-
Notifications
You must be signed in to change notification settings - Fork 0
/
READ.ME
101 lines (91 loc) · 4.23 KB
/
READ.ME
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
This is a Spring web application. You can compile this to a war file and deploy to your favorite web server. When I
deployed to Tomcat9, all I had to do was add "Kenzan.war" to tomcats webapps directory. I also had to put kenzen.properties
into the Tomcat 9's "/lib" directory.
The API's are:
POST rest/login
The body needs to have a JSON structure:
{
username: <username>
password: <password>
}
It returns a JSON structure in the body:
{
error: <some string> or null
errorcode: An error code from the ErrorNumber enum. One would hope we get an 'ErrorNumber.NONE'
jwt: <a JSON web token> or null
}
GET rest/get_all
No body required. However, a header of "Authorization: <jwt token>" is required
A JSON object is returned, which is an array of employee structures
? empty database ?
? invalid token ?
GET rest/get_emp?id={#}
No body required. However, a header of "Authorization: <jwt token>" is required
(which of course means they don't need any special authority, but the need to
exit in the database with a valid password.)
A JSON object is returned in the body, which is a single employee record
? no record ?
? invalid token ?
POST rest/add_emp
POST rest/update_emp
A header of "Authorization: <jwt token>" is required, and the user is required
to have ROLE_ADD_EMP or ROLE_UPD_EMP, depending upon the operation.
The entire Employee record as a JSON object in the body:
{
"id": "5",
"firstName": "John",
"lastName": "Doe",
"dateOfBirth": "1990-12-25",
"dateOfEmployment": "2000-01-01",
"bStatus": "ACTIVE", (or "INACTIVE")
"username": "kenzanadu"
}
Obviously if it's an add, don't bother setting the id. It won't be carried over.
Both APIs will return a JSON object in the body:
{
error: <some string> or null
errorcode: ErrorNumber.NONE or the error
id: <id of the inserted/updated record, 0 for an error>
}
GET rest/delete_emp?id={#}
A header of "Authorization: <jwt token>" is required and the user is required
to have ROLE_DELETE_EMP
No body is required
It returns a JSON object in the body:
{
error: <some string> or null
errorcode: ErrorNumber.NONE or an error code
id: <id of the deleted record, 0 for an error>
}
POST rest/set_password
A header of "Authorization: <jwt token>" is required. If the username in the body of the request
does not match the username in the JWT, then the user is required to have ROLE_SET_PASSWORD. In
english, this means that if the user is not setting their own password, they need to have special
permissions.
The passed structure:
{
username: <username to set the password for>
password: <the new password>
}
It returns a JSON object in the body:
{
error: <some string> or null
errorcode: ErrorNumber.NONE or an error code
id: 0
}
Once you have the server up and running, you can run "TestRest.java" as a JUnit test and it should pass.
I have far better unit tests written in node.js now, but I don't have them available for general use yet.
initial.sql contains the database initialization. Obviously you don't have to insert all of the users,
but if you are going to run the uni tests on the application, they are required. In fact, if you are going
to run the unit tests, you MUST drop and recreate and add the users.
Internally, the java code requires "ROLE_ADD_EMP", "ROLE_UPDATE_EMP", "ROLE_DELETE_EMP", and "ROLE_SET_PASSWORD"
in order for users to be able to perform the operations. Just existing in the database is enough for the "login" and both "get" APIs.
If a user is not assigned to one or more of those roles in the database, he or she will not be able to execute any of the other APIs.
The properties file: It's named "kenzan.properties", and requires the following properties:
kenzan.jwt.signing.key=<A random string of data for signing the JSON web token>
kenzan.jwt.issuer=<The issuer field of the JWT>
kenzan.jwt.expiration.minutes=<The number of minutes before the token expires>
datasource.driver.class.name=<The database driver for hibernate>
datasource.url=<The database url for hibernate>
datasource.username=<The username for the database>
datasource.password=<And the password for the database> // The code should be changed to get this information from a password server