1 package dinamica.security; 2 3 import dinamica.*; 4 import javax.sql.DataSource ; 5 import java.sql.*; 6 import java.util.Date ; 7 import java.util.Calendar ; 8 9 27 public class Login extends GenericTransaction 28 { 29 30 33 public int service(Recordset inputParams) throws Throwable 34 { 35 36 int rc = 0; 38 39 super.service(inputParams); 41 42 getRequest().setAttribute("userlogin", inputParams.getString("userlogin")); 44 45 String jndiName = (String )getContext().getAttribute("dinamica.security.datasource"); 47 if (jndiName==null) 48 throw new Throwable ("Context attribute [dinamica.security.datasource] is null, check your security filter configuration."); 49 50 DataSource ds = Jndi.getDataSource(jndiName); 52 Connection conn = ds.getConnection(); 53 this.setConnection(conn); 54 55 try 56 { 57 Db db = getDb(); 59 60 String sqlLogin = getSQL(getResource("login.sql"), inputParams); 62 63 Recordset rs1 = db.get(sqlLogin); 65 66 if (rs1.getRecordCount()==0) 68 { 69 70 String maxRetries = getConfig().getConfigValue("login-max-retries"); 72 String sCounter = (String )getSession().getAttribute("dinamica.security.invalidlogins"); 73 if (sCounter==null) 74 { 75 sCounter = "1"; 76 } 77 else 78 { 79 int i = Integer.parseInt(sCounter); 80 i++; sCounter = String.valueOf(i); 81 int j = Integer.parseInt(maxRetries); 82 83 if (i > j) 85 { 86 String sql = getResource("disable.sql"); 87 sql = getSQL(sql,inputParams); 88 db.exec(sql); 89 } 90 } 91 92 getSession().setAttribute("dinamica.security.invalidlogins", sCounter); 93 94 rc = 1; 96 } 97 else 98 { 99 rs1.next(); 101 102 String sqlLog = getResource("insert-loginlog.sql"); 104 sqlLog = getSQL(sqlLog, rs1); 105 db.exec(sqlLog); 106 107 sqlLog = getResource("insert-session.sql"); 109 sqlLog = StringUtil.replace(sqlLog, "${jsessionid}", getSession().getId()); 110 sqlLog = getSQL(sqlLog, rs1); 111 db.exec(sqlLog); 112 113 114 if (rs1.getInt("enabled")==1) 115 { 116 117 int newpass = 0; 118 if (!rs1.isNull("force_newpass")) 119 newpass = rs1.getInt("force_newpass"); 120 121 if (newpass==1) 123 { 124 rc = 3; 125 } 126 else 127 { 128 String gpolicy = (String )getRequest().getAttribute("dinamica.security.passpolicy"); String sql1 = getSQL(getResource("check-passdate.sql"), rs1); 131 Recordset rsPass = db.get(sql1,1); 132 if (rsPass.getRecordCount()>0) 133 { 134 int policy = rs1.getInt("pwd_policy"); 136 if (policy==-2) 137 policy = Integer.parseInt(gpolicy); 138 139 if (policy!=-1) 141 { 142 rsPass.next(); 143 Date d = rsPass.getDate("last_change"); 144 if (expired(d, policy)) 145 rc = 3; 146 } 147 148 } 149 150 if (rc==0) 152 { 153 154 getUserPrefs(db, rs1); 156 157 String sqlRoles = getSQL(getResource("roles.sql"), rs1); 159 Recordset rs2 = db.get(sqlRoles); 160 161 String roles[] = new String [rs2.getRecordCount()]; 162 int i=0; 163 while (rs2.next()) 164 { 165 roles[i] = rs2.getString("rolename"); 166 i++; 167 } 168 169 DinamicaUser user = new DinamicaUser(inputParams.getString("userlogin"), roles); 171 172 getSession().setAttribute("dinamica.security.login", user); 174 175 getRequest().setAttribute("dinamica.security.uri", inputParams.getString("uri")); 177 } 178 } 179 } 180 else 181 { 182 rc = 4; 184 } 185 186 } 187 188 } 189 catch (Throwable e) 190 { 191 throw e; 192 } 193 finally 194 { 195 if (conn!=null) 196 conn.close(); 197 } 198 199 return rc; 200 201 } 202 203 209 private boolean expired(java.util.Date d, int days) 210 { 211 212 boolean b = false; 213 214 Calendar c1 = Calendar.getInstance(); 216 c1.setTime(d); 217 218 Calendar c2 = Calendar.getInstance(); 220 221 c1.add(Calendar.DATE, days); 223 224 if( c2.getTime().after( c1.getTime()) ) 226 b = true; 227 228 return b; 229 230 } 231 232 239 public void getUserPrefs(Db db, Recordset user) throws Throwable 240 { 241 242 int id = user.getInt("style_id"); 244 Recordset rs = null; 245 String sql = "select css_code from s_style where style_id = " + id; 246 rs = db.get(sql); 247 rs.next(); 248 String css = rs.getString("css_code"); 249 getSession().setAttribute("dinamica.user.stylesheet", css); 250 251 java.util.Locale l = new java.util.Locale (user.getString("locale")); 252 getSession().setAttribute("dinamica.user.locale", l); 253 254 } 255 256 } 257 | Popular Tags |