001: /*
002: * (C) Copyright 2000 - 2005 Nabh Information Systems, Inc.
003: *
004: * This program is free software; you can redistribute it and/or
005: * modify it under the terms of the GNU General Public License
006: * as published by the Free Software Foundation; either version 2
007: * of the License, or (at your option) any later version.
008: *
009: * This program is distributed in the hope that it will be useful,
010: * but WITHOUT ANY WARRANTY; without even the implied warranty of
011: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
012: * GNU General Public License for more details.
013: *
014: * You should have received a copy of the GNU General Public License
015: * along with this program; if not, write to the Free Software
016: * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
017: *
018: */
019: package com.nabhinc.ws.spi.stringbeans;
020:
021: import java.sql.Connection;
022: import java.sql.PreparedStatement;
023: import java.sql.ResultSet;
024: import java.util.Map;
025: import java.util.Vector;
026:
027: import com.nabhinc.util.EncryptionUtil;
028: import com.nabhinc.util.db.DBUtil;
029: import com.nabhinc.ws.core.WebServiceException;
030: import com.nabhinc.ws.server.ServerObjectImpl;
031: import com.nabhinc.ws.spi.UserManager;
032:
033: /**
034: * A UserManager implementation that assumes
035: * user/password data is stored in the default database.
036: *
037: * @author Padmanabh Dabke
038: * (c) 2005 Nabh Information Systems, Inc. All Rights Reserved.
039: */
040: public class UserManagerImpl extends ServerObjectImpl implements
041: UserManager {
042: private String umiPasswordSQL = "SELECT pass_word FROM SB_USERS WHERE username = ?";
043:
044: private String umiRoleCheckSQL = "SELECT username FROM SB_USER_ROLES WHERE username = ? AND rolename = ?";
045:
046: private String umiRolesSQL = "SELECT rolename FROM SB_USER_ROLES WHERE username = ?";
047:
048: private boolean umiPasswordEncrypted = true;
049:
050: private String umiDigestAlgorithm = "MD5";
051:
052: public void setPasswordSQL(String sql) {
053: umiPasswordSQL = sql;
054: }
055:
056: public void setRoleCheckSQL(String sql) {
057: umiRoleCheckSQL = sql;
058: }
059:
060: public void setRolesSQL(String sql) {
061: umiRolesSQL = sql;
062: }
063:
064: public void setDigestAlgorithm(String alg) {
065: umiDigestAlgorithm = alg;
066: }
067:
068: public void setPasswordEncrypted(boolean flag) {
069: umiPasswordEncrypted = flag;
070: }
071:
072: /*
073: * (non-Javadoc)
074: *
075: * @see com.nabhinc.ws.spi.UserManager#isUserInRole(java.lang.String,
076: * java.lang.String)
077: */
078: public boolean isUserInRole(String user, String role)
079: throws WebServiceException {
080: Connection conn = null;
081: ResultSet results = null;
082: PreparedStatement st = null;
083:
084: try {
085: conn = DBUtil.getConnection();
086: st = conn.prepareStatement(umiRoleCheckSQL);
087: results = st.executeQuery();
088: if (results.next())
089: return true;
090: else
091: return false;
092:
093: } catch (Exception ex) {
094: throw new WebServiceException("Internal exception.", ex);
095: } finally {
096: DBUtil.close(results);
097: DBUtil.close(st);
098: DBUtil.close(conn);
099: }
100: }
101:
102: @SuppressWarnings("unchecked")
103: public String[] getUserRoles(String user)
104: throws WebServiceException {
105: Connection conn = null;
106: ResultSet results = null;
107: PreparedStatement st = null;
108:
109: try {
110: conn = DBUtil.getConnection();
111: st = conn.prepareStatement(umiRolesSQL);
112: results = st.executeQuery();
113: Vector roleVec = new Vector(10);
114: while (results.next()) {
115: roleVec.addElement(results.getString(1));
116: }
117: String[] roles = new String[roleVec.size()];
118: roleVec.copyInto(roles);
119: return roles;
120:
121: } catch (Exception ex) {
122: throw new WebServiceException("Internal exception.", ex);
123: } finally {
124: DBUtil.close(results);
125: DBUtil.close(st);
126: DBUtil.close(conn);
127: }
128: }
129:
130: /*
131: * (non-Javadoc)
132: *
133: * @see com.nabhinc.ws.spi.UserManager#authenticateUser(java.lang.String,
134: * java.lang.String, java.util.Map, boolean)
135: */
136: public boolean authenticateUser(String userName, String password,
137: Map extraAuthInfo, boolean passwordEncrypted)
138: throws WebServiceException {
139: if (passwordEncrypted) {
140: if (!umiPasswordEncrypted) {
141: throw new WebServiceException(
142: "Reveived encrypted password, but the stored password is not encrypted!");
143: }
144: } else {
145: if (umiPasswordEncrypted)
146: password = EncryptionUtil.encrypt(password,
147: umiDigestAlgorithm);
148: }
149:
150: Connection conn = null;
151: ResultSet results = null;
152: PreparedStatement st = null;
153:
154: try {
155: conn = DBUtil.getConnection();
156: st = conn.prepareStatement(umiPasswordSQL);
157: st.setString(1, userName);
158: results = st.executeQuery();
159: if (!results.next())
160: return false;
161: String actualPassword = results.getString(1);
162: if (password.equals(actualPassword))
163: return true;
164: else
165: return false;
166:
167: } catch (Exception ex) {
168: throw new WebServiceException("Internal exception.", ex);
169: } finally {
170: DBUtil.close(results);
171: DBUtil.close(st);
172: DBUtil.close(conn);
173: }
174:
175: }
176:
177: }
|