com.abiquo.abiserver.business.authentication.AuthenticationManagerDB.java Source code

Java tutorial

Introduction

Here is the source code for com.abiquo.abiserver.business.authentication.AuthenticationManagerDB.java

Source

/**
 * Abiquo community edition
 * cloud management application for hybrid clouds
 * Copyright (C) 2008-2010 - Abiquo Holdings S.L.
 *
 * This application is free software; you can redistribute it and/or
 * modify it under the terms of the GNU LESSER GENERAL PUBLIC
 * LICENSE as published by the Free Software Foundation under
 * version 3 of the License
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * LESSER GENERAL PUBLIC LICENSE v.3 for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the
 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
 * Boston, MA 02111-1307, USA.
 */

package com.abiquo.abiserver.business.authentication;

import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.List;

import org.apache.commons.lang.StringUtils;
import org.hibernate.Query;
import org.hibernate.Session;
import org.hibernate.Transaction;
import org.hibernate.criterion.Order;
import org.hibernate.criterion.Restrictions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.abiquo.abiserver.abicloudws.AbiCloudConstants;
import com.abiquo.abiserver.business.hibernate.pojohb.user.UserHB;
import com.abiquo.abiserver.config.AbiConfig;
import com.abiquo.abiserver.config.AbiConfigManager;
import com.abiquo.abiserver.persistence.hibernate.HibernateUtil;
import com.abiquo.abiserver.pojo.authentication.Login;
import com.abiquo.abiserver.pojo.authentication.LoginResult;
import com.abiquo.abiserver.pojo.authentication.UserSession;
import com.abiquo.abiserver.pojo.result.BasicResult;
import com.abiquo.abiserver.pojo.result.DataResult;
import com.abiquo.util.ErrorManager;
import com.abiquo.util.resources.ResourceManager;

/**
 * This Authentication Manager provides authentication services, with a Data Base backend.
 * 
 * @author Oliver
 * @deprecated From now on we should log in (authenticat) against the API!
 *             {@link AuthenticationManagerApi}
 */
@Deprecated
public class AuthenticationManagerDB implements IAuthenticationManager {
    private static final Logger logger = LoggerFactory.getLogger(AuthenticationManagerDB.class);

    private final AbiConfig abiConfig = AbiConfigManager.getInstance().getAbiConfig();

    private static final ResourceManager resourceManger = new ResourceManager(AuthenticationManagerDB.class);

    private final ErrorManager errorManager = ErrorManager.getInstance(AbiCloudConstants.ERROR_PREFIX);

    @Override
    @SuppressWarnings("unchecked")
    public DataResult<LoginResult> doLogin(final Login login) {
        DataResult<LoginResult> dataResult = new DataResult<LoginResult>();

        Session session = null;
        Transaction transaction = null;

        try {
            session = HibernateUtil.getSession();

            transaction = session.beginTransaction();

            // Get the user from the appropiate source
            UserHB userHB = null;
            if (StringUtils.isBlank(login.getAuthToken())) {
                userHB = getUser(login, session);
            } else {
                userHB = getUserUsingToken(login, session);
            }

            if (userHB != null) {
                // User exists. Check if it is active
                if (userHB.getActive() == 1) {
                    // User exists in database and is active.

                    // Looking for all existing active sessions of this user, ordered by when were
                    // created
                    ArrayList<UserSession> oldUserSessions = (ArrayList<UserSession>) session
                            .createCriteria(UserSession.class).add(Restrictions.eq("user", login.getUser()))
                            .addOrder(Order.desc("key")).list();
                    Date currentTime = new Date();

                    // We erase old expired sessions
                    for (UserSession existingSession : oldUserSessions) {
                        if (currentTime.after(existingSession.getExpireDate())) {
                            session.delete(existingSession);
                        }
                    }

                    // Creating the user session
                    UserSession userSession = new UserSession();
                    userSession.setUser(userHB.getUser());
                    userSession.setKey(String.valueOf(Calendar.getInstance().getTimeInMillis()));
                    userSession.setLocale(login.getLocale());

                    userSession.setUserIdDb(userHB.getIdUser());
                    userSession.setEnterpriseName(userHB.getEnterpriseHB().getName());

                    int sessionTimeout = abiConfig.getSessionTimeout();
                    long expireMilis = new Date().getTime() + sessionTimeout * 60 * 1000;
                    Date expireDate = new Date(expireMilis);
                    userSession.setExpireDate(expireDate);

                    // Saving in Data Base the created User Session
                    session.save(userSession);

                    // Generating the login result, with the user who has logged in and his session
                    LoginResult loginResult = new LoginResult();
                    loginResult.setSession(userSession);
                    loginResult.setUser(userHB.toPojo());

                    // Generating the DataResult
                    dataResult.setSuccess(true);
                    dataResult.setMessage(AuthenticationManagerDB.resourceManger.getMessage("doLogin.success"));
                    dataResult.setData(loginResult);
                } else {
                    // User is not active. Generating the DataResult
                    errorManager.reportError(resourceManger, dataResult, "doLogin.userInActive");
                }
            } else {
                // User not exists in database or bad credentials. Generating the DataResult
                errorManager.reportError(resourceManger, dataResult, "doLogin.passwordUserIncorrect");

                dataResult.setResultCode(BasicResult.USER_INVALID);
            }

            transaction.commit();

        } catch (Exception e) {
            if (transaction != null && transaction.isActive()) {
                transaction.rollback();
            }

            errorManager.reportError(resourceManger, dataResult, "doLogin.exception", e);
        }

        return dataResult;
    }

    @Override
    public BasicResult doLogout(final UserSession userSession) {
        BasicResult basicResult = new BasicResult();

        Session session = null;
        Transaction transaction = null;

        try {
            session = HibernateUtil.getSession();
            transaction = session.beginTransaction();

            // Deleting the user session
            UserSession previousSession = (UserSession) session.createCriteria(UserSession.class)
                    .add(Restrictions.eq("user", userSession.getUser()))
                    .add(Restrictions.eq("key", userSession.getKey())).uniqueResult();

            if (previousSession != null) {
                session.delete(previousSession.getClass().getSimpleName(), previousSession);
            }

            basicResult.setSuccess(true);
            basicResult.setMessage(AuthenticationManagerDB.resourceManger.getMessage("doLogout.success"));

            transaction.commit();
        } catch (Exception e) {
            if (transaction != null && transaction.isActive()) {
                transaction.rollback();
            }

            errorManager.reportError(resourceManger, basicResult, "doLogout", e);
        }

        return basicResult;
    }

    @Override
    public BasicResult checkSession(final UserSession userSession) {
        BasicResult checkSessionResult = new BasicResult();

        Session session = null;
        Transaction transaction = null;

        UserSession sessionToCheck = null;

        try {
            session = HibernateUtil.getSession();
            transaction = session.beginTransaction();

            sessionToCheck = (UserSession) HibernateUtil.getSession().createCriteria(UserSession.class)
                    .add(Restrictions.eq("user", userSession.getUser()))
                    .add(Restrictions.eq("key", userSession.getKey())).uniqueResult();

            if (sessionToCheck == null) {
                // The session does not exist, so is not valid
                checkSessionResult.setResultCode(BasicResult.SESSION_INVALID);
                logger.trace("Invalod session. Please login again");
            } else {
                // Checking if the session has expired
                Date currentDate = new Date();
                if (currentDate.before(sessionToCheck.getExpireDate())) {
                    // The session is valid updating the expire Date
                    int sessionTimeout = abiConfig.getSessionTimeout();
                    long expireMilis = new Date().getTime() + sessionTimeout * 60 * 1000;
                    Date expireDate = new Date(expireMilis);
                    sessionToCheck.setExpireDate(expireDate);

                    session.update(sessionToCheck);

                    checkSessionResult.setSuccess(true);
                    checkSessionResult
                            .setMessage(AuthenticationManagerDB.resourceManger.getMessage("checkSession.success"));
                } else {
                    // The session has time out. Deleting the session from Data Base
                    session.delete(sessionToCheck);

                    checkSessionResult.setResultCode(BasicResult.SESSION_TIMEOUT);
                    logger.trace("Session expired. Please login again");
                }

            }

            transaction.commit();
        } catch (Exception e) {
            if (transaction != null && transaction.isActive()) {
                transaction.rollback();
            }

            logger.trace("Unexpected error while checking the user session", e);
        }

        return checkSessionResult;
    }

    @Override
    public boolean isLoggedIn(final String username) {
        List<UserSession> sessions = findAllSessions(username);
        return sessions != null && !sessions.isEmpty();
    }

    @SuppressWarnings("unchecked")
    @Override
    public List<UserSession> findAllSessions(final String username) {
        Session session = null;
        Transaction transaction = null;
        List<UserSession> sessions = null;

        try {
            session = HibernateUtil.getSession();
            transaction = session.beginTransaction();

            sessions = session.createCriteria(UserSession.class).add(Restrictions.eq("user", username)).list();

            transaction.commit();
        } catch (Exception ex) {
            if (transaction != null && transaction.isActive()) {
                transaction.rollback();
            }

            BasicResult checkSessionResult = new BasicResult();
            checkSessionResult.setSuccess(false);

            errorManager.reportError(resourceManger, checkSessionResult, "checkSession.exception", ex);
        }

        return sessions;
    }

    /**
     * gets a user from DB given the credentials.
     * 
     * @param login The user credentials.
     * @param session The Hibernate session.
     * @return The user.
     */
    private UserHB getUser(final Login login, final Session session) {
        // Checking if a user exists for the given credentials (remeber to check that the user
        String customQuery = "SELECT * FROM user WHERE user= :user AND password= :password";

        Query query = session.createSQLQuery(customQuery).addEntity(UserHB.class);
        query.setString("user", login.getUser());
        query.setString("password", login.getPassword());
        return (UserHB) query.uniqueResult();
    }

    /**
     * Gets the user from DB using the authentication Token information.
     * 
     * @param login The object with the token information.
     * @param session The Hibernate session.
     * @return The user.
     */
    private UserHB getUserUsingToken(final Login login, final Session session) throws Exception {
        // Get token data
        String[] token = TokenUtils.getTokenFields(login.getAuthToken());
        String tokenUser = TokenUtils.getTokenUser(token);
        long tokenExpiration = TokenUtils.getTokenExpiration(token);
        String tokenSignature = TokenUtils.getTokenSignature(token);

        // Check token expiration
        if (TokenUtils.isTokenExpired(tokenExpiration)) {
            throw new Exception("Authentication token has expired.");
        }

        // Get the token user from db
        String customQuery = "SELECT * FROM user WHERE user= :user";
        Query query = session.createSQLQuery(customQuery).addEntity(UserHB.class);
        query.setString("user", tokenUser);
        UserHB userHB = (UserHB) query.uniqueResult();

        if (userHB != null) {
            // Validate credentials with the token
            String signature = TokenUtils.makeTokenSignature(tokenExpiration, userHB.getUser(),
                    userHB.getPassword());

            if (!signature.equals(tokenSignature)) {
                return null;
            }
        }

        return userHB;
    }

}