // Make graphs accessible to framework user only
         userManager.setDefaultRdfPermissions("nobody", 0);
@@ -148,6 +149,8 @@ public void setUp(FrameworkConfiguration config, boolean reset) throws Exception
         userManager.setRdfGraphPermissions(config.getAuthSparqlUser(), config
                 .getInitialSettingsGraph(), 3);
         userManager.setRdfGraphPermissions(config.getAuthSparqlUser(), config.getJobsGraph(), 3);
+        userManager.setRdfGraphPermissions(config.getAuthSparqlUser(), config
+                .getAuthSessionsGraph(), 3);
 
         // settings model
         Model settingsModel = ModelFactory.createDefaultModel();
@@ -286,14 +289,15 @@ public void clear(FrameworkConfiguration config) throws Exception {
         rdfStoreManager.dropGraph(config.getGroupsGraph());
         rdfStoreManager.dropGraph(config.getInitialSettingsGraph());
         rdfStoreManager.dropGraph(config.getJobsGraph());
+        rdfStoreManager.dropGraph(config.getAuthSessionsGraph());
 
         // drop sparql user
         log.debug("Drop system SPARQL user");
         virtuosoUserManager.dropUser(config.getAuthSparqlUser());
     }
 
     public boolean isSetUp() {
-        log.info("Checking if " + initFile.getPath() + initFile.getName() + " exists");
+        log.info("Checking if " + initFile.getPath() + " exists");
         return initFile.exists();
     }
 }