Main Page   Namespace List   Class Hierarchy   Alphabetical List   Compound List   File List   Compound Members  

AuthTool.java

Go to the documentation of this file.
00001 package net.threebit.utils.sosc;
00002 
00003 /*
00004         Copyright 2003 Shawn Deleurme
00005         Copyright 2003 Kevin O'Donnell
00006 
00007         This program is free software; you can redistribute it and/or modify
00008         it under the terms of the GNU General Public License as published by
00009         the Free Software Foundation; either version 2 of the License, or
00010         (at your option) any later version.
00011 
00012         This program is distributed in the hope that it will be useful,
00013         but WITHOUT ANY WARRANTY; without even the implied warranty of
00014         MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00015         GNU General Public License for more details.
00016 
00017         You should have received a copy of the GNU General Public License
00018         along with this program; if not, write to the Free Software
00019         Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
00020 */
00021 
00022 import javax.xml.transform.*;
00023 import javax.xml.transform.stream.*;
00024 import java.sql.*;
00025 import java.io.*;
00026 import java.util.*;
00027 import javax.servlet.http.*;
00028 import javax.servlet.jsp.*;
00029 
00034 public class AuthTool {
00035 
00036         private DbTool db = null;
00037         private String tableNamePrefix = null;
00038 
00042         public AuthTool () throws Exception {
00043         }
00044 
00048         public AuthTool (DbTool db, String tableNamePrefix) throws Exception {
00049                 setDbTool(db);
00050                 setTableNamePrefix(tableNamePrefix);
00051         }
00052 
00056         public void setDbTool (DbTool db) throws Exception {
00057                 this.db = db;
00058         }
00059 
00063         public void setTableNamePrefix (String tableNamePrefix) throws Exception {
00064                 this.tableNamePrefix = tableNamePrefix;
00065         }
00066 
00070         public String getTableNamePrefix() throws Exception {
00071                 return tableNamePrefix;
00072         }
00073 
00077         public void sanityCheck() throws Exception {
00078                 List errors = new ArrayList();
00079                 if (tableNamePrefix == null) { errors.add("No tableNamePrefix has been set"); }
00080                 if (db == null) { errors.add("No dbTool has been set."); }
00081                 if (errors.size() > 0) {
00082                         String message = "";
00083                         for (Iterator i = errors.iterator(); i.hasNext(); ) {
00084                                 message = message + "\n" + i.next();
00085                         }
00086                         throw new Exception(message);
00087                 }
00088         }
00089 
00093         public void refreshSchema() throws Exception {
00094                 db.update(
00095                         " delete from " + userTable() + "; " +
00096                         " delete from " + groupTable() + "; " +
00097                         " delete from " + groupMemberTable() + "; "
00098                 );
00099         }
00100 
00104         public String userTable() throws Exception {
00105                 return tableNamePrefix + "Users";
00106         }
00107 
00111         public String groupTable() throws Exception {
00112                 return tableNamePrefix + "Groups";
00113         }
00114 
00118         public String groupMemberTable() throws Exception {
00119                 return tableNamePrefix + "GroupMembers";
00120         }
00121 
00125 
00129         public void addUser (String userName, String password) throws Exception {
00130                 sanityCheck();
00131                 if (userName == null || userName.length() == 0) { throw new Exception("Username is null or empty ('"+userName+"')"); }
00132                 if (password == null || password.length() == 0) { throw new Exception("Password is null or empty ('"+password+"')"); }
00133 
00134                 userName.replaceAll("'","''");
00135                 password.replaceAll("'","''");
00136                 db.update( "insert into " + userTable() + " (name,password) values ('" + userName + "','" + password + "'); ");
00137         };
00138 
00142         public void addUser (String userName, String password, String email) throws Exception {
00143                 addUser(userName,password);
00144                 setUserEmail(userName,email);
00145         }
00146 
00150         public void setUserEmail (String userName, String email) throws Exception {
00151                 db.update(
00152                         " update " + userTable() + 
00153                         " set email = " + db.quote(email) + 
00154                         " where name = " + db.quote(userName) +
00155                         " ; "
00156                 );
00157         }
00158 
00162         public void setUserPassword (String userName, String password) throws Exception {
00163                 db.update(
00164                         " update " + userTable() + 
00165                         " set password = " + db.quote(password) + 
00166                         " where name = " + db.quote(userName) +
00167                         " ; "
00168                 );
00169         }
00170 
00174         public void changePassword (String userName, String newPassword) throws Exception {
00175                 sanityCheck();
00176                 userName = db.quote(userName);
00177                 newPassword = db.quote(newPassword);
00178                 db.update(" update " + userTable() + " set password = '" + newPassword + "' where name = '" + userName + "'");
00179         }
00180 
00184         public void removeUser (String userName) throws Exception {
00185                 if (userName == null || userName.length() == 0) { throw new Exception("Username is null or empty ('"+userName+"')"); }
00186                 sanityCheck();
00187                 db.update(
00188                         " delete from " + groupMemberTable() + " where userid = ( select id from " + userTable() + " where name = '" + userName + "') ; " +
00189                         " delete from " + userTable() + " where name = '" + userName + "' ; "
00190                 );
00191         }
00192 
00196         private Map getIdNames (String sql) throws Exception {
00197                 Map result = new LinkedHashMap();
00198                 ResultSet r = db.query(sql);
00199                 while (r.next()) { result.put(r.getString("name"), r.getString("id")); }
00200                 return result;
00201         }
00202 
00206         public Map getUsers () throws Exception {
00207                 return getIdNames("select id,name from " + userTable() + " order by lower(name) ");
00208         }
00209 
00213         public Map getGroups () throws Exception {
00214                 return getIdNames("select id,name from " + groupTable() + " order by lower(name) ");
00215         }
00216 
00220         public Map getGroupMembers(String groupName) throws Exception {
00221                 groupName = db.quote(groupName);
00222                 return getIdNames(
00223                         " select u.id,u.name " +
00224                         " from " + 
00225                         "   " + userTable() + " as u, " +
00226                         "   " + groupTable() + " as g, " +
00227                         "   " + groupMemberTable() + " as gm " +
00228                         " where " +
00229                         "   gm.userid = u.id " +
00230                         "   and gm.groupid = g.id " +
00231                         "   and g.name = " + groupName
00232                 );
00233         }
00234 
00238         public void addGroup (String groupName) throws Exception {
00239                 sanityCheck();
00240                 if (groupName == null || groupName.length() == 0) { throw new Exception("groupname is null or empty ('"+groupName+"')"); }
00241 
00242                 groupName.replaceAll("'","''");
00243                 db.update( "insert into " + groupTable() + " (name) values ('" + groupName + "'); ");
00244         }
00245 
00249         public void removeGroup (String groupName) throws Exception {
00250                 sanityCheck();
00251                 if (groupName == null || groupName.length() == 0) { throw new Exception("groupname is null or empty ('"+groupName+"')"); }
00252                 db.update(
00253                         " delete from " + groupMemberTable() + " where groupid = ( select id from " + groupTable() + " where name = '" + groupName + "') ; " +
00254                         " delete from " + groupTable() + " where name = '" + groupName + "' ; "
00255                 );
00256         }
00257 
00261         public boolean authenticate (String userName, String password) throws Exception {
00262                 sanityCheck();
00263                 if (userName == null || userName.length() == 0) { throw new Exception("Username is null or empty ('"+userName+"')"); }
00264                 if (password == null) { throw new Exception("Password is null or empty ('"+password+"')"); }
00265 
00266                 ResultSet r = db.query(" select password from " + userTable() + " where name = " + db.quote(userName));
00267                 if (! r.first()) { return false; }
00268                 String dbPass = r.getString("password");
00269 
00270                 if (dbPass == null) { return false; }
00271                 return dbPass.equals(password);
00272         }
00273 
00277         public void addGroupMember (String groupName, String userName) throws Exception {
00278                 sanityCheck();
00279                 if (userName == null || userName.length() == 0) { throw new Exception("Username is null or empty ('"+userName+"')"); }
00280                 if (groupName == null || groupName.length() == 0) { throw new Exception("groupname is null or empty ('"+groupName+"')"); }
00281 
00282                 db.update(
00283                         " insert into " + groupMemberTable() + " (groupId,userId) " +
00284                         " values ( " +
00285                         "   (select id from " + groupTable() + " where name = '" + groupName + "') " +
00286                         "   , " +
00287                         "   (select id from " + userTable() + " where name = '" + userName + "') " +
00288                         " ); "
00289                 );
00290 
00291                 // Sanity
00292                 if (! isGroupMember(groupName, userName)) {
00293                         throw new Exception("An error occurred while adding " + userName + " to group " + groupName);
00294                 }
00295         }
00296 
00300         public boolean isGroupMember (String groupName, HttpServletRequest request) throws Exception {
00301                 return isGroupMember(groupName, getCurrentUser(request));
00302         }
00303 
00307         public boolean isGroupMember (String groupName, String userName) throws Exception {
00308                 sanityCheck();
00309                 if (userName == null || userName.length() == 0) { throw new Exception("Username is null or empty ('"+userName+"')"); }
00310                 if (groupName == null || groupName.length() == 0) { throw new Exception("groupname is null or empty ('"+groupName+"')"); }
00311 
00312                 ResultSet r = db.query(
00313                         " select count(*) as count " +
00314                         " from " + groupMemberTable() + " as gm, " + userTable() + " as u," + groupTable() + " as g " +
00315                         " where " +
00316                         "   g.name = '" + groupName + "' " +
00317                         "   and u.name = '" + userName + "' " +
00318                         "   and gm.groupId = g.id " +
00319                         "   and gm.userId = u.id "
00320                 );
00321                 if (! r.first()) { return false; }
00322                 int count = r.getInt("count");
00323                 if (count > 0) { return true; }
00324                 return false;
00325         }
00326 
00330         public void removeGroupMember (String groupName, String userName) throws Exception {
00331                 sanityCheck();
00332                 if (userName == null || userName.length() == 0) { throw new Exception("Username is null or empty ('"+userName+"')"); }
00333                 if (groupName == null || groupName.length() == 0) { throw new Exception("groupname is null or empty ('"+groupName+"')"); }
00334 
00335                 db.update(
00336                         " delete from " + groupMemberTable() +
00337                         " where " +
00338                         "   groupId = (select id from " + groupTable() + " where name = '" + groupName + "') " +
00339                         "   and userId = (select id from " + userTable() + " where name = '" + userName + "') "
00340                 );
00341 
00342         }
00343 
00347         public String getCurrentUser(HttpServletRequest request) throws Exception {
00348                 Cookie[] cookies = request.getCookies();
00349                 String username = null;
00350                 if (cookies != null) {
00351                         for (int x = 0; x < cookies.length; x++) {
00352                                 Cookie cookie = cookies[x];
00353                                 // out.println("["+x+"]: " + cookie.getName() + ": " + cookie.getValue() + "<br>" );
00354                                 if (cookie.getName().equals("AuthToolUserName")) {
00355                                         username = cookie.getValue();
00356                                         break;
00357                                 }
00358                         }
00359                 }
00360                 return username;
00361         }
00362 
00366         public String getUserEmail (String userName) throws Exception {
00367                 ResultSet r = db.query(" select email from " + userTable() + " where name = " + db.quote(userName));
00368                 if (! r.first()) { throw new Exception("No such user"); }
00369                 return r.getString("email");
00370         }
00371 
00375         public void setCurrentUser (HttpServletResponse response, String userName) {
00376                 Cookie c = new Cookie("AuthToolUserName", userName);
00377                 response.addCookie(c);
00378         }
00379 
00383         public void setCurrentUser (HttpServletResponse response, String userName, String password) throws Exception {
00384                 sanityCheck();
00385                 if (! authenticate(userName, password)) { 
00386                         throw new Exception("Could not set user because authentication failed for ('" + userName + "')"); 
00387                 }
00388                 setCurrentUser(response,userName);
00389         }
00390 }
Generated on Mon Jul 14 17:19:19 2003 for SOSC by doxygen1.2.15