HibernateUserDao


1   /* ***** BEGIN LICENSE BLOCK *****
2    * Version: MPL 1.1
3    * The contents of this file are subject to the Mozilla Public License Version
4    * 1.1 (the "License"); you may not use this file except in compliance with
5    * the License. You may obtain a copy of the License at
6    * http://www.mozilla.org/MPL/
7    * 
8    * Software distributed under the License is distributed on an "AS IS" basis,
9    * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
10   * for the specific language governing rights and limitations under the
11   * License.
12   * 
13   * The Original Code is Riot.
14   * 
15   * The Initial Developer of the Original Code is
16   * Neteye GmbH.
17   * Portions created by the Initial Developer are Copyright (C) 2007
18   * the Initial Developer. All Rights Reserved.
19   * 
20   * Contributor(s):
21   *   Felix Gnass [fgnass at neteye dot de]
22   * 
23   * ***** END LICENSE BLOCK ***** */
24  package org.riotfamily.riot.hibernate.security;
25  
26  import org.hibernate.Criteria;
27  import org.hibernate.criterion.Restrictions;
28  import org.riotfamily.common.beans.PropertyUtils;
29  import org.riotfamily.common.util.HashUtils;
30  import org.riotfamily.riot.hibernate.dao.HqlDao;
31  import org.riotfamily.riot.list.support.ListParamsImpl;
32  import org.riotfamily.riot.security.auth.RiotUser;
33  import org.riotfamily.riot.security.auth.RiotUserDao;
34  import org.springframework.beans.factory.InitializingBean;
35  import org.springframework.util.Assert;
36  
37  /**
38   * RiotUserDao that performs look-ups vie Hibernate.
39   * 
40   * @author Felix Gnass [fgnass at neteye dot de]
41   * @since 6.5
42   */
43  public class HibernateUserDao extends HqlDao implements RiotUserDao, 
44          InitializingBean {
45  
46      public static final String   DEFAULT_USERNAME = "admin";
47      
48      public static final String   DEFAULT_PASSWORD = "admin";
49      
50      private String   usernameProperty = "id";
51      
52      private String   passwordProperty = "password";
53      
54      private String   newPasswordProperty = "newPassword";
55      
56      private boolean hashPasswords = true;
57      
58      private RiotUser initialUser;
59      
60      /**
61       * Sets the user class.
62       * @throws IllegalArgumentException if the given class does not implement 
63       *         the {@link RiotUser} interface.
64       */
65      public void setEntityClass(Class   entityClass) {
66          Assert.isAssignable(RiotUser.class, entityClass);
67          super.setEntityClass(entityClass);
68      }
69      
70      /**
71       * Sets the name of the property that holds the username. This property is
72       * used by {@link #findUserByCredentials(String, String)} to look up
73       * a user upon login.
74       */
75      public void setUsernameProperty(String   usernameProperty) {
76          Assert.notNull(usernameProperty);
77          this.usernameProperty = usernameProperty;
78      }
79  
80      /**
81       * Sets the name of the property that holds the (possibly hashed) password.
82       * This property is used by {@link #findUserByCredentials(String, String)} 
83       * to look up a user upon login.
84       */
85      public void setPasswordProperty(String   passwordProperty) {
86          Assert.notNull(passwordProperty);
87          this.passwordProperty = passwordProperty;
88      }
89      
90      /**
91       * Sets whether MD5 hashes should be used instead of plain text passwords.
92       */
93      public void setHashPasswords(boolean hashPasswords) {
94          this.hashPasswords = hashPasswords;
95      }
96  
97      /**
98       * Sets the name of the (transient) property that holds the new plain text
99       * password. When {@link #setHashPasswords(boolean) hashed passwords} are
100      * used, this property is checked upon updates. If the property contains a
101      * non null value, this value is used to create a new password hash.
102      */
103     public void setNewPasswordProperty(String   newPasswordProperty) {
104         this.newPasswordProperty = newPasswordProperty;
105     }
106 
107     /**
108      * Sets the initial user object that is persisted when no other user exists.
109      * If set to <code>null</code> (default), a new instance of the 
110      * {@link #setEntityClass(Class) entity class} is created via reflection.
111      */
112     public void setInitialUser(RiotUser initialUser) {
113         this.initialUser = initialUser;
114     }
115     
116     public void afterPropertiesSet() throws Exception   {
117         if (initialUser != null) {
118             Assert.isInstanceOf(getEntityClass(), initialUser);
119         }
120         else {
121             initialUser = (RiotUser) getEntityClass().newInstance();
122             PropertyUtils.setProperty(initialUser, usernameProperty, 
123                     DEFAULT_USERNAME);
124             
125             String   password = hashPasswords 
126                     ? HashUtils.md5(DEFAULT_PASSWORD) 
127                     : DEFAULT_PASSWORD;
128                     
129             PropertyUtils.setProperty(initialUser, passwordProperty, password);
130         }
131     }
132     
133     public RiotUser findUserByCredentials(String   username, String   password) {
134         if (hashPasswords) {
135             password = HashUtils.md5(password);
136         }
137         Criteria c = createCriteria(getEntityClass())
138             .add(Restrictions.eq(usernameProperty, username))
139             .add(Restrictions.eq(passwordProperty, password));
140             
141         RiotUser user = (RiotUser) c.uniqueResult();
142         if (user == null && !anyUserExists()) {
143             save(initialUser, null);
144             String   initialUsername = PropertyUtils.getPropertyAsString(initialUser, usernameProperty);
145             String   initialPassword = PropertyUtils.getPropertyAsString(initialUser, passwordProperty);
146             if (initialUsername.equals(username) 
147                     && initialPassword.equals(password)) {
148                 
149                 return initialUser;
150             }
151         }
152         return user;
153     }
154     
155     protected boolean anyUserExists() {
156         return getListSize(null, new ListParamsImpl()) > 0;
157     }
158     
159     protected void hashNewPassword(Object   user) {
160         if (hashPasswords) {
161             String   newPassword = PropertyUtils.getPropertyAsString(user, newPasswordProperty);
162             if (newPassword != null) {
163                 String   hash = HashUtils.md5(newPassword);
164                 PropertyUtils.setProperty(user, passwordProperty, hash);
165                 PropertyUtils.setProperty(user, newPasswordProperty, null);
166             }
167         }
168     }
169     
170     public void save(Object   entity, Object   parent) {
171         hashNewPassword(entity);
172         super.save(entity, parent);
173     }
174     
175     public void update(Object   entity) {
176         hashNewPassword(entity);
177         super.update(entity);
178     }
179 
180 }
181
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags