Source Code Cross Referenced for ApplicationUserActions.java in  » Web-Framework » argun » biz » hammurapi » web » security » Java Source Code / Java DocumentationJava Source Code and Java Documentation

Java Source Code / Java Documentation
1. 6.0 JDK Core
2. 6.0 JDK Modules
3. 6.0 JDK Modules com.sun
4. 6.0 JDK Modules com.sun.java
5. 6.0 JDK Modules sun
6. 6.0 JDK Platform
7. Ajax
8. Apache Harmony Java SE
9. Aspect oriented
10. Authentication Authorization
11. Blogger System
12. Build
13. Byte Code
14. Cache
15. Chart
16. Chat
17. Code Analyzer
18. Collaboration
19. Content Management System
20. Database Client
21. Database DBMS
22. Database JDBC Connection Pool
23. Database ORM
24. Development
25. EJB Server geronimo
26. EJB Server GlassFish
27. EJB Server JBoss 4.2.1
28. EJB Server resin 3.1.5
29. ERP CRM Financial
30. ESB
31. Forum
32. GIS
33. Graphic Library
34. Groupware
35. HTML Parser
36. IDE
37. IDE Eclipse
38. IDE Netbeans
39. Installer
40. Internationalization Localization
41. Inversion of Control
42. Issue Tracking
43. J2EE
44. JBoss
45. JMS
46. JMX
47. Library
48. Mail Clients
49. Net
50. Parser
51. PDF
52. Portal
53. Profiler
54. Project Management
55. Report
56. RSS RDF
57. Rule Engine
58. Science
59. Scripting
60. Search Engine
61. Security
62. Sevlet Container
63. Source Control
64. Swing Library
65. Template Engine
66. Test Coverage
67. Testing
68. UML
69. Web Crawler
70. Web Framework
71. Web Mail
72. Web Server
73. Web Services
74. Web Services apache cxf 2.0.1
75. Web Services AXIS2
76. Wiki Engine
77. Workflow Engines
78. XML
79. XML UI
Java
Java Tutorial
Java Open Source
Jar File Download
Java Articles
Java Products
Java by API
Photoshop Tutorials
Maya Tutorials
Flash Tutorials
3ds-Max Tutorials
Illustrator Tutorials
GIMP Tutorials
C# / C Sharp
C# / CSharp Tutorial
C# / CSharp Open Source
ASP.Net
ASP.NET Tutorial
JavaScript DHTML
JavaScript Tutorial
JavaScript Reference
HTML / CSS
HTML CSS Reference
C / ANSI-C
C Tutorial
C++
C++ Tutorial
Ruby
PHP
Python
Python Tutorial
Python Open Source
SQL Server / T-SQL
SQL Server / T-SQL Tutorial
Oracle PL / SQL
Oracle PL/SQL Tutorial
PostgreSQL
SQL / MySQL
MySQL Tutorial
VB.Net
VB.Net Tutorial
Flash / Flex / ActionScript
VBA / Excel / Access / Word
XML
XML Tutorial
Microsoft Office PowerPoint 2007 Tutorial
Microsoft Office Excel 2007 Tutorial
Microsoft Office Word 2007 Tutorial
Java Source Code / Java Documentation » Web Framework » argun » biz.hammurapi.web.security 
Source Cross Referenced  Class Diagram Java Document (Java Doc) 


001:        /*
002:         * argun 1.0
003:         * Web 2.0 delivery framework 
004:         * Copyright (C) 2007  Hammurapi Group
005:         *
006:         * This program is free software; you can redistribute it and/or
007:         * modify it under the terms of the GNU Lesser General Public
008:         * License as published by the Free Software Foundation; either
009:         * version 2 of the License, or (at your option) any later version.
010:         *
011:         * This program is distributed in the hope that it will be useful,
012:         * but WITHOUT ANY WARRANTY; without even the implied warranty of
013:         * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
014:         * Lesser General Public License for more details.
015:         *
016:         * You should have received a copy of the GNU Lesser General Public
017:         * License along with this library; if not, write to the Free Software
018:         * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
019:         *
020:         * URL: http://www.hammurapi.biz
021:         * e-Mail: support@hammurapi.biz
022:         */
023:        package biz.hammurapi.web.security;
024:
025:        import java.sql.SQLException;
026:        import java.util.Collection;
027:        import java.util.HashMap;
028:        import java.util.Map;
029:
030:        import javax.servlet.http.HttpServletRequest;
031:        import javax.servlet.http.HttpServletResponse;
032:
033:        import org.apache.commons.codec.digest.DigestUtils;
034:
035:        import biz.hammurapi.config.ConfigurationException;
036:        import biz.hammurapi.sql.SQLProcessor;
037:        import biz.hammurapi.web.ActionServlet;
038:        import biz.hammurapi.web.RequestParametersContext;
039:        import biz.hammurapi.web.SimpleRedirect;
040:        import biz.hammurapi.web.security.sql.ApplicationUser;
041:        import biz.hammurapi.web.security.sql.ApplicationUserImpl;
042:        import biz.hammurapi.web.security.sql.SecurityEngine;
043:        import biz.hammurapi.web.security.sql.permission.PermissionEngine;
044:
045:        /**
046:         * Web actions class for ApplicationUser.
047:         * @author Pavel Vlasov
048:         * @version $Revision$
049:         */
050:        public class ApplicationUserActions extends ActionsBase {
051:
052:            private static final String VIEW_PATH = "get/ApplicationUser/view.html?id=";
053:            private static final String INITIAL_PASSWORD_HASH = hashPassword("welcome");
054:
055:            /**
056:             * Retrieves list of ApplicationUser
057:             * @param request
058:             * @param response
059:             * @param servlet
060:             * @return
061:             */
062:            public Collection list(HttpServletRequest request,
063:                    HttpServletResponse response, ActionServlet servlet) {
064:                return getEngine(request).getApplicationUser();
065:            }
066:
067:            /**
068:             * Retrieves ApplicationUser information by 'id' parameter
069:             * @param request
070:             * @param response
071:             * @param servlet
072:             * @return
073:             * @throws SQLException 
074:             * @throws ConfigurationException 
075:             */
076:            public Object get(HttpServletRequest request,
077:                    HttpServletResponse response, ActionServlet servlet)
078:                    throws SQLException, ConfigurationException {
079:                if ("yes".equals(request.getParameter("new"))) {
080:                    ApplicationUserImpl ret = new ApplicationUserImpl();
081:                    ret.configure(new RequestParametersContext(request),
082:                            converter); //  	        
083:                    ret.setAttribute("new", "yes");
084:                    setReferrer(request, ret);
085:                    return ret;
086:                }
087:
088:                String id = request.getParameter("id");
089:                if (id == null) {
090:                    return "ApplicationUser id parameter is missing";
091:                }
092:
093:                User ret = (User) getEngine(request).getApplicationUser(id,
094:                        User.class);
095:                if (ret == null) {
096:                    return "Invalid User id: " + id;
097:                }
098:
099:                setReferrer(request, ret);
100:
101:                if (hasPermission(request, Permission.class, "list")) {
102:                    ret.setAttribute("list-permissions", "true");
103:                }
104:
105:                if (hasPermission(request, Role.class, "list")) {
106:                    ret.setAttribute("list-roles", "true");
107:                }
108:
109:                if (hasPermission(request, Group.class, "list")) {
110:                    ret.setAttribute("list-groups", "true");
111:                }
112:
113:                String alert = request.getParameter("alert");
114:                if (alert != null) {
115:                    ret.setAttribute("alert", alert);
116:                }
117:
118:                return ret;
119:            }
120:
121:            static String hashPassword(String password) {
122:                return DigestUtils.shaHex(password);
123:            }
124:
125:            /**
126:             * Updates ApplicationUser.
127:             * @param request
128:             * @param response
129:             * @param servlet
130:             * @return
131:             * @throws SQLException 
132:             * @throws ConfigurationException 
133:             */
134:            public Object update(HttpServletRequest request,
135:                    HttpServletResponse response, ActionServlet servlet)
136:                    throws SQLException, ConfigurationException {
137:                boolean isUpdate = !"yes".equals(request.getParameter("_new"));
138:
139:                ApplicationUserImpl obj = new ApplicationUserImpl(isUpdate);
140:                obj.setIsBlocked(false);
141:                obj.configure(new RequestParametersContext(request), converter);
142:                SecurityEngine engine = getEngine(request);
143:
144:                if (isUpdate) {
145:                    int numRows = engine.updateApplicationUser(obj);
146:                    if (numRows != 1) {
147:                        return "Could not update user";
148:                    }
149:                } else {
150:                    if (engine.getApplicationUser(obj.getLoginName()) != null) {
151:                        obj.setAttribute("new", "yes");
152:                        obj.setAttribute("referrer", getReferrer(request));
153:                        obj.setColumnAttribute("LOGIN_NAME",
154:                                "validation-error", "Duplicate login");
155:                        return obj;
156:                    }
157:
158:                    obj.setUserPassword(INITIAL_PASSWORD_HASH);
159:
160:                    int numRows = engine.insertApplicationUser(obj);
161:                    if (numRows != 1) {
162:                        return "Could not insert User";
163:                    }
164:
165:                }
166:
167:                String referrer = getReferrer(request);
168:                if (referrer == null) {
169:                    referrer = "list/ApplicationUser/list.html";
170:                }
171:
172:                return new SimpleRedirect(referrer, "ApplicationUser "
173:                        + (isUpdate ? "updated" : "inserted"));
174:            }
175:
176:            public String resetPassword(HttpServletRequest request,
177:                    HttpServletResponse response, ActionServlet servlet)
178:                    throws SQLException, ConfigurationException {
179:                String loginName = request.getParameter("id");
180:                if (loginName == null) {
181:                    return "User name is not provided";
182:                }
183:
184:                SecurityEngine engine = getEngine(request);
185:                ApplicationUser user = engine.getApplicationUser(loginName);
186:                if (user == null) {
187:                    return "Invalid user name: " + loginName;
188:                }
189:                user.setLastPasswordChange(0);
190:                user.setUserPassword(INITIAL_PASSWORD_HASH);
191:                int numRows = engine.updateApplicationUser(user);
192:                if (numRows == 1) {
193:                    return "Password reset for user " + loginName;
194:                }
195:
196:                return "Invalid user name: " + loginName;
197:            }
198:
199:            public String changePassword(HttpServletRequest request,
200:                    HttpServletResponse response, ActionServlet servlet)
201:                    throws SQLException, ConfigurationException {
202:                String loginName = request.getParameter("id");
203:                if (loginName == null) {
204:                    return "User name is not provided";
205:                }
206:
207:                String newPassword = request.getParameter("newPassword");
208:                if (newPassword == null) {
209:                    return "New password is not set";
210:                }
211:
212:                String confirmPassword = request
213:                        .getParameter("confirmPassword");
214:                if (confirmPassword == null) {
215:                    return "Confirm password is not set";
216:                }
217:
218:                if (!newPassword.equals(confirmPassword)) {
219:                    return "Passwords don't match";
220:                }
221:
222:                if (newPassword.length() < 8) {
223:                    return "New password is too short";
224:                }
225:
226:                String oldPassword = request.getParameter("oldPassword");
227:                if (oldPassword == null) {
228:                    return "Old password is not set";
229:                }
230:
231:                if (newPassword.equals(oldPassword)) {
232:                    return "New passwords shouldn't be equal to old password";
233:                }
234:
235:                SecurityEngine engine = getEngine(request);
236:                ApplicationUser user = engine.getApplicationUser(loginName);
237:                if (user == null) {
238:                    return "Invalid user name: " + loginName;
239:                }
240:                if (!hashPassword(oldPassword).equals(user.getUserPassword())) {
241:                    return "Invalid password";
242:                }
243:
244:                user.setLastPasswordChange(System.currentTimeMillis());
245:                user.setUserPassword(hashPassword(newPassword));
246:                int numRows = engine.updateApplicationUser(user);
247:                if (numRows == 1) {
248:                    return "Password changed for user " + loginName;
249:                }
250:
251:                return "Invalid user name: " + loginName;
252:            }
253:
254:            /**
255:             * Iterates over permissions parameter values and updates database.
256:             * @param request
257:             * @param response
258:             * @param servlet
259:             * @return
260:             * @throws SQLException
261:             * @throws ConfigurationException 
262:             */
263:            public Object getPermissions(HttpServletRequest request,
264:                    HttpServletResponse response, ActionServlet servlet)
265:                    throws SQLException, ConfigurationException {
266:                Map ret = new HashMap();
267:                SecurityEngine engine = getEngine(request);
268:                String loginName = request.getParameter("id");
269:                ret.put("id", loginName);
270:                ret.put("assigned-permissions", engine
271:                        .getAssignedPermission(loginName));
272:                ret.put("permissions", engine.getApplicationPermission());
273:                ret.put("classes", new PermissionEngine(
274:                        (SQLProcessor) getGlobal(request, "sql-processor"))
275:                        .getClasses());
276:                return ret;
277:            }
278:
279:            /**
280:             * Iterates over permissions parameter values and updates database.
281:             * @param request
282:             * @param response
283:             * @param servlet
284:             * @return
285:             * @throws SQLException
286:             * @throws ConfigurationException 
287:             */
288:            public Object updatePermissions(HttpServletRequest request,
289:                    HttpServletResponse response, ActionServlet servlet)
290:                    throws SQLException, ConfigurationException {
291:                SecurityEngine engine = getEngine(request);
292:                String loginName = request.getParameter("id");
293:                engine.deleteUserPermissionByUser(loginName);
294:                java.util.Set idSet = new java.util.HashSet();
295:                String[] values = request.getParameterValues("Denied");
296:                if (values != null) {
297:                    for (int i = 0; i < values.length; i++) {
298:                        if (idSet.add(values[i])) {
299:                            int pid = Integer.parseInt(values[i]);
300:                            engine.insertUserPermission(pid, loginName, true);
301:                        }
302:                    }
303:                }
304:
305:                values = request.getParameterValues("Allowed");
306:                if (values != null) {
307:                    for (int i = 0; i < values.length; i++) {
308:                        if (idSet.add(values[i])) {
309:                            int pid = Integer.parseInt(values[i]);
310:                            engine.insertUserPermission(pid, loginName, false);
311:                        }
312:                    }
313:                }
314:                return new SimpleRedirect(
315:                        "../../get/ApplicationUser/view.html?id=" + loginName,
316:                        "Permissions updated");
317:            }
318:
319:            /**
320:             * Iterates over permissions parameter values and updates database.
321:             * @param request
322:             * @param response
323:             * @param servlet
324:             * @return
325:             * @throws SQLException
326:             * @throws ConfigurationException 
327:             */
328:            public Object getGroups(HttpServletRequest request,
329:                    HttpServletResponse response, ActionServlet servlet)
330:                    throws SQLException, ConfigurationException {
331:                Map ret = new HashMap();
332:                SecurityEngine engine = getEngine(request);
333:                String loginName = request.getParameter("id");
334:                ret.put("id", loginName);
335:                ret.put("assigned-groups", engine.getUserGroups(loginName));
336:                ret.put("groups", engine.getUserGroup());
337:                return ret;
338:            }
339:
340:            /**
341:             * Iterates over groups parameter values and updates database.
342:             * @param request
343:             * @param response
344:             * @param servlet
345:             * @return
346:             * @throws SQLException
347:             * @throws ConfigurationException 
348:             */
349:            public Object updateGroups(HttpServletRequest request,
350:                    HttpServletResponse response, ActionServlet servlet)
351:                    throws SQLException, ConfigurationException {
352:                SecurityEngine engine = getEngine(request);
353:                String loginName = request.getParameter("id");
354:                engine.deleteUserInGroupByUser(loginName);
355:                //		if (!User.GUEST_NAME.equals(loginName)) {
356:                //			engine.insertUserInGroup(loginName, EVERYONE_GROUP);
357:                //		}
358:                String[] values = request.getParameterValues("group");
359:                if (values != null) {
360:                    for (int i = 0; i < values.length; i++) {
361:                        engine.insertUserInGroup(loginName, values[i]);
362:                    }
363:                }
364:                return new SimpleRedirect(VIEW_PATH + loginName,
365:                        "Groups updated");
366:            }
367:
368:            /**
369:             * Iterates over permissions parameter values and updates database.
370:             * @param request
371:             * @param response
372:             * @param servlet
373:             * @return
374:             * @throws SQLException
375:             * @throws ConfigurationException 
376:             */
377:            public Object getRoles(HttpServletRequest request,
378:                    HttpServletResponse response, ActionServlet servlet)
379:                    throws SQLException, ConfigurationException {
380:                Map ret = new HashMap();
381:                SecurityEngine engine = getEngine(request);
382:                String loginName = request.getParameter("id");
383:                ret.put("id", loginName);
384:                ret.put("assigned-roles", engine.getUserRoles(loginName));
385:                ret.put("roles", engine.getUserRole());
386:                return ret;
387:            }
388:
389:            /**
390:             * Iterates over roles parameter values and updates database.
391:             * @param request
392:             * @param response
393:             * @param servlet
394:             * @return
395:             * @throws SQLException
396:             * @throws ConfigurationException 
397:             */
398:            public Object updateRoles(HttpServletRequest request,
399:                    HttpServletResponse response, ActionServlet servlet)
400:                    throws SQLException, ConfigurationException {
401:                SecurityEngine engine = getEngine(request);
402:                String loginName = request.getParameter("id");
403:                engine.deleteUserInRoleByUser(loginName);
404:                String[] values = request.getParameterValues("role");
405:                if (values != null) {
406:                    for (int i = 0; i < values.length; i++) {
407:                        engine.insertUserInRole(loginName, values[i]);
408:                    }
409:                }
410:                return new SimpleRedirect(VIEW_PATH + loginName,
411:                        "Roles updated");
412:            }
413:
414:            /**
415:             * Deletes ApplicationUser by "id" parameter.
416:             * @param request
417:             * @param response
418:             * @param servlet
419:             * @return
420:             * @throws SQLException 
421:             * @throws ConfigurationException 
422:             */
423:            public Object delete(HttpServletRequest request,
424:                    HttpServletResponse response, ActionServlet servlet)
425:                    throws SQLException {
426:                String id = request.getParameter("id");
427:                if (id == null) {
428:                    return "id parameter is missing";
429:                }
430:
431:                getEngine(request).deleteApplicationUser(id);
432:
433:                String referrer = getReferrer(request);
434:                //        if (referrer == null) {
435:                referrer = "list/ApplicationUser/list.html";
436:                //        }
437:
438:                return new SimpleRedirect(referrer, "ApplicationUser deleted");
439:            }
440:        }
www.java2java.com | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.