1 25 package org.nemesis.forum.impl; 26 27 import java.sql.Connection ; 28 import java.sql.PreparedStatement ; 29 import java.sql.ResultSet ; 30 import java.sql.SQLException ; 31 32 import org.apache.commons.logging.Log; 33 import org.apache.commons.logging.LogFactory; 34 import org.nemesis.forum.Authorization; 35 import org.nemesis.forum.AuthorizationFactory; 36 import org.nemesis.forum.exception.UnauthorizedException; 37 import org.nemesis.forum.util.StringUtils; 38 import org.nemesis.forum.util.jdbc.DbConnectionManager; 39 56 public class DbAuthorizationFactory extends AuthorizationFactory { 57 58 static protected Log log = LogFactory.getLog(DbAuthorizationFactory.class); 59 60 61 private static final String AUTHORIZE = "SELECT userID FROM yazdUser WHERE username=? AND passwordHash=?"; 62 63 66 private static final Authorization anonymousAuth = new DbAuthorization(-1); 67 68 78 public Authorization createAuthorization(String username, String password) throws UnauthorizedException { 79 if (username == null || password == null) { 80 throw new UnauthorizedException(); 81 } 82 password = StringUtils.hash(password); 85 int userID = 0; 86 Connection con = null; 87 PreparedStatement pstmt = null; 88 try { 89 con = DbConnectionManager.getConnection(); 90 pstmt = con.prepareStatement(AUTHORIZE); 91 pstmt.setString(1, username); 92 pstmt.setString(2, password); 93 94 ResultSet rs = pstmt.executeQuery(); 95 if (!rs.next()) { 98 throw new UnauthorizedException(); 99 } 100 userID = rs.getInt(1); 101 } catch (SQLException sqle) { 102 log.error("Exception in DbAuthorizationFactory:" , sqle); 103 throw new UnauthorizedException(); 104 } finally { 105 try { 106 pstmt.close(); 107 } catch (Exception e) { 108 log.error("pstmt close",e); 109 } 110 try { 111 con.close(); 112 } catch (Exception e) { 113 log.error("conn close",e); 114 } 115 } 116 return new DbAuthorization(userID); 118 } 119 120 125 public Authorization createAnonymousAuthorization() { 126 return anonymousAuth; 127 } 128 } 129 | Popular Tags |