|
1 package org.manentia.kasai.services;
2
3 import java.sql.*;
4 import java.util.ResourceBundle  ;
5
6 import org.apache.commons.dbcp.*;
7 import org.apache.commons.lang.RandomStringUtils;
8 import org.apache.commons.lang.StringUtils;
9 import org.apache.commons.lang.exception.ExceptionUtils;
10 import org.apache.commons.pool.impl.GenericObjectPool;
11 import org.manentia.kasai.exceptions.InvalidPasswordException;
12 import org.manentia.kasai.util.Constants;
13 import org.manentia.kasai.exceptions.ServiceException;
14
15 import com.koala.commons.log.Log;
16 import com.koala.commons.security.EncryptionUtil;
17
18
22 public class RDBMSAuthService implements AuthService {
23
24 private static Connection getConnection()
25 throws SQLException {
26 Connection con = null;
27
28 Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "getConnection",
29 "Enter", java.util.logging.Level.INFO);
30
31 try {
32 con = DriverManager.getConnection("jdbc:apache:commons:dbcp:lyptusAuth");
33 } catch (Exception e) {
34 Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "getConnection",
35 "I'll start the connection pool (" +
36 ExceptionUtils.getStackTrace(e) + ")",
37 java.util.logging.Level.INFO);
38
39 initPool();
40 con = DriverManager.getConnection("jdbc:apache:commons:dbcp:lyptusAuth");
41 }
42
43
44 Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "getConnection",
45 "Exit", java.util.logging.Level.INFO);
46
47 return con;
48 }
49
50 private static void initPool() {
51 try {
52 ResourceBundle res = ResourceBundle.getBundle(
53 Constants.PROPERTY_FILE);
54
55 Class.forName(res.getString("kasai.rdbms.driver"))
56 .newInstance();
57
58 GenericObjectPool connPool = new GenericObjectPool(null);
59 DriverManagerConnectionFactory connFactory = new DriverManagerConnectionFactory(res.getString(
60 "kasai.rdbms.url"),
61 res.getString("kasai.rdbms.user"),
62 res.getString("kasai.rdbms.password"));
63
64 PoolableConnectionFactory poolableConnFactory = new PoolableConnectionFactory(connFactory,
65 connPool, null,
66 null, false,
67 true);
68 PoolingDriver driver = new PoolingDriver();
69
70 driver.registerPool("lyptusAuth", connPool);
71 } catch (Exception e) {
72 Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "initPool",
73 "Something really bad happened while initializing db connection pool (" +
74 ExceptionUtils.getStackTrace(e) + ")",
75 java.util.logging.Level.SEVERE);
76 }
77 }
78
79 public int checkPassword(String userName, String password) throws ServiceException {
80 Connection con = null;
81 Statement stmt = null;
82 ResultSet rs = null;
83 int result = AUTH_BAD_USERNAME;
84
85 try {
86 ResourceBundle res = ResourceBundle.getBundle(
87 Constants.PROPERTY_FILE);
88 con = getConnection();
89
90 stmt = con.createStatement();
91 rs = stmt.executeQuery("SELECT " +
92 res.getString("kasai.rdbms.passwordField") + " FROM " + res.getString("kasai.rdbms.table") +
93 " WHERE " + res.getString("kasai.rdbms.usernameField") + "='" + org.apache.commons.lang.StringEscapeUtils.escapeSql(userName) + "'");
94
95 if (rs.next()){
96 String encriptedPassword = StringUtils.defaultString(rs.getString(1));
98 password = StringUtils.defaultString(password);
99
100 if (!res.getString("kasai.rdbms.passwordAlgorithm").equals("CLEARTEXT")){
101 password = EncryptionUtil.hash(password, res.getString("kasai.rdbms.passwordAlgorithm"));
102 }
103
104 if ((StringUtils.isEmpty(encriptedPassword) && StringUtils.isEmpty(password)) ||
105 encriptedPassword.equals(password)){
106 result = AUTH_OK;
107 } else {
108 result = AUTH_BAD_PASSWORD;
109 }
110 }
111
112 } catch (SQLException e){
113 Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "checkPassword",
114 "Can't retrieve password from database (" +
115 ExceptionUtils.getStackTrace(e) + ")",
116 java.util.logging.Level.SEVERE);
117
118 throw new ServiceException(e);
119 } catch (java.security.NoSuchAlgorithmException e){
120 Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "checkPassword",
121 "Invalid encryption algorithm (" +
122 ExceptionUtils.getStackTrace(e) + ")",
123 java.util.logging.Level.SEVERE);
124
125 throw new ServiceException(e);
126 } catch (Exception e){
127 Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "checkPassword",
128 "Unknow error (" +
129 ExceptionUtils.getStackTrace(e) + ")",
130 java.util.logging.Level.SEVERE);
131
132 throw new ServiceException(e);
133 }
134 finally {
135 try {rs.close();}catch(Exception e){}
136 try {stmt.close();}catch(Exception e){}
137 try {con.close();}catch(Exception e){}
138 }
139
140 return result;
141 }
142
143 public void changePassword(String userName, String oldPassword, String newPassword) throws ServiceException, InvalidPasswordException {
144
145 Connection con = null;
146 Statement stmt = null;
147 String sql = null;
148
149 try {
150 oldPassword = StringUtils.defaultString(oldPassword);
151 newPassword = StringUtils.defaultString(newPassword);
152
153 if (checkPassword(userName, oldPassword)!=AUTH_OK){
154 throw new InvalidPasswordException("Invalid password");
155 }
156
157 ResourceBundle res = ResourceBundle.getBundle(
158 Constants.PROPERTY_FILE);
159 con = getConnection();
160
161 stmt = con.createStatement();
162
163 if (res.getString("kasai.rdbms.passwordAlgorithm").equals("CLEARTEXT")){
164 sql = "UPDATE " + res.getString("kasai.rdbms.table") +
165 " SET " + res.getString("kasai.rdbms.passwordField") + "='" +
166 newPassword +
167 "' WHERE " + res.getString("kasai.rdbms.usernameField") + "='" + org.apache.commons.lang.StringEscapeUtils.escapeSql(userName) + "'";
168 } else {
169 sql = "UPDATE " + res.getString("kasai.rdbms.table") +
170 " SET " + res.getString("kasai.rdbms.passwordField") + "='" +
171 EncryptionUtil.hash(newPassword, res.getString("kasai.rdbms.passwordAlgorithm")) +
172 "' WHERE " + res.getString("kasai.rdbms.usernameField") + "='" + org.apache.commons.lang.StringEscapeUtils.escapeSql(userName) + "'";
173 }
174 stmt.executeUpdate(sql);
175
176 } catch (SQLException e){
177 Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "changePassword",
178 "Can't retrieve password from database (" +
179 ExceptionUtils.getStackTrace(e) + ")",
180 java.util.logging.Level.SEVERE);
181
182 throw new ServiceException(e);
183 } catch (java.security.NoSuchAlgorithmException e){
184 Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "changePassword",
185 "Invalid encryption algorithm (" +
186 ExceptionUtils.getStackTrace(e) + ")",
187 java.util.logging.Level.SEVERE);
188
189 throw new ServiceException(e);
190 }
191 finally {
192 try {stmt.close();}catch(Exception e){}
193 try {con.close();}catch(Exception e){}
194 }
195
196 }
197
198 public void setPassword(String userName, String password)
199 throws ServiceException, InvalidPasswordException {
200
201 Connection con = null;
202 Statement stmt = null;
203 String sql = null;
204
205 try {
206 password = StringUtils.defaultString(password);
208
209 ResourceBundle res = ResourceBundle.getBundle(
210 Constants.PROPERTY_FILE);
211 con = getConnection();
212
213 stmt = con.createStatement();
214
215 if (res.getString("kasai.rdbms.passwordAlgorithm").equals("CLEARTEXT")){
216 sql = "UPDATE " + res.getString("kasai.rdbms.table") +
217 " SET " + res.getString("kasai.rdbms.passwordField") + "='" +
218 password +
219 "' WHERE " + res.getString("kasai.rdbms.usernameField") + "='" + org.apache.commons.lang.StringEscapeUtils.escapeSql(userName) + "'";
220 } else {
221 sql = "UPDATE " + res.getString("kasai.rdbms.table") +
222 " SET " + res.getString("kasai.rdbms.passwordField") + "='" +
223 EncryptionUtil.hash(password, res.getString("kasai.rdbms.passwordAlgorithm")) +
224 "' WHERE " + res.getString("kasai.rdbms.usernameField") + "='" + org.apache.commons.lang.StringEscapeUtils.escapeSql(userName) + "'";
225 }
226 stmt.executeUpdate(sql);
227
228 } catch (SQLException e){
229 Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "setPassword",
230 "Can't retrieve password from database (" +
231 ExceptionUtils.getStackTrace(e) + ")",
232 java.util.logging.Level.SEVERE);
233
234 throw new ServiceException(e);
235 } catch (java.security.NoSuchAlgorithmException e){
236 Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "setPassword",
237 "Invalid encryption algorithm (" +
238 ExceptionUtils.getStackTrace(e) + ")",
239 java.util.logging.Level.SEVERE);
240
241 throw new ServiceException(e);
242 }
243 finally {
244 try {stmt.close();}catch(Exception e){}
245 try {con.close();}catch(Exception e){}
246 }
247
248 }
249
250 public String resetPassword(String userName) throws ServiceException {
251
252 Connection con = null;
253 Statement stmt = null;
254 String password = null;
255 String sql = null;
256
257 try {
258 ResourceBundle res = ResourceBundle.getBundle(
259 Constants.PROPERTY_FILE);
260 con = getConnection();
261
262 password = RandomStringUtils.randomAlphanumeric(Integer.parseInt(res.getString("kasai.rdbms.randomPassword.length")));
263 stmt = con.createStatement();
264
265 if (res.getString("kasai.rdbms.passwordAlgorithm").equals("CLEARTEXT")){
266 sql = "UPDATE " + res.getString("kasai.rdbms.table") +
267 " SET " + res.getString("kasai.rdbms.passwordField") + "='" +
268 password +
269 "' WHERE " + res.getString("kasai.rdbms.usernameField") + "='" + org.apache.commons.lang.StringEscapeUtils.escapeSql(userName) + "'";
270 } else {
271 sql = "UPDATE " + res.getString("kasai.rdbms.table") +
272 " SET " + res.getString("kasai.rdbms.passwordField") + "='" +
273 EncryptionUtil.hash(password, res.getString("kasai.rdbms.passwordAlgorithm")) +
274 "' WHERE " + res.getString("kasai.rdbms.usernameField") + "='" + org.apache.commons.lang.StringEscapeUtils.escapeSql(userName) + "'";
275 }
276
277 stmt.executeUpdate(sql);
278
279 } catch (SQLException e){
280 Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "resetPassword",
281 "Can't retrieve password from database (" +
282 ExceptionUtils.getStackTrace(e) + ")",
283 java.util.logging.Level.SEVERE);
284
285 throw new ServiceException(e);
286 } catch (java.security.NoSuchAlgorithmException e){
287 Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "resetPassword",
288 "Invalid encryption algorithm (" +
289 ExceptionUtils.getStackTrace(e) + ")",
290 java.util.logging.Level.SEVERE);
291
292 throw new ServiceException(e);
293 }
294 finally {
295 try {stmt.close();}catch(Exception e){}
296 try {con.close();}catch(Exception e){}
297 }
298
299 return password;
300 }
301 }
302
|
Popular Tags
|
Java API By Example, From Geeks To Geeks.