1 11 12 package org.jivesoftware.messenger.auth; 13 14 import org.jivesoftware.database.DbConnectionManager; 15 import org.jivesoftware.util.Log; 16 17 import java.sql.Connection ; 18 import java.sql.PreparedStatement ; 19 import java.sql.ResultSet ; 20 import java.sql.SQLException ; 21 22 31 public class DefaultAuthProvider implements AuthProvider { 32 33 private static final String AUTHORIZE = 34 "SELECT username FROM jiveUser WHERE username=? AND password=?"; 35 private static final String SELECT_PASSWORD = 36 "SELECT password FROM jiveUser WHERE username=?"; 37 38 public void authenticate(String username, String password) throws UnauthorizedException { 39 if (username == null || password == null) { 40 throw new UnauthorizedException(); 41 } 42 username = username.trim().toLowerCase(); 43 Connection con = null; 44 PreparedStatement pstmt = null; 45 try { 46 con = DbConnectionManager.getConnection(); 47 pstmt = con.prepareStatement(AUTHORIZE); 48 pstmt.setString(1, username); 49 pstmt.setString(2, password); 50 ResultSet rs = pstmt.executeQuery(); 51 if (!rs.next()) { 54 throw new UnauthorizedException(); 55 } 56 rs.close(); 57 } 58 catch (SQLException e) { 59 Log.error("Exception in DbAuthProvider", e); 60 throw new UnauthorizedException(); 61 } 62 finally { 63 try { if (pstmt != null) pstmt.close(); } 64 catch (Exception e) { Log.error(e); } 65 try { if (con != null) con.close(); } 66 catch (Exception e) { Log.error(e); } 67 } 68 } 70 71 public void authenticate(String username, String token, String digest) throws UnauthorizedException { 72 if (username == null || token == null || digest == null) { 73 throw new UnauthorizedException(); 74 } 75 username = username.trim().toLowerCase(); 76 Connection con = null; 77 PreparedStatement pstmt = null; 78 try { 79 con = DbConnectionManager.getConnection(); 80 pstmt = con.prepareStatement(SELECT_PASSWORD); 81 pstmt.setString(1, username); 82 83 ResultSet rs = pstmt.executeQuery(); 84 85 if (!rs.next()) { 88 throw new UnauthorizedException(); 89 } 90 String pass = rs.getString(1); 91 String anticipatedDigest = AuthFactory.createDigest(token, pass); 92 if (!digest.equalsIgnoreCase(anticipatedDigest)) { 93 throw new UnauthorizedException(); 94 } 95 rs.close(); 96 } 97 catch (SQLException e) { 98 Log.error("Exception in DbAuthProvider", e); 99 throw new UnauthorizedException(); 100 } 101 finally { 102 try { if (pstmt != null) pstmt.close(); } 103 catch (Exception e) { Log.error(e); } 104 try { if (con != null) con.close(); } 105 catch (Exception e) { Log.error(e); } 106 } 107 } 109 110 public boolean isPlainSupported() { 111 return true; 112 } 113 114 public boolean isDigestSupported() { 115 return true; 116 } 117 } | Popular Tags |