Java tutorial
/* * Licensed to csti consulting * You may obtain a copy of the License at * * http://www.csticonsulting.com * Copyright (c) 2006-Aug 24, 2010 Consultation CS-TI inc. * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package com.salesmanager.core.module.impl.application.logon; import java.util.Set; import javax.security.auth.Subject; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import com.salesmanager.core.constants.ErrorConstants; import com.salesmanager.core.constants.SecurityConstants; import com.salesmanager.core.entity.customer.Customer; import com.salesmanager.core.module.model.application.CustomerLogonModule; import com.salesmanager.core.service.ServiceException; import com.salesmanager.core.service.ServiceFactory; import com.salesmanager.core.service.customer.CustomerService; import com.salesmanager.core.util.EncryptionUtil; public class CustomerJAASLogonImpl implements CustomerLogonModule { private static final String LOGIN_CONTEXT_CONFIG_NAME = "Login"; private static final String AUTH_TOKEN_SEPERATOR = ":"; private Logger log = Logger.getLogger(CustomerJAASLogonImpl.class); private CustomerService customerService = null; public void logout(HttpServletRequest request) throws ServiceException { LoginContext context = null; SalesManagerJAASConfiguration jaasc = new SalesManagerJAASConfiguration( "com.salesmanager.core.module.impl.application.logon.JAASSecurityCustomerLoginModule"); try { HttpSession session = request.getSession(); context = (LoginContext) session.getAttribute("LOGINCONTEXT"); if (context != null) { context.logout(); } session.removeAttribute("PRINCIPAL"); session.removeAttribute("LOGINCONTEXT"); } catch (Exception e) { throw new RuntimeException("Unable to Create Logout Context, configuration file may be missing", e); } } public Customer logon(HttpServletRequest request, int merchantId) throws ServiceException { String username = request.getParameter("username"); String password = request.getParameter("password"); if (StringUtils.isBlank(username) || StringUtils.isBlank(password)) { throw new ServiceException("Invalid username & password", ErrorConstants.INVALID_CREDENTIALS); } logout(request); if (isValidLogin(request, username, password, merchantId)) { CustomerService customerService = (CustomerService) ServiceFactory .getService(ServiceFactory.CustomerService); Customer customer = null; try { // retreive a Customer String encPassword = EncryptionUtil.encrypt( EncryptionUtil.generatekey(String.valueOf(SecurityConstants.idConstant)), password); customer = customerService.findCustomerbyUserNameAndPassword(username, encPassword, merchantId); } catch (Exception e) { logout(request); throw new ServiceException("Exception while getting Customer " + e); } if (customer == null) { logout(request); throw new ServiceException("Invalid username & password", ErrorConstants.INVALID_CREDENTIALS); } else { return customer; } } else { throw new ServiceException("Invalid username & password", ErrorConstants.INVALID_CREDENTIALS); } } private boolean isValidLogin(HttpServletRequest req, String username, String password, int merchantId) { LoginContext context = null; try { // 1) using jaas.conf // context = new LoginContext(LOGIN_CONTEXT_CONFIG_NAME,new // CustomerLoginCallBackHandler(username,password)); // 2) programaticaly created jaas.conf equivalent SalesManagerJAASConfiguration jaasc = new SalesManagerJAASConfiguration( "com.salesmanager.core.module.impl.application.logon.JAASSecurityCustomerLoginModule"); context = new LoginContext(LOGIN_CONTEXT_CONFIG_NAME, null, new CustomerLoginCallBackHandler(username, password, merchantId), jaasc); } catch (Exception e) { e.printStackTrace(); throw new RuntimeException("Unable to Create Login Context, configuration file may be missing", e); /** * needs a jaas.conf file in the startup script Logon { * com.salesmanager.core.module.impl.application.logon. * JAASSecurityCustomerLoginModule required; }; and this parameter * -Djava.security.auth.login.config=jaas.conf */ } if (context != null) { try { context.login(); Subject s = context.getSubject(); if (s != null) { Set principals = s.getPrincipals(); } // Create a principal UserPrincipal principal = new UserPrincipal(username); HttpSession session = req.getSession(); session.setAttribute("PRINCIPAL", principal); session.setAttribute("LOGINCONTEXT", context); return true; } catch (LoginException e) { e.printStackTrace(); return false; } } return false; } public String getUser(HttpServletRequest request) throws ServiceException { return null; } public boolean isUserInRole(HttpServletRequest request, String role) throws ServiceException { return false; } public String getAuthToken(Customer customer, long timeOutMillis) { String authToken = null; try { // Generate Key and Auth Token which has a timeout interval and Auth // token is encrypted. // AUTH TOKEN = GENERATED KEY + ENCRYPED (USER EMAIL + SEPERATOR + // TIMEOUTMILLIS) String key = EncryptionUtil.generatekey(String.valueOf(SecurityConstants.idConstant)); authToken = key + AUTH_TOKEN_SEPERATOR + EncryptionUtil.encrypt(key, customer.getEmail() + AUTH_TOKEN_SEPERATOR + (System.currentTimeMillis() + timeOutMillis)); } catch (Exception e) { e.printStackTrace(); } return authToken; } public void resetPassword(Customer customer, String currentPassword, String newPassword) throws ServiceException { CustomerService customerService = (CustomerService) ServiceFactory .getService(ServiceFactory.CustomerService); try { boolean change = customerService.changeCustomerPassword(customer, currentPassword, newPassword); if (!change) { throw new ServiceException("Password do not match ", ErrorConstants.INVALID_CREDENTIALS); } } catch (Exception e) { throw new ServiceException("Exception while getting Customer " + e); } } public boolean isValidAuthToken(String authToken) { if (!StringUtils.isBlank(authToken)) { if (authToken.indexOf(AUTH_TOKEN_SEPERATOR) != -1) { String key = authToken.substring(0, authToken.indexOf(AUTH_TOKEN_SEPERATOR)); String value = authToken.substring(authToken.indexOf(AUTH_TOKEN_SEPERATOR) + 1, authToken.length()); try { String decryptedToken = EncryptionUtil.decrypt(key, value).trim(); if (decryptedToken.indexOf(AUTH_TOKEN_SEPERATOR) != -1) { String[] strArr = decryptedToken.split(AUTH_TOKEN_SEPERATOR); String username = strArr[0]; long timeout = Long.parseLong(strArr[1]); if (customerService.findCustomerByEmail(username) != null) { if ((System.currentTimeMillis()) < timeout) { return true; } else { return false; } } } } catch (Exception e) { e.printStackTrace(); } } } return false; } public CustomerService getCustomerService() { return customerService; } public void setCustomerService(CustomerService customerService) { this.customerService = customerService; } }