LIBRARY-JAKARTA-EE-PROJECT

Jakarte ee, restful web services tasks for Fundamentals of Network Applications course in TUL.

Table of Contents

1. About the project
2. Built With
3. Roles and permissions
4. Additional feature description
5. Business rules
6. Endpoints
7. Todo
8. License

About The Project

This project was made for fundamentals of network application class in TUL. It provides CRUD operations for library API - rentable items (books and articles), rents and users. Given actions are based on user permissions (more information below). Authentication and authorization are build using JWT and Jakarta EE Security (IdentityStoreHandler/HttpAuthenticationMechanism). MySQL is used for data storage and test are built with Rest Assured library. Also TLS is utilized for secure communication.

(back to top)

Built With

• JDK 17
• Jakarta EE
• Hibernate
• MySQL
• Docker
• Payara Server
• Rest Assured
• Lombok

(back to top)

Roles and permissions

Client can

• register an account (need to provide name, login, password, address and client type)
• login to account
• change password
• make a rent with given rentable items
• get rentable items list (algo separately books and articles)

Manager (besides all client permissions) can:

• make crud operations for rentable items
• filter users by name or login
• end client rent

Admin (besides all client and manager permissions) can:

• make crud operations for all user types (manager and admin user types can only be added by admin - not register)
• activate / deactivate client account

(back to top)

Additional feature description

• There are three types of client:
  • university employee
  • student
  • outsider
• Different client types have individual:
  • limit for current rented items,
  • max rent duration and
  • penalty for overdue items

(back to top)

Business rules

• Rents can only be made for client (not managers nor admins)
• deactivated account cannot make rents
• login cannot be duplicated
• not available item cannot be rented
• already ended rent cannot be ended

(back to top)

Endpoints

Client register (managers and admins can only be added by admin)

POST https://localhost:8181/pas/api/auth/register
Content-Type: application/json

{
  "name": "John",
  "surname": "Doe",
  "login": "login123",
  "password": "password123",
  "clientType": "STUDNET",
  "address": {
    "street": "sampleStreet",
    "city": "sampleCity",
    "number": "52a"
  }
}

RESPONSE: HTTP 201 (Created)
{
  User created successfully
}

Login

POST https://localhost:8181/pas/api/auth/login
Content-Type: application/x-www-form-urlencoded

login=admin123&password=admin123

RESPONSE: HTTP 200
{
  eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.... rest of JWT
}

Add new book (only admin or manager)

POST https://localhost:8181/pas/api/rentable-item/book
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9... rest of admin JWT

{
    "serialNumber": "12312312312", 
    "author": "Homer", 
    "title": "Odyssey", 
    "publishingHouse": "Signum"
}

RESPONSE: HTTP 201 (Created)
{
    "author": "Homer",
    "available": true,
    "serialNumber": "12312312312",
    "title": "Odyssey",
    "publishingHouse": "Signum"
}

Get all rentable items

https://localhost:8181/pas/api/rentable-item
Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9... rest of JWT

[
    {
        "author": "Juliusz Słowacki",
        "available": false,
        "rentableItemId": 1,
        "serialNumber": "1111111111111",
        "title": "Balladyna",
        "publishingHouse": "PWN"
    },
    {
        "author": "J.R.R. Tolkien",
        "available": false,
        "rentableItemId": 2,
        "serialNumber": "2222222222222",
        "title": "Władca pierścieni",
        "publishingHouse": "Muza"
    },
    {
        "author": "J.K Rowling",
        "available": false,
        "rentableItemId": 3,
        "serialNumber": "3333333333333",
        "title": "Harry Potter i Zakon Feniksa",
        "publishingHouse": "Media"
    },
  other results...

Add new rent

POST https://localhost:8181/pas/api/rent
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.... rest of JWT

{
    "clientId": "3", 
    "rentableItemIds": [
        5
    ]
}

RESPONSE: HTTP 201 (Created)
{
    "clientId": 3,
    "rentableItemIds": [
        5
    ]
}

Of course there is also exception handling for unauthorized/unauthenticated/incorrect data, for example

Client try to get all users info

GET https://desktop-namfmud:8181/pas/api/user
Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.... rest of user JWT

RESPONSE: HTTP 200
{
  403 | Forbidden | Caller not in requested role
}

Missing field when adding new rentable item

POST https://localhost:8181/pas/api/rentable-item/book
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9... rest of admin JWT

{
    "serialNumber": "12312312312", 
    "author": "Homer", 
    "publishingHouse": "Signum"
}

RESPONSE: HTTP 400
{
  createBook.arg0.title: nie może być puste
}

Rentable item is rented

POST https://localhost:8181/pas/api/rent
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9... rest of JWT

{
    "clientId": "3", 
    "rentableItemIds": [
        1, 2
    ]
}

RESPONSE: HTTP 400
{
  400 | Bad Request | RentableItem is rented
}

(back to top)

Todo

• add refresh token
• add security constraints to current tests
• add swagger for documentation

(back to top)

License

Distributed under the MIT License. See LICENSE.txt for more information.

(back to top)