Jakarte ee, restful web services tasks for Fundamentals of Network Applications course in TUL.
Table of Contents
This project was made for fundamentals of network application class in TUL. It provides CRUD operations for library API - rentable items (books and articles), rents and users. Given actions are based on user permissions (more information below). Authentication and authorization are build using JWT and Jakarta EE Security (IdentityStoreHandler/HttpAuthenticationMechanism). MySQL is used for data storage and test are built with Rest Assured library. Also TLS is utilized for secure communication.
- register an account (need to provide name, login, password, address and client type)
- login to account
- change password
- make a rent with given rentable items
- get rentable items list (algo separately books and articles)
- make crud operations for rentable items
- filter users by name or login
- end client rent
- make crud operations for all user types (manager and admin user types can only be added by admin - not register)
- activate / deactivate client account
- There are three types of client:
- university employee
- student
- outsider
- Different client types have individual:
- limit for current rented items,
- max rent duration and
- penalty for overdue items
- Rents can only be made for client (not managers nor admins)
- deactivated account cannot make rents
- login cannot be duplicated
- not available item cannot be rented
- already ended rent cannot be ended
POST https://localhost:8181/pas/api/auth/register
Content-Type: application/json
{
"name": "John",
"surname": "Doe",
"login": "login123",
"password": "password123",
"clientType": "STUDNET",
"address": {
"street": "sampleStreet",
"city": "sampleCity",
"number": "52a"
}
}
RESPONSE: HTTP 201 (Created)
{
User created successfully
}
POST https://localhost:8181/pas/api/auth/login
Content-Type: application/x-www-form-urlencoded
login=admin123&password=admin123
RESPONSE: HTTP 200
{
eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.... rest of JWT
}
POST https://localhost:8181/pas/api/rentable-item/book
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9... rest of admin JWT
{
"serialNumber": "12312312312",
"author": "Homer",
"title": "Odyssey",
"publishingHouse": "Signum"
}
RESPONSE: HTTP 201 (Created)
{
"author": "Homer",
"available": true,
"serialNumber": "12312312312",
"title": "Odyssey",
"publishingHouse": "Signum"
}
https://localhost:8181/pas/api/rentable-item
Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9... rest of JWT
[
{
"author": "Juliusz Słowacki",
"available": false,
"rentableItemId": 1,
"serialNumber": "1111111111111",
"title": "Balladyna",
"publishingHouse": "PWN"
},
{
"author": "J.R.R. Tolkien",
"available": false,
"rentableItemId": 2,
"serialNumber": "2222222222222",
"title": "Władca pierścieni",
"publishingHouse": "Muza"
},
{
"author": "J.K Rowling",
"available": false,
"rentableItemId": 3,
"serialNumber": "3333333333333",
"title": "Harry Potter i Zakon Feniksa",
"publishingHouse": "Media"
},
other results...
POST https://localhost:8181/pas/api/rent
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.... rest of JWT
{
"clientId": "3",
"rentableItemIds": [
5
]
}
RESPONSE: HTTP 201 (Created)
{
"clientId": 3,
"rentableItemIds": [
5
]
}
Of course there is also exception handling for unauthorized/unauthenticated/incorrect data, for example
GET https://desktop-namfmud:8181/pas/api/user
Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.... rest of user JWT
RESPONSE: HTTP 200
{
403 | Forbidden | Caller not in requested role
}
POST https://localhost:8181/pas/api/rentable-item/book
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9... rest of admin JWT
{
"serialNumber": "12312312312",
"author": "Homer",
"publishingHouse": "Signum"
}
RESPONSE: HTTP 400
{
createBook.arg0.title: nie może być puste
}
POST https://localhost:8181/pas/api/rent
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9... rest of JWT
{
"clientId": "3",
"rentableItemIds": [
1, 2
]
}
RESPONSE: HTTP 400
{
400 | Bad Request | RentableItem is rented
}
- add refresh token
- add security constraints to current tests
- add swagger for documentation
Distributed under the MIT License. See LICENSE.txt
for more information.