package org.openslx.imagemaster.server; import org.apache.log4j.Logger; import org.openslx.imagemaster.session.Authenticator; import org.openslx.imagemaster.session.Session; import org.openslx.imagemaster.session.SessionManager; import org.openslx.imagemaster.session.User; import org.openslx.imagemaster.thrift.iface.AuthenticationError; import org.openslx.imagemaster.thrift.iface.AuthenticationException; import org.openslx.imagemaster.thrift.iface.InvalidTokenException; import org.openslx.imagemaster.thrift.iface.SessionData; import org.openslx.imagemaster.thrift.iface.UserInfo; /** * API Server This is where all the requests from the outside arrive. We don't * handle them directly in the Thrift handlers, as we might be adding other APIs * later, like JSON/SOAP/REST/HTTP/XML or some other stuff. They'd all just * interface with this static class here. Note that we use the exceptions from * the thrift interface that you can simply catch in any other API handler and * eg. transform into error codes, if the API doesn't support exceptions. * * This will be accessed from multiple threads, so use synchronization when * needed (or in doubt) */ public class ApiServer { @SuppressWarnings( "unused" ) private static Logger log = Logger.getLogger( ApiServer.class ); /** * Request for authentication * @param login (username@organization) * @param password * @return SessionData struct with session id/token iff login successful * @throws AuthenticationException if login not successful */ public static SessionData authenticate( String login, String password ) throws AuthenticationException { if ( login == null || password == null ) { throw new AuthenticationException( AuthenticationError.INVALID_CREDENTIALS, "Empty username or password!" ); } final User user = Authenticator.authenticate( login, password ); final Session session = new Session( user ); return SessionManager.addSession( session ); } /** * Request information about user for given token * @param token - a user's token * @return UserInfo struct for given token's user * @throws InvalidTokenException if no user matches the given token */ public static UserInfo getUserFromToken( String token ) throws InvalidTokenException { final Session session = SessionManager.getSession( token ); if ( session == null ) throw new InvalidTokenException(); return new UserInfo( session.getUserId(), session.getFirstName(), session.getLastName(), session.getEMail() ); } }