Source Code Cross Referenced for AuthenticationServiceDBImpl.java in  » Portal » stringbeans-3.5 » com » nabhinc » portal » spi » impl » db » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        /*
002:         * (C) Copyright 2000 - 2006 Nabh Information Systems, Inc.
003:         *
004:         * This program is free software; you can redistribute it and/or
005:         * modify it under the terms of the GNU General Public License
006:         * as published by the Free Software Foundation; either version 2
007:         * of the License, or (at your option) any later version.
008:         *
009:         * This program is distributed in the hope that it will be useful,
010:         * but WITHOUT ANY WARRANTY; without even the implied warranty of
011:         * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
012:         * GNU General Public License for more details.
013:         *
014:         * You should have received a copy of the GNU General Public License
015:         * along with this program; if not, write to the Free Software
016:         * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
017:         *
018:         */
019:        package com.nabhinc.portal.spi.impl.db;
020:
021:        import java.rmi.RemoteException;
022:        import java.sql.Connection;
023:        import java.sql.PreparedStatement;
024:        import java.sql.ResultSet;
025:        import java.sql.SQLException;
026:        import java.sql.Types;
027:        import java.util.Map;
028:        import java.util.Vector;
029:
030:        import javax.naming.NamingException;
031:        import javax.security.auth.login.LoginException;
032:
033:        import com.nabhinc.portal.spi.BaseUserServiceImpl;
034:        import com.nabhinc.spi.AuthenticationService;
035:        import com.nabhinc.spi.LocalUserInfo;
036:        import com.nabhinc.spi.UserPrincipal;
037:        import com.nabhinc.util.db.DBUtil;
038:
039:        /**
040:         * 
041:         * 
042:         * @author Padmanabh Dabke
043:         * (c) 2006 Nabh Information Systems, Inc. All Rights Reserved.
044:         */
045:        public class AuthenticationServiceDBImpl extends BaseUserServiceImpl
046:                implements  AuthenticationService {
047:
048:            protected String bdsiDataSource = null;
049:
050:            public String getDataSourceName() {
051:                return bdsiDataSource;
052:            }
053:
054:            public void setDataSourceName(String ds) {
055:                bdsiDataSource = ds;
056:            }
057:
058:            private String asiAuthByUserNameSQL = "SELECT username, pass_word FROM SB_USERS WHERE upper(username) = upper(?)";
059:
060:            private String asiAuthByEmailSQL = "SELECT username, pass_word FROM SB_USERS WHERE upper(oemail) = upper(?)";
061:
062:            private String asiRolesSQL = "SELECT SB_ROLES.rolename FROM SB_USER_ROLES, SB_USERS, SB_ROLES WHERE SB_USERS.userid = SB_USER_ROLES.userid AND SB_ROLES.roleid = SB_USER_ROLES.roleid AND SB_USERS.username = ?";
063:
064:            public String getAuthByUserNameSQL() {
065:                return asiAuthByUserNameSQL;
066:            }
067:
068:            public void setAuthByUserNameSQL(String sql) {
069:                asiAuthByUserNameSQL = sql;
070:            }
071:
072:            public String getAuthByEmailSQL() {
073:                return asiAuthByEmailSQL;
074:            }
075:
076:            public void setAuthByEmailSQL(String sql) {
077:                asiAuthByEmailSQL = sql;
078:            }
079:
080:            public String getRolesSQL() {
081:                return asiRolesSQL;
082:            }
083:
084:            public void setRolesSQL(String sql) {
085:                asiRolesSQL = sql;
086:            }
087:
088:            @SuppressWarnings("unchecked")
089:            private void setUserRoles(LocalUserInfo userInfo)
090:                    throws RemoteException {
091:                Connection conn = null;
092:                ResultSet results = null;
093:                PreparedStatement st = null;
094:                try {
095:                    conn = DBUtil.getConnection(bdsiDataSource);
096:                    st = conn.prepareStatement(asiRolesSQL);
097:                    st.setString(1, userInfo.userName);
098:                    results = st.executeQuery();
099:                    Vector v = new Vector();
100:                    while (results.next()) {
101:                        v.add(results.getString(1));
102:                    }
103:                    String[] roles = new String[v.size()];
104:                    v.copyInto(roles);
105:                    userInfo.roles = roles;
106:                } catch (SQLException e) {
107:                    throw new RemoteException(
108:                            "Database exception in retrieving role information.",
109:                            e);
110:                } catch (NamingException e) {
111:                    throw new RuntimeException(
112:                            "Could not locate data source with name: "
113:                                    + bdsiDataSource);
114:                } finally {
115:                    DBUtil.close(results);
116:                    DBUtil.close(st);
117:                    DBUtil.close(conn);
118:                }
119:
120:            }
121:
122:            public LocalUserInfo authenticateUserByName(String userName,
123:                    String password, Map paramMap) throws LoginException,
124:                    RemoteException {
125:
126:                String actualPassword = null;
127:                String actualUserName = null;
128:
129:                try {
130:                    /*
131:                    if (Defaults.getEncryptionAlgorithm() != null && password != null) {
132:                    	password = EncryptionUtil.encrypt(password, Defaults.getEncryptionAlgorithm());
133:                    }
134:                     */
135:
136:                    String[] userInfo = DBUtil.getRecord(bdsiDataSource,
137:                            asiAuthByUserNameSQL, new int[] {
138:                                    java.sql.Types.VARCHAR, Types.VARCHAR },
139:                            null, new String[] { userName });
140:                    if (userInfo == null)
141:                        throw new LoginException(
142:                                "sb.portal.error.login_invalid_msg");
143:                    actualUserName = userInfo[0];
144:                    actualPassword = userInfo[1];
145:                } catch (NamingException ex) {
146:                    error(ex.toString());
147:                    throw new RemoteException(
148:                            "sb.portal.error.login_db_error_msg", ex);
149:                } catch (SQLException ex) {
150:                    error(ex.toString());
151:                    throw new RemoteException(
152:                            "sb.portal.error.login_db_error_msg", ex);
153:                }
154:
155:                if (actualPassword == null
156:                        || compareCredentials(actualPassword, password)) {
157:                    LocalUserInfo lUserInfo = new LocalUserInfo();
158:                    lUserInfo.userName = actualUserName;
159:                    lUserInfo.principal = new UserPrincipal(actualUserName);
160:                    setUserRoles(lUserInfo);
161:                    return lUserInfo;
162:                } else {
163:                    throw new LoginException(
164:                            "sb.portal.error.login_invalid_msg");
165:                }
166:
167:            }
168:
169:            public LocalUserInfo authenticateUserByEmail(String email,
170:                    String password, Map paramMap) throws LoginException,
171:                    RemoteException {
172:
173:                String actualPassword = null;
174:                String actualUserName = null;
175:                try {
176:
177:                    String[] userInfo = DBUtil.getRecord(bdsiDataSource,
178:                            asiAuthByEmailSQL, new int[] {
179:                                    java.sql.Types.VARCHAR, Types.VARCHAR },
180:                            null, new String[] { email });
181:                    actualUserName = userInfo[0];
182:                    actualPassword = userInfo[1];
183:                } catch (Exception ex) {
184:                    error(ex.toString());
185:                    throw new RemoteException(
186:                            "sb.portal.error.login_db_error_msg.", ex);
187:                }
188:
189:                if (actualPassword == null
190:                        || compareCredentials(actualPassword, password)) {
191:                    LocalUserInfo lUserInfo = new LocalUserInfo();
192:                    lUserInfo.userName = actualUserName;
193:                    lUserInfo.principal = new UserPrincipal(actualUserName);
194:                    setUserRoles(lUserInfo);
195:                    return lUserInfo;
196:                } else {
197:                    throw new LoginException(
198:                            "sb.portal.error.login_invalid_msg");
199:                }
200:            }
201:
202:        }