Initial commit

.gitignore

@@ -0,0 +1,161 @@
+######################
+# Project Specific
+######################
+/src/main/webapp/content/css/main.css
+/build/www/**
+/src/test/javascript/coverage/
+/src/test/javascript/PhantomJS*/
+keystore.jks
+keystore.p12
+/src/main/docker/etc/smtp.env
+######################
+# Patch files
+######################
+*.patch
+
+# don't ignore keystores in test folders
+!**/test/resources/**/keystore.*
+
+######################
+# Node
+######################
+/node/
+node_tmp/
+node_modules/
+npm-debug.log.*
+
+######################
+# SASS
+######################
+.sass-cache/
+
+######################
+# Eclipse
+######################
+*.pydevproject
+.project
+.metadata
+tmp/
+tmp/**/*
+*.tmp
+*.bak
+*.swp
+*~.nib
+local.properties
+.classpath
+.settings/
+.loadpath
+.factorypath
+/src/main/resources/rebel.xml
+
+# External tool builders
+.externalToolBuilders/**
+
+# Locally stored "Eclipse launch configurations"
+*.launch
+
+# CDT-specific
+.cproject
+
+# PDT-specific
+.buildpath
+
+######################
+# Intellij
+######################
+.idea/
+*.iml
+*.iws
+*.ipr
+*.ids
+*.orig
+out/
+
+######################
+# Visual Studio Code
+######################
+.vscode/
+
+######################
+# Maven
+######################
+/log/
+/target/
+
+######################
+# Gradle
+######################
+.gradle/
+/build/
+.gradletasknamecache
+
+######################
+# Package Files
+######################
+*.jar
+*.war
+*.ear
+*.db
+
+######################
+# Windows
+######################
+# Windows image file caches
+Thumbs.db
+
+# Folder config file
+Desktop.ini
+
+######################
+# Mac OSX
+######################
+.DS_Store
+.svn
+
+# Thumbnails
+._*
+
+# Files that might appear on external disk
+.Spotlight-V100
+.Trashes
+
+######################
+# Directories
+######################
+/bin/
+/deploy/
+.jhipster/
+
+######################
+# Logs
+######################
+*.log
+
+######################
+# Others
+######################
+*.class
+*.*~
+*~
+.merge_file*
+
+######################
+# Gradle Wrapper
+######################
+!gradle/wrapper/gradle-wrapper.jar
+
+######################
+# Maven Wrapper
+######################
+!.mvn/wrapper/maven-wrapper.jar
+
+######################
+# ESLint
+######################
+.eslintcache
+
+# output directory
+/out/
+
+# don't ignore jars in /libs
+!/libs/**/*.jar

.travis.yml

@@ -0,0 +1,33 @@
+language: java
+jdk:
+  - oraclejdk11
+sudo: false
+
+cache:
+  directories:
+    - $HOME/.gradle/caches/jars-1
+    - $HOME/.gradle/caches/jars-2
+    - $HOME/.gradle/caches/jars-3
+    - $HOME/.gradle/caches/modules-2/files-2.1/
+    - $HOME/.gradle/native
+    - $HOME/.gradle/wrapper
+
+deploy:
+  - provider: releases
+    api_key: ${GH_TOKEN}
+    file_glob: true
+    file:
+      - "*/build/libs/*.jar"
+    skip_cleanup: true
+    on:
+      tags: true
+  - provider: script
+    script: ./gradlew publish
+    skip_cleanup: true
+    on:
+      branch: dev
+  - provider: script
+    script: ./gradlew bintrayUpload
+    skip_cleanup: true
+    on:
+      tags: true

README.md

@@ -0,0 +1,65 @@
+# radar-auth-jersey
+
+Library to facilitate OAuth 2.0 integration with a Jersey-based REST API.
+
+# Usage
+
+Any path or resource that should be authenticated against the ManagementPortal, should be annotated with `@Authenticated`. Specific authorization can be checked by adding a `@NeedsPermission` annotation. An `Auth` object can be injected to get app-specific information. Examples:
+
+```kotlin
+@Path("/projects")
+@Authenticated
+class Users(@Context projectService: ProjectService) {
+
+    @GET
+    @NeedsPermission(PROJECT, READ)
+    fun getProjects(@Context auth: Auth): List<Project> {
+        return projectService.read()
+            .filter { auth.token.hasPermissionOnProject(PROJECT_READ, it.name) }
+    } 
+
+    @POST
+    @Path("/{projectId}")
+    @NeedsPermission(PROJECT, UPDATE, "projectId")
+    fun updateProject(@PathParam("projectId") projectId: String, project: Project) {
+        return projectService.update(projectId, project)
+    }
+
+    @GET
+    @Path("/{projectId}/users/{userId}")
+    @NeedsPermission(SUBJECT, READ, "projectId", "userId")
+    fun getUsers(@PathParam("projectId") projectId: String, @PathParam("userId") userId: String) {
+        return projectService.readUser(projectId, userId)
+    }
+}
+```
+
+These APIs can be activated by implementing the `ProjectService` that ensures that a project exists and by running, during ResourceConfig setup:
+```kotlin
+val authConfig = AuthConfig(
+        managementPortalUrl = "http://...",
+        jwtResourceName = "res_MyResource")
+
+val enhancers = listOf(
+    RadarJerseyResourceEnhancer(authConfig)
+    ManagementPortalResourceEnhancer())
+
+val resourceConfig = ResourceConfig()
+enhancers.forEach { resourceConfig.packages(*it.packages) }
+
+resourceConfig.register(object : AbstractBinder() {
+    override fun configure() {
+        bind(MyProjectService::class.java)
+                .to(ProjectService::class.java)
+                .`in`(Singleton::class.java)
+
+        enhancers.forEach { it.enhance(this) }
+    }
+})
+```
+
+## Error handling
+
+This package adds some error handling. Specifically, `org.radarbase.auth.jersey.exception.HttpApplicationException` can be used and extended to serve detailed error messages with customized logging and HTML templating. They can be thrown from any resource.
+
+To serve custom HTML error messages for error codes 400 to 599, add a Mustache template to the classpath in directory `org/radarbase/auth/jersey/exception/<code>.html`. You can use special cases `4xx.html` and `5xx.html` as a catch-all template. The templates can use variables `status` for the HTTP status code, `code` for short-hand code for the specific error, and an optional `detailedMessage` for a human-readable message.