001: package org.esupportail.cas.server.handlers.database;
002:
003: import java.io.UnsupportedEncodingException;
004: import java.net.URLDecoder;
005: import java.security.MessageDigest;
006: import java.sql.Connection;
007: import java.sql.DriverManager;
008: import java.sql.PreparedStatement;
009: import java.sql.ResultSet;
010: import java.sql.SQLException;
011:
012: import org.dom4j.Element;
013: import org.esupportail.cas.server.util.BasicHandler;
014: import org.esupportail.cas.server.util.log.Log;
015:
016: /**
017: * I write this additionnal handler to provide the LibreSource
018: * (http://www.libresource.org) MD5 algorithm handler.
019: *
020: * @author Florent Jouille <florent.jouille at loria dot fr>
021: *
022: */
023: public final class LSDatabaseHandler extends BasicHandler {
024:
025: private String bind_username;
026:
027: private String bind_password;
028:
029: private String server_url;
030:
031: private String server_driver;
032:
033: private String users_table_name;
034:
035: private String username_column_name;
036:
037: private String password_column_name;
038:
039: /**
040: * Constructor.
041: *
042: * @param handlerElement the XML element that declares the handler
043: * in the configuration file
044: * @param configDebug debugging mode of the global configuration
045: * @throws Exception Exception
046: */
047: public LSDatabaseHandler(final Element handlerElement,
048: final Boolean configDebug) throws Exception {
049: super (handlerElement, configDebug);
050: traceBegin();
051:
052: checkConfigElement(true);
053:
054: bind_username = getConfigSubElementContent("bind_username",
055: true/*needed*/);
056: trace("bind_username = " + bind_username);
057:
058: bind_password = getConfigSubElementContent("bind_password",
059: false/*can be empty*/);
060: trace("bind_password = " + bind_password);
061:
062: server_url = getConfigSubElementContent("server_url", true/*needed*/);
063: trace("server_url = " + server_url);
064:
065: server_driver = getConfigSubElementContent("server_driver",
066: true/*needed*/);
067: trace("server_driver = " + server_driver);
068:
069: users_table_name = getConfigSubElementContent(
070: "users_table_name", true/*needed*/);
071: trace("users_table_name = " + users_table_name);
072:
073: username_column_name = getConfigSubElementContent(
074: "username_column_name", true/*needed*/);
075: trace("username_column_name = " + username_column_name);
076:
077: password_column_name = getConfigSubElementContent(
078: "password_column_name", true/*needed*/);
079: trace("password_column_name = " + password_column_name);
080:
081: traceEnd();
082: }
083:
084: public int authenticate(String username, String password) {
085: traceBegin();
086:
087: Connection db = null;
088: PreparedStatement sql = null;
089: ResultSet rs = null;
090:
091: try {
092: trace("Connect to database ...");
093: Class.forName("org.postgresql.Driver");
094: db = DriverManager.getConnection(server_url, bind_username,
095: bind_password);
096: sql = db.prepareStatement("SELECT * FROM "
097: + users_table_name + " WHERE "
098: + username_column_name + " =?;");
099: sql.setString(1, username);
100: trace("Send request to database...");
101: rs = sql.executeQuery();
102: if (!rs.next()) {
103: trace("Username not found: " + username);
104: traceEnd("FAILED_CONTINUE");
105: return FAILED_CONTINUE;
106: }
107:
108: // check password
109: trace("Check password for user : " + username);
110: boolean match = rs.getString(password_column_name).equals(
111: digest(password));
112:
113: if (match) {
114: trace("Password matches.");
115: traceEnd("SUCCESS");
116: return SUCCEEDED;
117: } else {
118: trace("Password does not match.");
119: traceEnd("AUTHENTICATE_NOAUTH");
120: return FAILED_STOP;
121: }
122: } catch (Exception e) {
123: e.printStackTrace();
124: Log.warn("Failure: " + e.toString());
125: traceEnd("FAILED_CONTINUE");
126: return FAILED_CONTINUE;
127: } finally {
128: try {
129: rs.close();
130: } catch (SQLException e) {
131: }
132: try {
133: sql.close();
134: } catch (SQLException e) {
135: }
136: try {
137: db.close();
138: } catch (SQLException e) {
139: }
140: }
141: }
142:
143: public static String digest(String password) throws Exception {
144: MessageDigest digest = MessageDigest.getInstance("MD5");
145: digest.update(password.getBytes("UTF-8"));
146: byte[] md5 = digest.digest();
147: String sReturnMsg = "";
148: for (int i = 0; i < md5.length; i++) {
149: sReturnMsg += Integer.toHexString(md5[i]);
150: }
151: return sReturnMsg;
152: }
153: }
|