0

I am using jaxrs:0.10 and I have default generated resources for a domain OrderDetails. And the client will POST json which will contain domain OrderDetails object as well as other two parameters userName and password, so that only authenticated users consume the resource. I can simply save to database for domain OrderDetails only without authentation(i.e.the JSON is same as the domain.) by posting a JSON but by adding the other two parameters for authentication is a bit different thing. How to accomplish this task, my need is :

1)The client posts the json with userName,password and OrderDetails object. 2)I need to authenticate the user credentials for OrderDetails object to save to the database.

For time being user credentials will the static.

My code for domain OrderDetails is :

class OrderDetails {

    Date orderDate
    Long orderNumber

    Float subTotal
    Float shipping
    Float discount
    Float netTotalPaid
    boolean creditApplied

    Long transactionId
    String specialInstruction
    DeliveryStatus deliveryStatus

    Long memberId
    String localOffice

    static constraints = {
        orderDate nullable: true
        orderNumber nullable: true

        subTotal nullable: true
        shipping nullable: true
        discount nullable: true
        netTotalPaid nullable: true
        creditApplied nullable: true

        transactionId nullable: true
        specialInstruction nullable: true
        deliveryStatus nullable: true

        memberId nullable: true
        localOffice nullable: true
    }
}

And the generated Resources are :

@Path('/api/v1/orderDetails')
@Consumes(['application/json'])
@Produces(['application/json'])
class OrderDetailsCollectionResource {

    def orderDetailsResourceService

    @POST
    Response create(OrderDetails dto) {
        created orderDetailsResourceService.create(dto)
    }

    @GET
    Response readAll() {
        ok orderDetailsResourceService.readAll()
    }

    @Path('/{id}')
    OrderDetailsResource getResource(@PathParam('id') Long id) {
        new OrderDetailsResource(orderDetailsResourceService: orderDetailsResourceService, id:id)
    }
}

And :

@Consumes(['application/json'])
@Produces(['application/json'])
class OrderDetailsResource {

    def orderDetailsResourceService
    def id

    @GET
    Response read() {
        ok orderDetailsResourceService.read(id)
    }

    @PUT
    Response update(OrderDetails dto) {
        dto.id = id
        ok orderDetailsResourceService.update(dto)
    }

    @DELETE
    void delete() {
        orderDetailsResourceService.delete(id)
    }
}
SudeepShakya
  • 571
  • 3
  • 14
  • 34

1 Answers1

0

Your wrapper:

class AuthOrder {
   OrderDetails orderDetails;
   Token userToken;
   Password password;
}

Now you expect an AuthOrder-Json-Object instead of an OrderDetails. In your GET/PUT/DELETE-Operations you read the user and password and check if it is allowed to do the job. Then pass on the OrderDetails-Object.

For the json-rest-authentication in general I suggest you to read how-do-people-handle-authentication-for-restful-apis-technology-agnostic

EDIT: Example for @PUT;

@Consumes(['application/json'])
@Produces(['application/json'])
class OrderDetailsResource {

def orderDetailsResourceService
def id

@GET
Response read() {
    ok orderDetailsResourceService.read(id)
}

@PUT
Response update(AuthOrder dto) {
    if (validateUser(dto.getUserName, dto.getUserPassword)) {
       OrderDetails orderDetails= dto.getOrderDetails();
       dto.id = id
       ok orderDetailsResourceService.update(dto)
    } else 
       //not ok response
    }
}

 @DELETE
 void delete() {
    orderDetailsResourceService.delete(id)
 }
}
Community
  • 1
  • 1
SWiggels
  • 2,159
  • 1
  • 21
  • 35