001: // PasswordEditorFrame.java
002: // $Id: PasswordEditorFrame.java,v 1.7 2000/08/16 21:37:44 ylafon Exp $
003: // (c) COPYRIGHT MIT and INRIA, 1996.
004: // Please first read the full copyright statement in file COPYRIGHT.html
005:
006: package org.w3c.jigsaw.resources;
007:
008: import org.w3c.tools.resources.Attribute;
009: import org.w3c.tools.resources.AttributeHolder;
010: import org.w3c.tools.resources.AttributeRegistry;
011: import org.w3c.tools.resources.InvalidResourceException;
012: import org.w3c.tools.resources.ProtocolException;
013: import org.w3c.tools.resources.Resource;
014: import org.w3c.tools.resources.ResourceException;
015: import org.w3c.tools.resources.ResourceFrame;
016: import org.w3c.tools.resources.ResourceReference;
017: import org.w3c.tools.resources.ServerInterface;
018: import org.w3c.tools.resources.StringAttribute;
019:
020: import org.w3c.www.http.HTTP;
021:
022: import org.w3c.jigsaw.http.Reply;
023: import org.w3c.jigsaw.http.Request;
024: import org.w3c.jigsaw.http.httpd;
025:
026: import org.w3c.jigsaw.frames.HTTPFrame;
027: import org.w3c.jigsaw.frames.PostableFrame;
028:
029: import org.w3c.jigsaw.auth.AuthRealm;
030: import org.w3c.jigsaw.auth.AuthUser;
031: import org.w3c.jigsaw.auth.RealmsCatalog;
032:
033: import org.w3c.jigsaw.html.HtmlGenerator;
034:
035: import org.w3c.jigsaw.forms.URLDecoder;
036:
037: public class PasswordEditorFrame extends PostableFrame {
038:
039: /**
040: * Attribute index - The name of the realm to edit.
041: */
042: protected static int ATTR_REALM = -1;
043:
044: static {
045: Class c = null;
046: Attribute a = null;
047:
048: try {
049: c = Class
050: .forName("org.w3c.jigsaw.resources.PasswordEditorFrame");
051: } catch (Exception ex) {
052: ex.printStackTrace();
053: System.exit(1);
054: }
055: // Register the name of the realm to edit
056: a = new StringAttribute("realm", null, Attribute.EDITABLE);
057: ATTR_REALM = AttributeRegistry.registerAttribute(c, a);
058: }
059:
060: /**
061: * The loaded realm, when loaded.
062: */
063: ResourceReference rr_realm = null;
064:
065: /**
066: * Get the name of the realm to edit.
067: * @return The name of the realm to edit, as a String.
068: */
069:
070: public String getRealm() {
071: return getString(ATTR_REALM, null);
072: }
073:
074: protected synchronized boolean changePassword(String username,
075: String oldpassword, String newpassword) {
076: // Get a handle on the authentication realm:
077: if (rr_realm == null) {
078: // Load the realm from the auth realm catalog:
079: RealmsCatalog c = ((httpd) getServer()).getRealmsCatalog();
080: String r = getRealm();
081: if (r == null) {
082: getServer().errlog(this ,
083: "attribute realm no initialized.");
084: return false;
085: }
086: // Really, load the store now:
087:
088: rr_realm = c.loadRealm(r);
089: }
090: // If we did get the realm:
091: if (rr_realm != null) {
092: try {
093: AuthRealm realm = (AuthRealm) rr_realm.lock();
094: // Get the user:
095: ResourceReference rr_user = realm.loadUser(username);
096: if (rr_user == null)
097: return false;
098: try {
099: AuthUser user = (AuthUser) rr_user.lock();
100: // Check the old password first:
101: String passwd = user.getPassword();
102: if ((passwd == null) || !passwd.equals(oldpassword))
103: return false;
104: // Set the new password:
105: user.setPassword(newpassword);
106: return true;
107: } catch (InvalidResourceException ex) {
108: return false;
109: } finally {
110: rr_user.unlock();
111: }
112: } catch (InvalidResourceException ex) {
113: return false;
114: } finally {
115: rr_realm.unlock();
116: }
117: }
118: return false;
119: }
120:
121: protected HtmlGenerator generateForm(String msg) {
122: // Create the HTML and set title:
123: HtmlGenerator g = new HtmlGenerator("Password editor for "
124: + getRealm());
125: // Add style link
126: addStyleSheet(g);
127: g.append("<h1>Password editor for ", getRealm(), "</h1>");
128: // If some message is available, dump it:
129: if (msg != null)
130: g.append("<hr>", msg, "</hr>");
131: // And then display the form:
132: g
133: .append("<form method=\"POST\" action=\"",
134: getURLPath(), "\">");
135: g.append("<table width=\"100%\">");
136: g.append("<tr><th align=right>username");
137: g
138: .append("<th align=left><input type=\"text\" name=\"username\">");
139: g.append("<tr><th align=right>old password");
140: g
141: .append("<th align=left><input type=\"password\" name=\"opasswd\">");
142: g.append("<tr><th align=right>new password");
143: g
144: .append("<th align=left><input type=\"password\" name=\"npasswd\">");
145: g.append("<tr><th align=right>confirm");
146: g
147: .append("<th align=left><input type=\"password\" name=\"cpasswd\">");
148: g.append("</table>");
149: g.append("<input type=\"submit\" value=\"Change\">");
150: g.append("</form>");
151: return g;
152: }
153:
154: protected final HtmlGenerator generateForm() {
155: return generateForm(null);
156: }
157:
158: /**
159: * Handle a get request on the password editor.
160: * Dump a form suitable for editing a user entry.
161: * @param request The request to handle.
162: * @exception ProtocolException If processing the request failed.
163: * @exception ResourceException If this resource got a fatal error.
164: * @return An HTTP Reply instance.
165: */
166:
167: public Reply get(Request request) throws ProtocolException,
168: ResourceException {
169: Reply reply = createDefaultReply(request, HTTP.OK);
170: reply.setStream(generateForm());
171: return reply;
172: }
173:
174: /**
175: * Handle a post request.
176: * Do change the password, when possible.
177: * @param request The request to handle.
178: * @param data The form decoded data.
179: * @exception ProtocolException If processing the request failed.
180: * @return An HTTP Reply instance.
181: */
182:
183: public Reply handle(Request request, URLDecoder data)
184: throws ProtocolException {
185: String username = data.getValue("username");
186: String opasswd = data.getValue("opasswd");
187: String npasswd = data.getValue("npasswd");
188: String cpasswd = data.getValue("cpasswd");
189: HtmlGenerator g = null;
190: if ((username == null) || (opasswd == null)
191: || (npasswd == null) || (cpasswd == null)) {
192: // Check that all values are available:
193: if (username == null)
194: g = generateForm("Fill in <em>all</em> the fields.");
195: else
196: g = generateForm("Hey, " + username
197: + ", could you feel in "
198: + "<em>all</em> the fields please.");
199: } else if (!npasswd.equals(cpasswd)) {
200: // Check that new and confirmed password are the same:
201: g = generateForm("New and confirmed password don't "
202: + " match, try again "
203: + ((username == null) ? "." : (username + ".")));
204: } else if (changePassword(username, opasswd, npasswd)) {
205: // Run the change:
206: g = new HtmlGenerator("Password now changed.");
207: // Add style link
208: addStyleSheet(g);
209: g.append("<h1>Your password has been changed</h1>");
210: g.append("<p>Operation succeeded, have fun !");
211: } else {
212: // Changing the password failed, don't provide explanations:
213: g = new HtmlGenerator("Password change failed");
214: // Add style link
215: addStyleSheet(g);
216: g.append("<h1>Changing the password failed</h1>");
217: g
218: .append(
219: "You were not allowed to change the password for user \"",
220: username, "\".");
221: }
222: // We always succeed, that's cool:
223: Reply reply = createDefaultReply(request, HTTP.OK);
224: reply.setStream(g);
225: return reply;
226: }
227:
228: }
|