KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > dinamica > security > Login


1 package dinamica.security;
2
3 import dinamica.*;
4 import javax.sql.DataSource JavaDoc;
5 import java.sql.*;
6 import java.util.Date JavaDoc;
7 import java.util.Calendar JavaDoc;
8
9 /**
10  * Execute the login and return an exit code:<br><br>
11  * 0 - OK<br>
12  * 1 - LOGIN FAILED<br>
13  * 3 - FORCE NEW PASSWORD<br>
14  * 4 - ACCOUNT LOCKED<br>
15  * <br><br>
16  * This Transaction provides the default login mechanism
17  * against a database based realm, according to the Dinamica
18  * security model database (s_user table).
19  * <br><br>
20  * The request must contain the parameters userlogin and passwd
21  * <br><br>
22  * (c) 2004 Martin Cordova<br>
23  * This code is released under the LGPL license<br>
24  * Dinamica Framework - http://www.martincordova.com
25  * @author Martin Cordova (dinamica@martincordova.com)
26  * */
27 public class Login extends GenericTransaction
28 {
29
30     /* (non-Javadoc)
31      * @see dinamica.GenericTransaction#service(dinamica.Recordset)
32      */
33     public int service(Recordset inputParams) throws Throwable JavaDoc
34     {
35         
36         //default return code (login OK)
37 int rc = 0;
38         
39         //reuse superclass code
40 super.service(inputParams);
41         
42         //set request attributes in case of forward to another Action
43 getRequest().setAttribute("userlogin", inputParams.getString("userlogin"));
44         
45         //get security datasource
46 String JavaDoc jndiName = (String JavaDoc)getContext().getAttribute("dinamica.security.datasource");
47         if (jndiName==null)
48             throw new Throwable JavaDoc("Context attribute [dinamica.security.datasource] is null, check your security filter configuration.");
49         
50         //get datasource and DB connection
51 DataSource JavaDoc ds = Jndi.getDataSource(jndiName);
52         Connection conn = ds.getConnection();
53         this.setConnection(conn);
54
55         try
56         {
57             //get db channel
58 Db db = getDb();
59             
60             //get sql for login
61 String JavaDoc sqlLogin = getSQL(getResource("login.sql"), inputParams);
62             
63             //get user
64 Recordset rs1 = db.get(sqlLogin);
65             
66             //check result?
67 if (rs1.getRecordCount()==0)
68             {
69
70                 //get invalid password policy
71 String JavaDoc maxRetries = getConfig().getConfigValue("login-max-retries");
72                 String JavaDoc sCounter = (String JavaDoc)getSession().getAttribute("dinamica.security.invalidlogins");
73                 if (sCounter==null)
74                 {
75                     sCounter = "1";
76                 }
77                 else
78                 {
79                     int i = Integer.parseInt(sCounter);
80                     i++; sCounter = String.valueOf(i);
81                     int j = Integer.parseInt(maxRetries);
82     
83                     //disable account?
84 if (i > j)
85                     {
86                         String JavaDoc sql = getResource("disable.sql");
87                         sql = getSQL(sql,inputParams);
88                         db.exec(sql);
89                     }
90                 }
91
92                 getSession().setAttribute("dinamica.security.invalidlogins", sCounter);
93
94                 //failed
95 rc = 1;
96             }
97             else
98             {
99                 //login ready - check password expiration
100 rs1.next();
101                 
102                 //save login history record
103 String JavaDoc sqlLog = getResource("insert-loginlog.sql");
104                 sqlLog = getSQL(sqlLog, rs1);
105                 db.exec(sqlLog);
106                 
107                 //save session record
108 sqlLog = getResource("insert-session.sql");
109                 sqlLog = StringUtil.replace(sqlLog, "${jsessionid}", getSession().getId());
110                 sqlLog = getSQL(sqlLog, rs1);
111                 db.exec(sqlLog);
112                 
113                 
114                 if (rs1.getInt("enabled")==1)
115                 {
116                     
117                     int newpass = 0;
118                     if (!rs1.isNull("force_newpass"))
119                         newpass = rs1.getInt("force_newpass");
120                     
121                     //force password change?
122 if (newpass==1)
123                     {
124                         rc = 3;
125                     }
126                     else
127                     {
128                         //check if password has expired
129 String JavaDoc gpolicy = (String JavaDoc)getRequest().getAttribute("dinamica.security.passpolicy"); //get default policy
130 String JavaDoc sql1 = getSQL(getResource("check-passdate.sql"), rs1);
131                         Recordset rsPass = db.get(sql1,1);
132                         if (rsPass.getRecordCount()>0)
133                         {
134                             //use default or specific password expiration policy?
135 int policy = rs1.getInt("pwd_policy");
136                             if (policy==-2)
137                                 policy = Integer.parseInt(gpolicy);
138                             
139                             //password never expires?
140 if (policy!=-1)
141                             {
142                                 rsPass.next();
143                                 Date JavaDoc d = rsPass.getDate("last_change");
144                                 if (expired(d, policy))
145                                     rc = 3;
146                             }
147                                 
148                         }
149                         
150                         //login OK
151 if (rc==0)
152                         {
153                             
154                             //get user preferences
155 getUserPrefs(db, rs1);
156                             
157                             //get user roles
158 String JavaDoc sqlRoles = getSQL(getResource("roles.sql"), rs1);
159                             Recordset rs2 = db.get(sqlRoles);
160
161                             String JavaDoc roles[] = new String JavaDoc [rs2.getRecordCount()];
162                             int i=0;
163                             while (rs2.next())
164                             {
165                                 roles[i] = rs2.getString("rolename");
166                                 i++;
167                             }
168                 
169                             //create user object
170 DinamicaUser user = new DinamicaUser(inputParams.getString("userlogin"), roles);
171                 
172                             //store user object into session attribute
173 getSession().setAttribute("dinamica.security.login", user);
174                 
175                             //set redirect URL
176 getRequest().setAttribute("dinamica.security.uri", inputParams.getString("uri"));
177                         }
178                     }
179                 }
180                 else
181                 {
182                     //account locked or disabled
183 rc = 4;
184                 }
185
186             }
187             
188         }
189         catch (Throwable JavaDoc e)
190         {
191             throw e;
192         }
193         finally
194         {
195             if (conn!=null)
196                 conn.close();
197         }
198
199         return rc;
200         
201     }
202
203     /**
204      * Determines if a password has expired
205      * @param d Date of password creation
206      * @param days Days after which the password expires
207      * @return
208      */
209     private boolean expired(java.util.Date JavaDoc d, int days)
210     {
211         
212         boolean b = false;
213         
214         //set password creation date
215 Calendar JavaDoc c1 = Calendar.getInstance();
216         c1.setTime(d);
217         
218         //get today
219 Calendar JavaDoc c2 = Calendar.getInstance();
220         
221         //add N days to password
222 c1.add(Calendar.DATE, days);
223         
224         //check if today is after expiration date
225 if( c2.getTime().after( c1.getTime()) )
226             b = true;
227             
228         return b;
229
230     }
231
232     /**
233      * Set session attributes containing user preferences
234      * like Locale and Stylesheet
235      * @param db Db channel
236      * @param user Recordset with user info after successful login
237      * @throws Throwable
238      */
239     public void getUserPrefs(Db db, Recordset user) throws Throwable JavaDoc
240     {
241         
242         //get user stylesheet if any
243 int id = user.getInt("style_id");
244         Recordset rs = null;
245         String JavaDoc sql = "select css_code from s_style where style_id = " + id;
246         rs = db.get(sql);
247         rs.next();
248         String JavaDoc css = rs.getString("css_code");
249         getSession().setAttribute("dinamica.user.stylesheet", css);
250         
251         java.util.Locale JavaDoc l = new java.util.Locale JavaDoc(user.getString("locale"));
252         getSession().setAttribute("dinamica.user.locale", l);
253         
254     }
255
256 }
257
Popular Tags