001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. The ASF licenses this file to You
004: * under the Apache License, Version 2.0 (the "License"); you may not
005: * use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.apache.org/licenses/LICENSE-2.0
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License. For additional information regarding
015: * copyright in this work, please see the NOTICE file in the top level
016: * directory of this distribution.
017: */
018: /*
019: * Created on Apr 11, 2003
020: */
021: package org.apache.roller.webservices.xmlrpc;
022:
023: import java.io.Serializable;
024:
025: import org.apache.commons.logging.Log;
026: import org.apache.commons.logging.LogFactory;
027: import org.apache.xmlrpc.XmlRpcException;
028: import org.apache.roller.config.RollerConfig;
029: import org.apache.roller.business.RollerFactory;
030: import org.apache.roller.business.UserManager;
031: import org.apache.roller.pojos.UserData;
032: import org.apache.roller.pojos.WebsiteData;
033: import org.apache.roller.ui.core.RollerContext;
034: import org.apache.roller.util.cache.CacheManager;
035: import org.apache.roller.util.Utilities;
036:
037: /**
038: * Base API handler does user validation, provides exception types, etc.
039: * @author David M Johnson
040: */
041: public class BaseAPIHandler implements Serializable {
042: static final long serialVersionUID = -698186274794937582L;
043:
044: private static Log mLogger = LogFactory.getFactory().getInstance(
045: BaseAPIHandler.class);
046:
047: public static final int AUTHORIZATION_EXCEPTION = 0001;
048: public static final String AUTHORIZATION_EXCEPTION_MSG = "Invalid Username and/or Password";
049:
050: public static final int UNKNOWN_EXCEPTION = 1000;
051: public static final String UNKNOWN_EXCEPTION_MSG = "An error occured processing your request";
052:
053: public static final int UNSUPPORTED_EXCEPTION = 1001;
054: public static final String UNSUPPORTED_EXCEPTION_MSG = "Unsupported method - Roller does not support this method";
055:
056: public static final int USER_DISABLED = 1002;
057: public static final String USER_DISABLED_MSG = "User is disabled";
058:
059: public static final int WEBLOG_NOT_FOUND = 1003;
060: public static final String WEBLOG_NOT_FOUND_MSG = "Weblog is not found or is disabled";
061:
062: public static final int WEBLOG_DISABLED = 1004;
063: public static final String WEBLOG_DISABLED_MSG = "Weblog is not found or is disabled";
064:
065: public static final int BLOGGERAPI_DISABLED = 1005;
066: public static final String BLOGGERAPI_DISABLED_MSG = "Weblog does not exist or XML-RPC disabled in web";
067:
068: public static final int BLOGGERAPI_INCOMPLETE_POST = 1006;
069: public static final String BLOGGERAPI_INCOMPLETE_POST_MSG = "Incomplete weblog entry";
070:
071: public static final int INVALID_POSTID = 2000;
072: public static final String INVALID_POSTID_MSG = "The entry postid you submitted is invalid";
073:
074: //public static final int NOBLOGS_EXCEPTION = 3000;
075: //public static final String NOBLOGS_EXCEPTION_MSG =
076: //"There are no categories defined for your user";
077:
078: public static final int UPLOAD_DENIED_EXCEPTION = 4000;
079: public static final String UPLOAD_DENIED_EXCEPTION_MSG = "Upload denied";
080:
081: //------------------------------------------------------------------------
082: public BaseAPIHandler() {
083: }
084:
085: //------------------------------------------------------------------------
086: //public void prep( HttpServletRequest req )
087: //{
088: //mRoller = RollerContext.getRoller(req);
089: //mContextUrl = RollerContext.getRollerContext(req).getAbsoluteContextUrl(req);
090: //
091:
092: //------------------------------------------------------------------------
093: /**
094: * Returns website, but only if user authenticates and is authorized to edit.
095: * @param blogid Blogid sent in request (used as website's hanldle)
096: * @param username Username sent in request
097: * @param password Password sent in requeset
098: */
099: protected WebsiteData validate(String blogid, String username,
100: String password) throws Exception {
101: boolean authenticated = false;
102: boolean userEnabled = false;
103: boolean weblogEnabled = false;
104: boolean apiEnabled = false;
105: boolean weblogFound = false;
106: WebsiteData website = null;
107: UserData user = null;
108: try {
109: UserManager userMgr = RollerFactory.getRoller()
110: .getUserManager();
111: user = userMgr.getUserByUserName(username);
112: userEnabled = user.getEnabled().booleanValue();
113:
114: website = userMgr.getWebsiteByHandle(blogid);
115: if (website != null) {
116: weblogFound = true;
117: weblogEnabled = website.getEnabled().booleanValue();
118: apiEnabled = website.getEnableBloggerApi()
119: .booleanValue();
120: }
121:
122: if (user != null) {
123: // are passwords encrypted?
124: RollerContext rollerContext = RollerContext
125: .getRollerContext();
126: String encrypted = RollerConfig
127: .getProperty("passwds.encryption.enabled");
128: //System.out.print("password was [" + password + "] ");
129: if ("true".equalsIgnoreCase(encrypted)) {
130: password = Utilities
131: .encodePassword(
132: password,
133: RollerConfig
134: .getProperty("passwds.encryption.algorithm"));
135: }
136: authenticated = password.equals(user.getPassword());
137: }
138: } catch (Exception e) {
139: mLogger.error("ERROR internal error validating user", e);
140: }
141:
142: if (!authenticated) {
143: throw new XmlRpcException(AUTHORIZATION_EXCEPTION,
144: AUTHORIZATION_EXCEPTION_MSG);
145: }
146: if (!userEnabled) {
147: throw new XmlRpcException(USER_DISABLED, USER_DISABLED_MSG);
148: }
149: if (!weblogEnabled) {
150: throw new XmlRpcException(WEBLOG_DISABLED,
151: WEBLOG_DISABLED_MSG);
152: }
153: if (!weblogFound) {
154: throw new XmlRpcException(WEBLOG_NOT_FOUND,
155: WEBLOG_NOT_FOUND_MSG);
156: }
157: if (!apiEnabled) {
158: throw new XmlRpcException(BLOGGERAPI_DISABLED,
159: BLOGGERAPI_DISABLED_MSG);
160: }
161: return website;
162: }
163:
164: //------------------------------------------------------------------------
165: /**
166: * Returns true if username/password are valid and user is not disabled.
167: * @param username Username sent in request
168: * @param password Password sent in requeset
169: */
170: protected boolean validateUser(String username, String password)
171: throws Exception {
172: boolean authenticated = false;
173: boolean enabled = false;
174: UserData user = null;
175: try {
176:
177: UserManager userMgr = RollerFactory.getRoller()
178: .getUserManager();
179: user = userMgr.getUserByUserName(username);
180:
181: enabled = user.getEnabled().booleanValue();
182: if (enabled) {
183: // are passwords encrypted?
184: RollerContext rollerContext = RollerContext
185: .getRollerContext();
186: String encrypted = RollerConfig
187: .getProperty("passwds.encryption.enabled");
188: //System.out.print("password was [" + password + "] ");
189: if ("true".equalsIgnoreCase(encrypted)) {
190: password = Utilities
191: .encodePassword(
192: password,
193: RollerConfig
194: .getProperty("passwds.encryption.algorithm"));
195: }
196: //System.out.println("is now [" + password + "]");
197: authenticated = user.getPassword().equals(password);
198: if (authenticated) {
199: //RollerFactory.getRoller().setUser(user);
200: }
201: }
202: } catch (Exception e) {
203: mLogger.error("ERROR internal error validating user", e);
204: }
205:
206: if (!enabled) {
207: throw new XmlRpcException(BLOGGERAPI_DISABLED,
208: BLOGGERAPI_DISABLED_MSG);
209: }
210:
211: if (!authenticated) {
212: throw new XmlRpcException(AUTHORIZATION_EXCEPTION,
213: AUTHORIZATION_EXCEPTION_MSG);
214: }
215: return authenticated;
216: }
217:
218: //------------------------------------------------------------------------
219: protected void flushPageCache(WebsiteData website) throws Exception {
220: CacheManager.invalidate(website);
221: }
222: }
|