Changeset 4252

Timestamp:

01/10/14 17:20:38 (10 years ago)

Author:

olhsha

Message:

adding, updating, deleting a user (only for a user with admin rights)

Location:

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main

Files:

• java/eu/dasish/annotation/backend/BackendConstants.java (modified) (1 diff)
• java/eu/dasish/annotation/backend/dao/DBIntegrityService.java (modified) (1 diff)
• java/eu/dasish/annotation/backend/dao/UserDao.java (modified) (1 diff)
• java/eu/dasish/annotation/backend/dao/impl/DBIntegrityServiceImlp.java (modified) (1 diff)
• java/eu/dasish/annotation/backend/dao/impl/JdbcResourceDao.java (modified) (2 diffs)
• java/eu/dasish/annotation/backend/dao/impl/JdbcUserDao.java (modified) (2 diffs)
• java/eu/dasish/annotation/backend/rest/AnnotationResource.java (modified) (10 diffs)
• java/eu/dasish/annotation/backend/rest/CachedRepresentationResource.java (modified) (2 diffs)
• java/eu/dasish/annotation/backend/rest/TargetResource.java (modified) (4 diffs)
• java/eu/dasish/annotation/backend/rest/UserResource.java (modified) (5 diffs)
• webapp/WEB-INF/shhaa.xml (modified) (2 diffs)
• webapp/WEB-INF/web.xml (modified) (3 diffs)

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/BackendConstants.java

@@ -27 +27 @@
     public static final String regExpEmail = regExpIdentifier+"@"+regExpIdentifier;
     public static final String fragmentDescriptors = "[a-zA-Z0-9_-(),#%]*";
+    public static final String regExpRemoteId = regExpIdentifier+"|"+regExpEmail;
 }

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/dao/DBIntegrityService.java

@@ -235 +235 @@
     
     
-    
+    public boolean userHasAdminRights(Number userID);
     
     /**

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/dao/UserDao.java

@@ -32 +32 @@
      public User getUserByInfo(String  eMail);
      
+     // where is it used?
      public boolean userIsInUse(Number userID);
      
+     // where is it used??
      public boolean userExists(User user);
      
+     public boolean hasAdminRights(Number internalID);
+     
      public String getRemoteID(Number internalID);
+     
      
      public Number getUserInternalIDFromRemoteID(String remoteID);

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/dao/impl/DBIntegrityServiceImlp.java

@@ -348 +348 @@
     }
 
+    @Override
+    public boolean userHasAdminRights(Number userID){
+       return userDao.hasAdminRights(userID); 
+    }
+    
     ///// UPDATERS /////////////////
     @Override

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/dao/impl/JdbcResourceDao.java

@@ -37 +37 @@
 public class JdbcResourceDao extends SimpleJdbcDaoSupport implements ResourceDao {
 
-    // base string constants: reTarget table Names
+    // base string constants: table Names
     final static protected String notebookTableName = "notebook";
     final static protected String annotationTableName = "annotation";
@@ -50 +50 @@
     final static protected String targetsCachedRepresentationsTableName = "targets_cached_representations";
     // base string constants: field Names
+    final static protected String admin_rights = "admin_rights";
     final static protected String annotation_id = "annotation_id";
     final static protected String notebook_id = "notebook_id";

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/dao/impl/JdbcUserDao.java

@@ -131 +131 @@
     }
     
+    @Override
+    public boolean hasAdminRights(Number internalID){
+       StringBuilder requestDB  = new StringBuilder("SELECT ");
+       requestDB.append(admin_rights).append(" FROM ").append(principalTableName).append(" WHERE ").append(principal_id).append("= ? LIMIT 1");
+       List<Boolean> result = getSimpleJdbcTemplate().query(requestDB.toString(), adminRightsRowMapper, internalID);
+       return  (result.size() > 0) ? result.get(0).booleanValue() :false;    
+    }
+     private final RowMapper<Boolean> adminRightsRowMapper = new RowMapper<Boolean>() {
+        @Override
+        public Boolean mapRow(ResultSet rs, int rowNumber) throws SQLException {
+            return new Boolean(rs.getBoolean(admin_rights));
+        }
+    };
+    
      ///////////////////// ADDERS ////////////////////////////
      public Number addUser(User user, String remoteID){
@@ -153 +167 @@
         sql.append(principalTableName).append(" SET ").
                 append(e_mail).append("= '").append(user.getEMail()).append("',").
-                append(principal_name).append("= '").append(user.getDisplayName()).append("',").
-                append("' WHERE ").append(principal_id).append("= ?");
+                append(principal_name).append("= '").append(user.getDisplayName()).append("' ").
+                append(" WHERE ").append(principal_id).append("= ?");
         int affectedRows = getSimpleJdbcTemplate().update(sql.toString(), principalID);
         return principalID;

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/AnnotationResource.java

@@ -113 +113 @@
             String remoteUser = httpServletRequest.getRemoteUser();
             final Number userID = dbIntegrityService.getUserInternalIDFromRemoteID(remoteUser);
-            if (canRead(userID, annotationID)) {
-                final Annotation annotation = dbIntegrityService.getAnnotation(annotationID);
-                JAXBElement<Annotation> rootElement = new ObjectFactory().createAnnotation(annotation);
-                logger.info("getAnnotation method: OK");
-                return rootElement;
-            } else {
-                httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "The logged-in user cannot read the annotation.");
-                return null;
-            }
-        } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id is not found in the database");
+            if (userID != null) {
+                if (canRead(userID, annotationID)) {
+                    final Annotation annotation = dbIntegrityService.getAnnotation(annotationID);
+                    JAXBElement<Annotation> rootElement = new ObjectFactory().createAnnotation(annotation);
+                    logger.info("getAnnotation method: OK");
+                    return rootElement;
+                } else {
+                    httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "The logged-in user cannot read the annotation.");
+                    return null;
+                }
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id is not found in the database");
+                return null;
+            }
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
             return null;
         }
@@ -139 +144 @@
         if (annotationID != null) {
             final Number userID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
-            if (canRead(userID, annotationID)) {
-                final ReferenceList TargetList = dbIntegrityService.getAnnotationTargets(annotationID);
-                logger.info("getAnnotationTargets method: OK");
-                return new ObjectFactory().createTargetList(TargetList);
-            } else {
-                httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "The logged-in user cannot read the annotation.");
-                return null;
-            }
-        } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id is not found in the database");
-            return null;
-        }
-    }
-
-    // TODO Unit test 
+            if (userID != null) {
+                if (canRead(userID, annotationID)) {
+                    final ReferenceList TargetList = dbIntegrityService.getAnnotationTargets(annotationID);
+                    logger.info("getAnnotationTargets method: OK");
+                    return new ObjectFactory().createTargetList(TargetList);
+                } else {
+                    httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "The logged-in user cannot read the annotation.");
+                    return null;
+                }
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id is not found in the database");
+                return null;
+            }
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
+            return null;
+        }
+    }
+// TODO Unit test 
+
     @GET
     @Produces(MediaType.TEXT_XML)
@@ -164 +174 @@
             @QueryParam("owner") String ownerExternalId,
             @QueryParam("after") Timestamp after,
-            @QueryParam("before") Timestamp before) {
+            @QueryParam("before") Timestamp before) throws IOException {
 
         dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
         Number userID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
-        UUID ownerExternalUUID = (ownerExternalId != null) ? UUID.fromString(ownerExternalId) : null;
-        String access = (permission != null) ? permission : default_permission;
-        final AnnotationInfoList annotationInfoList = dbIntegrityService.getFilteredAnnotationInfos(link, text, userID, makeAccessModeChain(access), namespace, ownerExternalUUID, after, before);
-        logger.info("getFilteredAnnotations method: OK");
-        return new ObjectFactory().createAnnotationInfoList(annotationInfoList);
+        if (userID != null) {
+            UUID ownerExternalUUID = (ownerExternalId != null) ? UUID.fromString(ownerExternalId) : null;
+            String access = (permission != null) ? permission : default_permission;
+            final AnnotationInfoList annotationInfoList = dbIntegrityService.getFilteredAnnotationInfos(link, text, userID, makeAccessModeChain(access), namespace, ownerExternalUUID, after, before);
+            logger.info("getFilteredAnnotations method: OK");
+            return new ObjectFactory().createAnnotationInfoList(annotationInfoList);
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
+            return null;
+        }
+
     }
 
@@ -184 +200 @@
         final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(ExternalIdentifier));
         final Number userID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
-        if (annotationID != null) {
-            if (canRead(userID, annotationID)) {
-                final UserWithPermissionList permissionList = dbIntegrityService.getPermissionsForAnnotation(annotationID);
-                logger.info("getAnnotationPermissions method: OK");
-                return new ObjectFactory().createPermissionList(permissionList);
-            } else {
-                httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "The logged-in user cannot read the annotation.");
-                return null;
-            }
-        } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id is not found in the database");
-            return null;
-        }
-    }
-
-    ///////////////////////////////////////////////////////
-    // TODO: how to return the status code? 
+        if (userID != null) {
+            if (annotationID != null) {
+                if (canRead(userID, annotationID)) {
+                    final UserWithPermissionList permissionList = dbIntegrityService.getPermissionsForAnnotation(annotationID);
+                    logger.info("getAnnotationPermissions method: OK");
+                    return new ObjectFactory().createPermissionList(permissionList);
+                } else {
+                    httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "The logged-in user cannot read the annotation.");
+                    return null;
+                }
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id is not found in the database");
+                return null;
+            }
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
+            return null;
+        }
+    }
+///////////////////////////////////////////////////////
+// TODO: how to return the status code? 
+
     @DELETE
     @Path("{annotationid: " + BackendConstants.regExpIdentifier + "}")
@@ -207 +228 @@
         final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(externalIdentifier));
         final Number userID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
-        if (annotationID != null) {
-            if (isOwner(userID, annotationID)) {
-                int[] resultDelete = dbIntegrityService.deleteAnnotation(annotationID);
-                String result = Integer.toString(resultDelete[0]);
-                logger.info("deleteAnnotation method: OK");
-                return result + " annotation(s) deleted.";
-            } else {
-                httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "The logged-in user cannot delete the annotation. Only the owner can delete the annotation.");
-                return null;
-            }
-        } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id is not found in the database");
-            return null;
-        }
-    }
-
-    ///////////////////////////////////////////////////////
+        if (userID != null) {
+            if (annotationID != null) {
+                if (isOwner(userID, annotationID)) {
+                    int[] resultDelete = dbIntegrityService.deleteAnnotation(annotationID);
+                    String result = Integer.toString(resultDelete[0]);
+                    logger.info("deleteAnnotation method: OK");
+                    return result + " annotation(s) deleted.";
+                } else {
+                    httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "The logged-in user cannot delete the annotation. Only the owner can delete the annotation.");
+                    return null;
+                }
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id is not found in the database");
+                return null;
+            }
+
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
+            return null;
+        }
+    }
+///////////////////////////////////////////////////////
+
     @POST
     @Consumes(MediaType.APPLICATION_XML)
@@ -231 +258 @@
         dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
         final Number userID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
-        Number annotationID = dbIntegrityService.addUsersAnnotation(userID, annotation);
-        logger.info("createAnnotation method: OK");
-        return new ObjectFactory().createResponseBody(makeAnnotationResponseEnvelope(annotationID));
-    }
-
-    ///////////////////////////////////////////////////////
-    // TODO: unit test
+        if (userID != null) {
+            Number annotationID = dbIntegrityService.addUsersAnnotation(userID, annotation);
+            logger.info("createAnnotation method: OK");
+            return new ObjectFactory().createResponseBody(makeAnnotationResponseEnvelope(annotationID));
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
+            return null;
+        }
+    }
+///////////////////////////////////////////////////////
+// TODO: unit test
+
     @PUT
     @Consumes(MediaType.APPLICATION_XML)
@@ -254 +286 @@
         if (annotationID != null) {
             final Number userID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
-            if (canWrite(userID, annotationID)) {
-                int updatedRows = dbIntegrityService.updateUsersAnnotation(userID, annotation);
-                logger.info("updateAnnotation method: OK");
-                return new ObjectFactory().createResponseBody(makeAnnotationResponseEnvelope(annotationID));
-
-            } else {
-                httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-                return null;
-            }
-        } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id is not found in the database");
+            if (userID != null) {
+                if (canWrite(userID, annotationID)) {
+                    int updatedRows = dbIntegrityService.updateUsersAnnotation(userID, annotation);
+                    logger.info("updateAnnotation method: OK");
+                    return new ObjectFactory().createResponseBody(makeAnnotationResponseEnvelope(annotationID));
+
+                } else {
+                    httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+                    return null;
+                }
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id is not found in the database");
+                return null;
+            }
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
             return null;
         }
@@ -276 +313 @@
         String path = uriInfo.getBaseUri().toString();
         dbIntegrityService.setServiceURI(path);
-
         final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(externalIdentifier));
         final Number userID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
-        if (annotationID != null) {
-            if (canWrite(userID, annotationID)) {
-                int updatedRows = dbIntegrityService.updateAnnotationBody(annotationID, annotationBody);
-                logger.info("updateAnnotationBody method: OK");
-                return new ObjectFactory().createResponseBody(makeAnnotationResponseEnvelope(annotationID));
-            } else {
-                httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-                return null;
-            }
-        } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id is not found in the database");
+        if (userID != null) {
+            if (annotationID != null) {
+                if (canWrite(userID, annotationID)) {
+                    int updatedRows = dbIntegrityService.updateAnnotationBody(annotationID, annotationBody);
+                    logger.info("updateAnnotationBody method: OK");
+                    return new ObjectFactory().createResponseBody(makeAnnotationResponseEnvelope(annotationID));
+                } else {
+                    httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+                    return null;
+                }
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id is not found in the database");
+                return null;
+            }
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
             return null;
         }
@@ -303 +344 @@
         final Number remoteUserID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
         final Number userID = dbIntegrityService.getUserInternalIdentifier(UUID.fromString(userExternalId));
-        if (annotationID != null) {
-            if (isOwner(remoteUserID, annotationID)) {
-                int result = (dbIntegrityService.getPermission(annotationID, userID) != null)
-                        ? dbIntegrityService.updateAnnotationPrincipalPermission(annotationID, userID, permission)
-                        : dbIntegrityService.addAnnotationPrincipalPermission(annotationID, userID, permission);
-                logger.info("updatePermission method: OK");
-                return result + " rows are updated/added";
-
-            } else {
-                httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-                return null;
-            }
-        } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id is not found in the database");
+        if (remoteUserID != null) {
+            if (annotationID != null) {
+                if (isOwner(remoteUserID, annotationID)) {
+                    int result = (dbIntegrityService.getPermission(annotationID, userID) != null)
+                            ? dbIntegrityService.updateAnnotationPrincipalPermission(annotationID, userID, permission)
+                            : dbIntegrityService.addAnnotationPrincipalPermission(annotationID, userID, permission);
+                    logger.info("updatePermission method: OK");
+                    return result + " rows are updated/added";
+
+                } else {
+                    httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+                    return null;
+                }
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id is not found in the database");
+                return null;
+            }
+
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
             return null;
         }
@@ -329 +376 @@
         final Number annotationID = dbIntegrityService.getAnnotationInternalIdentifier(UUID.fromString(annotationExternalId));
         final Number remoteUserID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
-        if (annotationID != null) {
-            if (isOwner(remoteUserID, annotationID)) {
-                int updatedRows = dbIntegrityService.updatePermissions(annotationID, permissions);
-                logger.info("updatePermissions method: OK");
-                return new ObjectFactory().createResponseBody(makePermissionResponseEnvelope(annotationID));
-            } else {
-                httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-                return null;
-            }
-        } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id is not found in the database");
-            return null;
-        }
-    }
-
-    /////////////////////////////////////////
+        if (remoteUserID != null) {
+            if (annotationID != null) {
+                if (isOwner(remoteUserID, annotationID)) {
+                    int updatedRows = dbIntegrityService.updatePermissions(annotationID, permissions);
+                    logger.info("updatePermissions method: OK");
+                    return new ObjectFactory().createResponseBody(makePermissionResponseEnvelope(annotationID));
+                } else {
+                    httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+                    return null;
+                }
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The annotation with the given id is not found in the database");
+                return null;
+            }
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
+            return null;
+        }
+    }
+/////////////////////////////////////////
     private ResponseBody makeAnnotationResponseEnvelope(Number annotationID) {
         ResponseBody result = new ResponseBody();

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/CachedRepresentationResource.java

@@ -72 +72 @@
     @Transactional(readOnly = true)
     public JAXBElement<CachedRepresentationInfo> getCachedRepresentationInfo(@PathParam("cachedid") String externalId) throws SQLException, IOException {
-        dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
-        final Number cachedID = dbIntegrityService.getCachedRepresentationInternalIdentifier(UUID.fromString(externalId));
-        if (cachedID != null) {
-            final CachedRepresentationInfo cachedInfo = dbIntegrityService.getCachedRepresentationInfo(cachedID);
-            return new ObjectFactory().createCashedRepresentationInfo(cachedInfo);
+
+        final Number remoteUserID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
+        if (remoteUserID != null) {
+            dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
+            final Number cachedID = dbIntegrityService.getCachedRepresentationInternalIdentifier(UUID.fromString(externalId));
+            if (cachedID != null) {
+                final CachedRepresentationInfo cachedInfo = dbIntegrityService.getCachedRepresentationInfo(cachedID);
+                return new ObjectFactory().createCashedRepresentationInfo(cachedInfo);
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The cached representation with the given id is not found in the database");
+                return null;
+            }
         } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The cached representation with the given id is not found in the database");
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
             return null;
         }
@@ -88 +95 @@
     @Transactional(readOnly = true)
     public BufferedImage getCachedRepresentationContent(@PathParam("cachedid") String externalId) throws SQLException, IOException {
-        dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
-        final Number cachedID = dbIntegrityService.getCachedRepresentationInternalIdentifier(UUID.fromString(externalId));
-        if (cachedID != null) {
-            InputStream dbRespond = dbIntegrityService.getCachedRepresentationBlob(cachedID);
-            ImageIO.setUseCache(false);
-            BufferedImage result = ImageIO.read(dbRespond);
-            return result;
+        final Number remoteUserID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
+        if (remoteUserID != null) {
+            dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
+            final Number cachedID = dbIntegrityService.getCachedRepresentationInternalIdentifier(UUID.fromString(externalId));
+            if (cachedID != null) {
+                InputStream dbRespond = dbIntegrityService.getCachedRepresentationBlob(cachedID);
+                ImageIO.setUseCache(false);
+                BufferedImage result = ImageIO.read(dbRespond);
+                return result;
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The cached representation  with the given id is not found in the database");
+                return null;
+            }
         } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The cached representation  with the given id is not found in the database");
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
             return null;
         }

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/TargetResource.java

@@ -83 +83 @@
     @Transactional(readOnly = true)
     public JAXBElement<Target> getTarget(@PathParam("targetid") String ExternalIdentifier) throws SQLException, IOException {
-        dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
-        final Number targetID = dbIntegrityService.getTargetInternalIdentifier(UUID.fromString(ExternalIdentifier));
-        if (targetID != null) {
-            final Target target = dbIntegrityService.getTarget(targetID);
-            return new ObjectFactory().createTarget(target);
+        final Number remoteUserID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
+        if (remoteUserID != null) {
+            dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
+            final Number targetID = dbIntegrityService.getTargetInternalIdentifier(UUID.fromString(ExternalIdentifier));
+            if (targetID != null) {
+                final Target target = dbIntegrityService.getTarget(targetID);
+                return new ObjectFactory().createTarget(target);
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The target with the given id is not found in the database");
+                return null;
+            }
         } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The target with the given id is not found in the database");
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
             return null;
         }
@@ -100 +106 @@
     @Transactional(readOnly = true)
     public JAXBElement<ReferenceList> getSiblingTargets(@PathParam("targetid") String ExternalIdentifier) throws SQLException, IOException {
-        dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
-        final Number targetID = dbIntegrityService.getTargetInternalIdentifier(UUID.fromString(ExternalIdentifier));
-        if (targetID != null) {
-            final ReferenceList siblings = dbIntegrityService.getTargetsForTheSameLinkAs(targetID);
-            return new ObjectFactory().createReferenceList(siblings);
+        final Number remoteUserID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
+        if (remoteUserID != null) {
+            dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
+            final Number targetID = dbIntegrityService.getTargetInternalIdentifier(UUID.fromString(ExternalIdentifier));
+            if (targetID != null) {
+                final ReferenceList siblings = dbIntegrityService.getTargetsForTheSameLinkAs(targetID);
+                return new ObjectFactory().createReferenceList(siblings);
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The target with the given id is not found in the database");
+                return null;
+            }
         } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The target with the given id is not found in the database");
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
             return null;
         }
@@ -132 +144 @@
     public JAXBElement<CachedRepresentationInfo> postCached(@PathParam("targetid") String targetIdentifier,
             @PathParam("fragmentDescriptor") String fragmentDescriptor,
-            MultiPart multiPart) throws SQLException {
-        dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
-        final Number targetID = dbIntegrityService.getTargetInternalIdentifier(UUID.fromString(targetIdentifier));
-        CachedRepresentationInfo metadata = multiPart.getBodyParts().get(0).getEntityAs(CachedRepresentationInfo.class);
-        BodyPartEntity bpe = (BodyPartEntity) multiPart.getBodyParts().get(1).getEntity();
-        InputStream cachedSource = bpe.getInputStream();
-        final Number[] respondDB = dbIntegrityService.addCachedForTarget(targetID, fragmentDescriptor, metadata, cachedSource);
-        final CachedRepresentationInfo cachedInfo = dbIntegrityService.getCachedRepresentationInfo(respondDB[1]);
-        return new ObjectFactory()
-                .createCashedRepresentationInfo(cachedInfo);
+            MultiPart multiPart) throws SQLException, IOException {
+        final Number remoteUserID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
+        if (remoteUserID != null) {
+            dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
+            final Number targetID = dbIntegrityService.getTargetInternalIdentifier(UUID.fromString(targetIdentifier));
+            CachedRepresentationInfo metadata = multiPart.getBodyParts().get(0).getEntityAs(CachedRepresentationInfo.class);
+            BodyPartEntity bpe = (BodyPartEntity) multiPart.getBodyParts().get(1).getEntity();
+            InputStream cachedSource = bpe.getInputStream();
+            final Number[] respondDB = dbIntegrityService.addCachedForTarget(targetID, fragmentDescriptor, metadata, cachedSource);
+            final CachedRepresentationInfo cachedInfo = dbIntegrityService.getCachedRepresentationInfo(respondDB[1]);
+            return new ObjectFactory()
+                    .createCashedRepresentationInfo(cachedInfo);
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
+            return null;
+        }
 
     }
@@ -149 +167 @@
     public String deleteCachedForTarget(@PathParam("targetid") String targetExternalIdentifier,
             @PathParam("cachedid") String cachedExternalIdentifier) throws SQLException, IOException {
-        dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
-        final Number targetID = dbIntegrityService.getTargetInternalIdentifier(UUID.fromString(targetExternalIdentifier));
-        if (targetID != null) {
-            final Number cachedID = dbIntegrityService.getCachedRepresentationInternalIdentifier(UUID.fromString(cachedExternalIdentifier));
-            if (cachedID != null) {
-                int[] resultDelete = dbIntegrityService.deleteCachedRepresentationOfTarget(targetID, cachedID);
-                String result = Integer.toString(resultDelete[0]);
-                return result + " pair(s) target-cached deleted.";
+        final Number remoteUserID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
+        if (remoteUserID != null) {
+            dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
+            final Number targetID = dbIntegrityService.getTargetInternalIdentifier(UUID.fromString(targetExternalIdentifier));
+            if (targetID != null) {
+                final Number cachedID = dbIntegrityService.getCachedRepresentationInternalIdentifier(UUID.fromString(cachedExternalIdentifier));
+                if (cachedID != null) {
+                    int[] resultDelete = dbIntegrityService.deleteCachedRepresentationOfTarget(targetID, cachedID);
+                    String result = Integer.toString(resultDelete[0]);
+                    return result + " pair(s) target-cached deleted.";
+                } else {
+                    httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The cached representation with the given id is not found in the database");
+                    return null;
+                }
             } else {
-                httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The cached representation with the given id is not found in the database");
+                httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The target with the given id is not found in the database");
                 return null;
             }
         } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The target with the given id is not found in the database");
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
             return null;
         }

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/UserResource.java

@@ -29 +29 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
@@ -72 +73 @@
     @GET
     @Produces(MediaType.TEXT_XML)
-    @Path("{userid: " + BackendConstants.regExpIdentifier + "}")
+    @Path("{userid: " + BackendConstants.regExpRemoteId + "}")
     @Transactional(readOnly = true)
     public JAXBElement<User> getUser(@PathParam("userid") String ExternalIdentifier) throws SQLException, IOException {
-        dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
-        final Number userID = dbIntegrityService.getUserInternalIdentifier(UUID.fromString(ExternalIdentifier));
-        if (userID != null) {
-            final User user = dbIntegrityService.getUser(userID);
-            return new ObjectFactory().createUser(user);
-        } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The user with the given id is not found in the database");
+        final Number remoteUserID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
+        if (remoteUserID != null) {
+            dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
+            final Number userID = dbIntegrityService.getUserInternalIdentifier(UUID.fromString(ExternalIdentifier));
+            if (userID != null) {
+                final User user = dbIntegrityService.getUser(userID);
+                return new ObjectFactory().createUser(user);
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The user with the given id is not found in the database");
+                return null;
+            }
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
             return null;
         }
@@ -91 +98 @@
     @Transactional(readOnly = true)
     public JAXBElement<User> getUserByInfo(@QueryParam("email") String email) throws SQLException, IOException {
-        dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
-        final User user = dbIntegrityService.getUserByInfo(email);
-        if (user != null) {
-            return new ObjectFactory().createUser(user);
-        } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The user with the given info is not found in the database");
+        final Number remoteUserID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
+        if (remoteUserID != null) {
+            dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
+            final User user = dbIntegrityService.getUserByInfo(email);
+            if (user != null) {
+                return new ObjectFactory().createUser(user);
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The user with the given info is not found in the database");
+                return null;
+            }
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
             return null;
         }
@@ -106 +119 @@
     @Transactional(readOnly = true)
     public JAXBElement<CurrentUserInfo> getCurrentUserInfo(@PathParam("userid") String ExternalIdentifier) throws IOException {
-        dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
-        final Number userID = dbIntegrityService.getUserInternalIdentifier(UUID.fromString(ExternalIdentifier));
-        if (userID != null) {
-            final CurrentUserInfo userInfo = new CurrentUserInfo();
-            userInfo.setRef(dbIntegrityService.getUserURI(userID));
-            userInfo.setCurrentUser(ifLoggedIn(userID));
-            return new ObjectFactory().createCurrentUserInfo(userInfo);
-        } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The user with the given id is not found in the database");
+        final Number remoteUserID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
+        if (remoteUserID != null) {
+            dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
+            final Number userID = dbIntegrityService.getUserInternalIdentifier(UUID.fromString(ExternalIdentifier));
+            if (userID != null) {
+                final CurrentUserInfo userInfo = new CurrentUserInfo();
+                userInfo.setRef(dbIntegrityService.getUserURI(userID));
+                userInfo.setCurrentUser(ifLoggedIn(userID));
+                return new ObjectFactory().createCurrentUserInfo(userInfo);
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The user with the given id is not found in the database");
+                return null;
+            }
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
             return null;
         }
@@ -120 +139 @@
 
     @POST
-    @Consumes(MediaType.TEXT_XML)
-    @Produces(MediaType.TEXT_XML)
-    @Path("{remoteId: " + BackendConstants.regExpIdentifier + "}")
-    public JAXBElement<User> addUser(@PathParam("userid") String remoteId, User user) throws SQLException {
-        dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
-        final Number userID = dbIntegrityService.addUser(user, remoteId);
-        final User addedUser = dbIntegrityService.getUser(userID);
-        return new ObjectFactory().createUser(addedUser);
+    @Consumes(MediaType.APPLICATION_XML)
+    @Produces(MediaType.APPLICATION_XML)
+    @Path("{remoteId: " + BackendConstants.regExpRemoteId+ "}")
+    public JAXBElement<User> addUser(@PathParam("remoteId") String remoteId, User user) throws SQLException, IOException {
+        final Number remoteUserID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
+        if (remoteUserID != null) {
+            if (dbIntegrityService.userHasAdminRights(remoteUserID)) {
+                dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
+                final Number userID = dbIntegrityService.addUser(user, remoteId);
+                if (userID != null) {
+                final User addedUser = dbIntegrityService.getUser(userID);
+                return new ObjectFactory().createUser(addedUser);
+                }
+                else {
+                    httpServletResponse.sendError(HttpServletResponse.SC_CONFLICT, "The user with the given e-mail already exists in the database");
+                    return null;
+                }
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "The logged in user does not have admin rights to add a user to the database");
+                return null;
+            }
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
+            return null;
+        }
     }
 
     @PUT
-    @Consumes(MediaType.TEXT_XML)
-    @Produces(MediaType.TEXT_XML)
+    @Consumes(MediaType.APPLICATION_XML)
+    @Produces(MediaType.APPLICATION_XML)
     @Path("")
-    public JAXBElement<User> updateUser(User user) throws IOException{
-        dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
-        final Number userID = dbIntegrityService.updateUser(user);
-        if (userID != null) {
-            final User addedUser = dbIntegrityService.getUser(userID);
-            return new ObjectFactory().createUser(addedUser);
-        } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The user with the given id is not found in the database");
-            return null;
-        }
-    }
-
+    public JAXBElement<User> updateUser(User user) throws IOException {
+        final Number remoteUserID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
+        if (remoteUserID != null) {
+            if (dbIntegrityService.userHasAdminRights(remoteUserID)) {
+                dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
+                final Number userID = dbIntegrityService.updateUser(user);
+                if (userID != null) {
+                    final User addedUser = dbIntegrityService.getUser(userID);
+                    return new ObjectFactory().createUser(addedUser);
+                } else {
+                    httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The user with the given id is not found in the database");
+                    return null;
+                }
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "The logged in user does not have admin rights to update a user info in the database");
+                return null;
+            }
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
+            return null;
+        }
+    }
+
+    
+    
+    @DELETE
+    @Path("{userId: " + BackendConstants.regExpRemoteId + "}")
+    public String deleteUser(@PathParam("userId") String externalIdentifier) throws IOException {
+        final Number remoteUserID = dbIntegrityService.getUserInternalIDFromRemoteID(httpServletRequest.getRemoteUser());
+        if (remoteUserID != null) {
+            if (dbIntegrityService.userHasAdminRights(remoteUserID)) {
+                dbIntegrityService.setServiceURI(uriInfo.getBaseUri().toString());
+                final Number userID = dbIntegrityService.getUserInternalIdentifier(UUID.fromString(externalIdentifier));
+                if (userID != null) {
+                    final Integer result = dbIntegrityService.deleteUser(userID);
+                    return "There is "+ result.toString()+" row deleted";
+                } else {
+                    httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The user with the given id is not found in the database");
+                    return null;
+                }
+            } else {
+                httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "The logged in user does not have admin rights to update a user info in the database");
+                return null;
+            }
+        } else {
+            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "The logged in user is not found in the database");
+            return null;
+        }
+    }
+    }
+    
+    
+    
+    
     private boolean ifLoggedIn(Number userID) {
         return httpServletRequest.getRemoteUser().equals(dbIntegrityService.getUserRemoteID(userID));

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/webapp/WEB-INF/shhaa.xml

@@ -41 +41 @@
             <sso action="lI">https://lux16.mpi.nl/Shibboleth.sso/Login</sso> 
             <slo action="lO">https://lux16.mpi.nl/Shibboleth.sso/Logout</slo> 
-            <!-- <sso action="lI">http://localhost:8080/annotator-backend/api/index.jsp</sso> 
-            <slo action="lO">http://localhost:8080/annotator-backend/api/index.jsp</slo>  -->
         </authentication>
         
@@ -55 +53 @@
         
         <authorization>
-            <location  target="/hvwkejfhvwkehf/*" />
+            <!-- lux16, 17, corpus1 -->
+            <location  target="/*" />
+            <!-- localhost -->
+            <location  target="/dummy/*" />
         </authorization>
         

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/webapp/WEB-INF/web.xml

@@ -42 +42 @@
         </servlet-class>
         <init-param>
-            <param-name>
-                com.sun.jersey.config.property.packages
-            </param-name>
+            <param-name>com.sun.jersey.config.property.packages</param-name>
             <param-value>eu.dasish.annotation.backend</param-value>
         </init-param>
@@ -67 +65 @@
     </servlet-mapping>
     
-     <filter>
+    <!-- lux16, 17, corpus 1 (shibbolized) -->
+    <!-- <filter>
         <filter-name>AAIFilter</filter-name>
         <filter-class>de.mpg.aai.shhaa.AuthFilter</filter-class>
@@ -74 +73 @@
         <filter-name>AAIFilter</filter-name>
         <url-pattern>/*</url-pattern>
-    </filter-mapping>
+    </filter-mapping> -->
+    
+    
+    <!-- localhost auth experiments -->
+    
+    
+    <security-constraint>
+        <display-name>Backend localhost</display-name>
+        <web-resource-collection>
+            <web-resource-name> Backend rest service </web-resource-name>
+            <description />
+            <url-pattern>/*</url-pattern>
+            <http-method>GET</http-method>
+            <http-method>POST</http-method>
+            <http-method>PUT</http-method>
+            <http-method>DELETE</http-method>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>tomcat</role-name>
+        </auth-constraint>
+    </security-constraint>
+    <login-config>
+        <auth-method>BASIC</auth-method>
+    </login-config>
+    <security-role>
+        <description> The role that is required to log in to the Application
+        </description>
+        <role-name>tomcat</role-name>
+    </security-role>
+    
 </web-app>