KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > manentia > kasai > services > RDBMSAuthService


1 package org.manentia.kasai.services;
2
3 import java.sql.*;
4 import java.util.ResourceBundle JavaDoc;
5
6 import org.apache.commons.dbcp.*;
7 import org.apache.commons.lang.RandomStringUtils;
8 import org.apache.commons.lang.StringUtils;
9 import org.apache.commons.lang.exception.ExceptionUtils;
10 import org.apache.commons.pool.impl.GenericObjectPool;
11 import org.manentia.kasai.exceptions.InvalidPasswordException;
12 import org.manentia.kasai.util.Constants;
13 import org.manentia.kasai.exceptions.ServiceException;
14
15 import com.koala.commons.log.Log;
16 import com.koala.commons.security.EncryptionUtil;
17
18 /**
19  *
20  * @author rzuasti
21  */

22 public class RDBMSAuthService implements AuthService {
23
24     private static Connection getConnection()
25         throws SQLException {
26         Connection con = null;
27
28         Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "getConnection",
29             "Enter", java.util.logging.Level.INFO);
30
31         try {
32             con = DriverManager.getConnection("jdbc:apache:commons:dbcp:lyptusAuth");
33         } catch (Exception JavaDoc e) {
34             Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "getConnection",
35                 "I'll start the connection pool (" +
36                 ExceptionUtils.getStackTrace(e) + ")",
37                 java.util.logging.Level.INFO);
38
39             initPool();
40             con = DriverManager.getConnection("jdbc:apache:commons:dbcp:lyptusAuth");
41         }
42                 
43
44         Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "getConnection",
45             "Exit", java.util.logging.Level.INFO);
46
47         return con;
48     }
49
50     private static void initPool() {
51         try {
52             ResourceBundle JavaDoc res = ResourceBundle.getBundle(
53                     Constants.PROPERTY_FILE);
54
55             Class.forName(res.getString("kasai.rdbms.driver"))
56                  .newInstance();
57                  
58             GenericObjectPool connPool = new GenericObjectPool(null);
59             DriverManagerConnectionFactory connFactory = new DriverManagerConnectionFactory(res.getString(
60                         "kasai.rdbms.url"),
61                     res.getString("kasai.rdbms.user"),
62                     res.getString("kasai.rdbms.password"));
63
64             PoolableConnectionFactory poolableConnFactory = new PoolableConnectionFactory(connFactory,
65                     connPool, null,
66                     null, false,
67                     true);
68             PoolingDriver driver = new PoolingDriver();
69
70             driver.registerPool("lyptusAuth", connPool);
71         } catch (Exception JavaDoc e) {
72             Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "initPool",
73                 "Something really bad happened while initializing db connection pool (" +
74                 ExceptionUtils.getStackTrace(e) + ")",
75                 java.util.logging.Level.SEVERE);
76         }
77     }
78     
79     public int checkPassword(String JavaDoc userName, String JavaDoc password) throws ServiceException {
80         Connection con = null;
81         Statement stmt = null;
82         ResultSet rs = null;
83         int result = AUTH_BAD_USERNAME;
84         
85         try {
86             ResourceBundle JavaDoc res = ResourceBundle.getBundle(
87                     Constants.PROPERTY_FILE);
88             con = getConnection();
89             
90             stmt = con.createStatement();
91             rs = stmt.executeQuery("SELECT " +
92                 res.getString("kasai.rdbms.passwordField") + " FROM " + res.getString("kasai.rdbms.table") +
93                 " WHERE " + res.getString("kasai.rdbms.usernameField") + "='" + org.apache.commons.lang.StringEscapeUtils.escapeSql(userName) + "'");
94             
95             if (rs.next()){
96                 // Just to make sure no nulls are handled
97
String JavaDoc encriptedPassword = StringUtils.defaultString(rs.getString(1));
98                 password = StringUtils.defaultString(password);
99                 
100                 if (!res.getString("kasai.rdbms.passwordAlgorithm").equals("CLEARTEXT")){
101                     password = EncryptionUtil.hash(password, res.getString("kasai.rdbms.passwordAlgorithm"));
102                 }
103                 
104                 if ((StringUtils.isEmpty(encriptedPassword) && StringUtils.isEmpty(password)) ||
105                         encriptedPassword.equals(password)){
106                     result = AUTH_OK;
107                 } else {
108                     result = AUTH_BAD_PASSWORD;
109                 }
110             }
111             
112         } catch (SQLException e){
113             Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "checkPassword",
114                 "Can't retrieve password from database (" +
115                 ExceptionUtils.getStackTrace(e) + ")",
116                 java.util.logging.Level.SEVERE);
117             
118             throw new ServiceException(e);
119         } catch (java.security.NoSuchAlgorithmException JavaDoc e){
120             Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "checkPassword",
121                 "Invalid encryption algorithm (" +
122                 ExceptionUtils.getStackTrace(e) + ")",
123                 java.util.logging.Level.SEVERE);
124             
125             throw new ServiceException(e);
126         } catch (Exception JavaDoc e){
127             Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "checkPassword",
128                 "Unknow error (" +
129                 ExceptionUtils.getStackTrace(e) + ")",
130                 java.util.logging.Level.SEVERE);
131             
132             throw new ServiceException(e);
133         }
134         finally {
135             try {rs.close();}catch(Exception JavaDoc e){}
136             try {stmt.close();}catch(Exception JavaDoc e){}
137             try {con.close();}catch(Exception JavaDoc e){}
138         }
139         
140         return result;
141     }
142     
143     public void changePassword(String JavaDoc userName, String JavaDoc oldPassword, String JavaDoc newPassword) throws ServiceException, InvalidPasswordException {
144     
145         Connection con = null;
146         Statement stmt = null;
147         String JavaDoc sql = null;
148         
149         try {
150             oldPassword = StringUtils.defaultString(oldPassword);
151             newPassword = StringUtils.defaultString(newPassword);
152             
153             if (checkPassword(userName, oldPassword)!=AUTH_OK){
154                 throw new InvalidPasswordException("Invalid password");
155             }
156             
157             ResourceBundle JavaDoc res = ResourceBundle.getBundle(
158                     Constants.PROPERTY_FILE);
159             con = getConnection();
160             
161             stmt = con.createStatement();
162             
163             if (res.getString("kasai.rdbms.passwordAlgorithm").equals("CLEARTEXT")){
164                 sql = "UPDATE " + res.getString("kasai.rdbms.table") +
165                     " SET " + res.getString("kasai.rdbms.passwordField") + "='" +
166                     newPassword +
167                     "' WHERE " + res.getString("kasai.rdbms.usernameField") + "='" + org.apache.commons.lang.StringEscapeUtils.escapeSql(userName) + "'";
168             } else {
169                 sql = "UPDATE " + res.getString("kasai.rdbms.table") +
170                     " SET " + res.getString("kasai.rdbms.passwordField") + "='" +
171                     EncryptionUtil.hash(newPassword, res.getString("kasai.rdbms.passwordAlgorithm")) +
172                     "' WHERE " + res.getString("kasai.rdbms.usernameField") + "='" + org.apache.commons.lang.StringEscapeUtils.escapeSql(userName) + "'";
173             }
174             stmt.executeUpdate(sql);
175             
176         } catch (SQLException e){
177             Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "changePassword",
178                 "Can't retrieve password from database (" +
179                 ExceptionUtils.getStackTrace(e) + ")",
180                 java.util.logging.Level.SEVERE);
181             
182             throw new ServiceException(e);
183         } catch (java.security.NoSuchAlgorithmException JavaDoc e){
184             Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "changePassword",
185                 "Invalid encryption algorithm (" +
186                 ExceptionUtils.getStackTrace(e) + ")",
187                 java.util.logging.Level.SEVERE);
188             
189             throw new ServiceException(e);
190         }
191         finally {
192             try {stmt.close();}catch(Exception JavaDoc e){}
193             try {con.close();}catch(Exception JavaDoc e){}
194         }
195         
196     }
197     
198     public void setPassword(String JavaDoc userName, String JavaDoc password)
199         throws ServiceException, InvalidPasswordException {
200     
201         Connection con = null;
202         Statement stmt = null;
203         String JavaDoc sql = null;
204         
205         try {
206             // We dont like null passwords
207
password = StringUtils.defaultString(password);
208             
209             ResourceBundle JavaDoc res = ResourceBundle.getBundle(
210                     Constants.PROPERTY_FILE);
211             con = getConnection();
212             
213             stmt = con.createStatement();
214             
215             if (res.getString("kasai.rdbms.passwordAlgorithm").equals("CLEARTEXT")){
216                 sql = "UPDATE " + res.getString("kasai.rdbms.table") +
217                     " SET " + res.getString("kasai.rdbms.passwordField") + "='" +
218                     password +
219                     "' WHERE " + res.getString("kasai.rdbms.usernameField") + "='" + org.apache.commons.lang.StringEscapeUtils.escapeSql(userName) + "'";
220             } else {
221                 sql = "UPDATE " + res.getString("kasai.rdbms.table") +
222                     " SET " + res.getString("kasai.rdbms.passwordField") + "='" +
223                     EncryptionUtil.hash(password, res.getString("kasai.rdbms.passwordAlgorithm")) +
224                     "' WHERE " + res.getString("kasai.rdbms.usernameField") + "='" + org.apache.commons.lang.StringEscapeUtils.escapeSql(userName) + "'";
225             }
226             stmt.executeUpdate(sql);
227             
228         } catch (SQLException e){
229             Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "setPassword",
230                 "Can't retrieve password from database (" +
231                 ExceptionUtils.getStackTrace(e) + ")",
232                 java.util.logging.Level.SEVERE);
233             
234             throw new ServiceException(e);
235         } catch (java.security.NoSuchAlgorithmException JavaDoc e){
236             Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "setPassword",
237                 "Invalid encryption algorithm (" +
238                 ExceptionUtils.getStackTrace(e) + ")",
239                 java.util.logging.Level.SEVERE);
240             
241             throw new ServiceException(e);
242         }
243         finally {
244             try {stmt.close();}catch(Exception JavaDoc e){}
245             try {con.close();}catch(Exception JavaDoc e){}
246         }
247         
248     }
249     
250     public String JavaDoc resetPassword(String JavaDoc userName) throws ServiceException {
251             
252         Connection con = null;
253         Statement stmt = null;
254         String JavaDoc password = null;
255         String JavaDoc sql = null;
256         
257         try {
258             ResourceBundle JavaDoc res = ResourceBundle.getBundle(
259                     Constants.PROPERTY_FILE);
260             con = getConnection();
261             
262             password = RandomStringUtils.randomAlphanumeric(Integer.parseInt(res.getString("kasai.rdbms.randomPassword.length")));
263             stmt = con.createStatement();
264             
265             if (res.getString("kasai.rdbms.passwordAlgorithm").equals("CLEARTEXT")){
266                 sql = "UPDATE " + res.getString("kasai.rdbms.table") +
267                     " SET " + res.getString("kasai.rdbms.passwordField") + "='" +
268                     password +
269                     "' WHERE " + res.getString("kasai.rdbms.usernameField") + "='" + org.apache.commons.lang.StringEscapeUtils.escapeSql(userName) + "'";
270             } else {
271                 sql = "UPDATE " + res.getString("kasai.rdbms.table") +
272                     " SET " + res.getString("kasai.rdbms.passwordField") + "='" +
273                     EncryptionUtil.hash(password, res.getString("kasai.rdbms.passwordAlgorithm")) +
274                     "' WHERE " + res.getString("kasai.rdbms.usernameField") + "='" + org.apache.commons.lang.StringEscapeUtils.escapeSql(userName) + "'";
275             }
276             
277             stmt.executeUpdate(sql);
278             
279         } catch (SQLException e){
280             Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "resetPassword",
281                 "Can't retrieve password from database (" +
282                 ExceptionUtils.getStackTrace(e) + ")",
283                 java.util.logging.Level.SEVERE);
284             
285             throw new ServiceException(e);
286         } catch (java.security.NoSuchAlgorithmException JavaDoc e){
287             Log.getInstance(Constants.PROPERTY_FILE).write(RDBMSAuthService.class.getName(), "resetPassword",
288                 "Invalid encryption algorithm (" +
289                 ExceptionUtils.getStackTrace(e) + ")",
290                 java.util.logging.Level.SEVERE);
291             
292             throw new ServiceException(e);
293         }
294         finally {
295             try {stmt.close();}catch(Exception JavaDoc e){}
296             try {con.close();}catch(Exception JavaDoc e){}
297         }
298         
299         return password;
300     }
301 }
302
Popular Tags