DbAuthorizationFactory


1   /**
2    * Copyright (C) 2001 Yasna.com. All rights reserved.
3    *
4    * ===================================================================
5    * The Apache Software License, Version 1.1
6    *
7    * Redistribution and use in source and binary forms, with or without
8    * modification, are permitted provided that the following conditions
9    * are met:
10   *
11   * 1. Redistributions of source code must retain the above copyright
12   *    notice, this list of conditions and the following disclaimer.
13   *
14   * 2. Redistributions in binary form must reproduce the above copyright
15   *    notice, this list of conditions and the following disclaimer in
16   *    the documentation and/or other materials provided with the
17   *    distribution.
18   *
19   * 3. The end-user documentation included with the redistribution,
20   *    if any, must include the following acknowledgment:
21   *       "This product includes software developed by
22   *        Yasna.com (http://www.yasna.com)."
23   *    Alternately, this acknowledgment may appear in the software itself,
24   *    if and wherever such third-party acknowledgments normally appear.
25   *
26   * 4. The names "Yazd" and "Yasna.com" must not be used to
27   *    endorse or promote products derived from this software without
28   *    prior written permission. For written permission, please
29   *    contact yazd@yasna.com.
30   *
31   * 5. Products derived from this software may not be called "Yazd",
32   *    nor may "Yazd" appear in their name, without prior written
33   *    permission of Yasna.com.
34   *
35   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
36   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38   * DISCLAIMED.  IN NO EVENT SHALL YASNA.COM OR
39   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
42   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
45   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
46   * SUCH DAMAGE.
47   * ====================================================================
48   *
49   * This software consists of voluntary contributions made by many
50   * individuals on behalf of Yasna.com. For more information
51   * on Yasna.com, please see <http://www.yasna.com>.
52   */
53  
54  /**
55   * Copyright (C) 2000 CoolServlets.com. All rights reserved.
56   *
57   * ===================================================================
58   * The Apache Software License, Version 1.1
59   *
60   * Redistribution and use in source and binary forms, with or without
61   * modification, are permitted provided that the following conditions
62   * are met:
63   *
64   * 1. Redistributions of source code must retain the above copyright
65   *    notice, this list of conditions and the following disclaimer.
66   *
67   * 2. Redistributions in binary form must reproduce the above copyright
68   *    notice, this list of conditions and the following disclaimer in
69   *    the documentation and/or other materials provided with the
70   *    distribution.
71   *
72   * 3. The end-user documentation included with the redistribution,
73   *    if any, must include the following acknowledgment:
74   *       "This product includes software developed by
75   *        CoolServlets.com (http://www.coolservlets.com)."
76   *    Alternately, this acknowledgment may appear in the software itself,
77   *    if and wherever such third-party acknowledgments normally appear.
78   *
79   * 4. The names "Jive" and "CoolServlets.com" must not be used to
80   *    endorse or promote products derived from this software without
81   *    prior written permission. For written permission, please
82   *    contact webmaster@coolservlets.com.
83   *
84   * 5. Products derived from this software may not be called "Jive",
85   *    nor may "Jive" appear in their name, without prior written
86   *    permission of CoolServlets.com.
87   *
88   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
89   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
90   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
91   * DISCLAIMED.  IN NO EVENT SHALL COOLSERVLETS.COM OR
92   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
93   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
94   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
95   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
96   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
97   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
98   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
99   * SUCH DAMAGE.
100  * ====================================================================
101  *
102  * This software consists of voluntary contributions made by many
103  * individuals on behalf of CoolServlets.com. For more information
104  * on CoolServlets.com, please see <http://www.coolservlets.com>.
105  */
106 
107 package com.Yasna.forum.database;
108 
109 import com.Yasna.forum.Authorization;
110 import com.Yasna.forum.AuthorizationFactory;
111 import com.Yasna.forum.UnauthorizedException;
112 import com.Yasna.forum.Exceptions.UserNotActivatedException;
113 import com.Yasna.util.StringUtils;
114 
115 import java.sql.*;
116 import java.util.Calendar  ;
117 
118 /**
119  * A subclass of AuthorizationFactory for the default Yazd implementation. It makes an
120  * SQL query to the Yazd user table to see if the supplied username and password
121  * match a user record. If they do, the appropaite Authorization token is
122  * returned. If no matching User record is found an UnauthorizedException is
123  * thrown.<p>
124  *
125  * Because each call to createAuthorization(String, String) makes a database
126  * connection, Authorization tokens should be cached whenever possible. When
127  * using a servlet or JSP skins, a good method is to cache the token in the
128  * session. The SkinUtils.getUserAuthorization() methods automatically handles
129  * this logic.<p>
130  *
131  * If you wish to integrate Yazd with your own user system, you'll need to
132  * either modify the class or provide your own implementation of the
133  * AuthorizationFactory interface.
134  */
135 public class DbAuthorizationFactory extends AuthorizationFactory {
136 
137     /** DATABASE QUERIES **/
138     private static final String   AUTHORIZE =
139         "SELECT "+SystemProperty.getProperty("User.Column.UserID")+" FROM "+
140     SystemProperty.getProperty("User.Table")
141         +" WHERE "+SystemProperty.getProperty("User.Column.Username")
142     +"=? AND "+SystemProperty.getProperty("User.Column.PasswordHash")+"=?";
143     private static final String   CHECKLOGIN="select * from yazdUserProp where userID=? and name=?";
144     private static final String   INSERTLOGIN="insert into yazdUserProp(userID,name,propValue) values (?,?,?)";
145     private static final String   UPDATELOGIN =
146         "update yazdUserProp set propValue=? WHERE userID=? and name=?";
147 
148     /**
149      * The same token can be used for all anonymous users, so cache it.
150      */
151     private static final Authorization anonymousAuth = new DbAuthorization(-1);
152 
153     /**
154      * Creates Authorization tokens for users. This method is implemented by
155      * concrete subclasses of AuthorizationFactory.
156      *
157      * @param username the username to create an Authorization with.
158      * @param password the password to create an Authorization with.
159      * @return an Authorization token if the username and password are correct.
160      * @throws UnauthorizedException if the username and password do not match
161      *      any existing user.
162      */
163     public Authorization createAuthorization(String   username, String   password)
164             throws UnauthorizedException
165     {
166         if (username == null || password == null) {
167             throw new UnauthorizedException();
168         }
169         //Yazd stores all passwords in hashed form. So, hash the plain text
170         //password for comparison.
171         password = StringUtils.hash(password);
172         int userID = 0;
173         Connection con = null;
174         PreparedStatement pstmt = null;
175         try {
176             con = DbConnectionManager.getConnection();
177             pstmt = con.prepareStatement(AUTHORIZE);
178             pstmt.setString(1, username);
179             pstmt.setString(2, password);
180 
181             ResultSet rs = pstmt.executeQuery();
182             //If the query had no results, the username and password
183             //did not match a user record. Therefore, throw an exception.
184             if (!rs.next()) {
185                 throw new UnauthorizedException();
186             }
187             userID = rs.getInt(1);
188 
189         pstmt = con.prepareStatement(CHECKLOGIN);
190         pstmt.setInt(1,userID);
191         pstmt.setString(2,"notactive");
192         rs = pstmt.executeQuery();
193         if(rs.next()){
194             //This account is not activated yet and can not be authorized to login.
195              throw new UserNotActivatedException("User not yet activated");
196         }
197         //pstmt.setInt(1,userID);
198         pstmt.setString(2,"lastlogin");
199             rs = pstmt.executeQuery();
200             //If the query had no results, insert the lastlogin into properties
201             if (!rs.next()) {
202                pstmt = con.prepareStatement(INSERTLOGIN);
203                pstmt.setInt(1,userID);
204                pstmt.setString(2,"lastlogin");
205                pstmt.setString(3,Long.toString(Calendar.getInstance().getTimeInMillis()));
206                pstmt.executeUpdate();
207             }else{
208                pstmt = con.prepareStatement(UPDATELOGIN);
209                pstmt.setString(1,Long.toString(Calendar.getInstance().getTimeInMillis()));
210                pstmt.setInt(2,userID);
211                pstmt.setString(3,"lastlogin");
212                pstmt.executeUpdate();
213         }
214 
215         }
216         catch( SQLException sqle ) {
217             System.err.println("Exception in DbAuthorizationFactory:" + sqle);
218             sqle.printStackTrace();
219             throw new UnauthorizedException();
220         }
221         finally {
222             try {  pstmt.close(); }
223             catch (Exception   e) { e.printStackTrace(); }
224             try {  con.close();   }
225             catch (Exception   e) { e.printStackTrace(); }
226         }
227         //Got this far, so the user must be authorized.
228         return new DbAuthorization(userID);
229     }
230 
231     /**
232      * Creates anonymous Authorization tokens.
233      *
234      * @return an anonymous Authorization token.
235      */
236     public Authorization createAnonymousAuthorization() {
237         return anonymousAuth;
238     }
239 }
240
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags